[jdk11u-dev] RFR: 8026976: ECParameters, Point does not match field size

Francisco Ferrari Bihurriet fferrari at openjdk.org
Mon Feb 24 15:03:06 UTC 2025 

On Thu, 20 Feb 2025 16:39:36 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:

>> Hi all,
>> 
>> This is a backport of JDK-8026976: ECParameters, Point does not match field size
>> 
>> Original patch apply cleanly to 11u.
>> 
>> Testing: jdk/sun/security/pkcs11 tests on RHEL9, GHA testing
>> 
>> Thanks.
>
> @martinuy @franferrax Could you please take a look at this backport and see if that makes sense to bring to 11u at this stage of where 11u is currently? Thanks!

@jerboaa: in my view this is a minor and clean backport. 11u already contains e6e820c6474e3608abe4e08698097d06dda2900e, which is partial/incomplete without this change.

I agree that the risk is low considering this affects _SunPKCS11_, a security provider that is disabled by default.

The test removed from `ProblemList.txt` (`sun/security/pkcs11/ec/TestKeyFactory.java`) is now passing (I checked this in a local slowdebug build of this PR code). This test fails with the current version of NSS and without this PR change, meaning this bug may be being hit by users:


java.security.spec.InvalidKeySpecException: Could not parse key
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:300)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyFactory.engineGetKeySpec(P11KeyFactory.java:94)
	at java.base/java.security.KeyFactory.getKeySpec(KeyFactory.java:433)
	at TestKeyFactory.testPublic(TestKeyFactory.java:83)
	at TestKeyFactory.test(TestKeyFactory.java:117)
	at TestKeyFactory.main(TestKeyFactory.java:146)
	at PKCS11Test.premain(PKCS11Test.java:907)
	at PKCS11Test.testNSS(PKCS11Test.java:605)
	at PKCS11Test.main(PKCS11Test.java:254)
	at TestKeyFactory.main(TestKeyFactory.java:124)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: Point does not match field size
	at java.base/sun.security.util.ECUtil.decodePoint(ECUtil.java:48)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:89)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:297)
	... 15 more

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2958#issuecomment-2678716263

More information about the jdk-updates-dev mailing list