[jdk11u-dev] RFR: 8026976: ECParameters, Point does not match field size

Severin Gehwolf sgehwolf at openjdk.org
Mon Feb 24 15:27:03 UTC 2025 

On Thu, 20 Feb 2025 16:39:36 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:

>> Hi all,
>> 
>> This is a backport of JDK-8026976: ECParameters, Point does not match field size
>> 
>> Original patch apply cleanly to 11u.
>> 
>> Testing: jdk/sun/security/pkcs11 tests on RHEL9, GHA testing
>> 
>> Thanks.
>
> @martinuy @franferrax Could you please take a look at this backport and see if that makes sense to bring to 11u at this stage of where 11u is currently? Thanks!

> @jerboaa: in my view this is a minor and clean backport. 11u already contains [e6e820c](https://github.com/openjdk/jdk11u-dev/commit/e6e820c6474e3608abe4e08698097d06dda2900e), which is partial/incomplete without this change.
> 
> I agree that the risk is low considering this affects _SunPKCS11_, a security provider that is disabled by default.
> 
> The test removed from `ProblemList.txt` (`sun/security/pkcs11/ec/TestKeyFactory.java`) is now passing (I checked this in a local slowdebug build of this PR code). This test fails with the current version of NSS and without this PR change, meaning this bug may be being hit by users:
> 
> ```
> java.security.spec.InvalidKeySpecException: Could not parse key
> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:300)
> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyFactory.engineGetKeySpec(P11KeyFactory.java:94)
> 	at java.base/java.security.KeyFactory.getKeySpec(KeyFactory.java:433)
> 	at TestKeyFactory.testPublic(TestKeyFactory.java:83)
> 	at TestKeyFactory.test(TestKeyFactory.java:117)
> 	at TestKeyFactory.main(TestKeyFactory.java:146)
> 	at PKCS11Test.premain(PKCS11Test.java:907)
> 	at PKCS11Test.testNSS(PKCS11Test.java:605)
> 	at PKCS11Test.main(PKCS11Test.java:254)
> 	at TestKeyFactory.main(TestKeyFactory.java:124)
> 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> 	at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
> 	at java.base/java.lang.Thread.run(Thread.java:829)
> Caused by: java.io.IOException: Point does not match field size
> 	at java.base/sun.security.util.ECUtil.decodePoint(ECUtil.java:48)
> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:89)
> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:297)
> 	... 15 more
> ```

OK, thanks. That's helpful.

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2958#issuecomment-2678791417

More information about the jdk-updates-dev mailing list