[jdk11u-dev] RFR: 8026976: ECParameters, Point does not match field size

Taizo Kurashige duke at openjdk.org
Fri Mar 7 05:05:04 UTC 2025 

On Mon, 24 Feb 2025 15:23:23 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:

>> @martinuy @franferrax Could you please take a look at this backport and see if that makes sense to bring to 11u at this stage of where 11u is currently? Thanks!
>
>> @jerboaa: in my view this is a minor and clean backport. 11u already contains [e6e820c](https://github.com/openjdk/jdk11u-dev/commit/e6e820c6474e3608abe4e08698097d06dda2900e), which is partial/incomplete without this change.
>> 
>> I agree that the risk is low considering this affects _SunPKCS11_, a security provider that is disabled by default.
>> 
>> The test removed from `ProblemList.txt` (`sun/security/pkcs11/ec/TestKeyFactory.java`) is now passing (I checked this in a local slowdebug build of this PR code). This test fails with the current version of NSS and without this PR change, meaning this bug may be being hit by users:
>> 
>> ```
>> java.security.spec.InvalidKeySpecException: Could not parse key
>> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:300)
>> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyFactory.engineGetKeySpec(P11KeyFactory.java:94)
>> 	at java.base/java.security.KeyFactory.getKeySpec(KeyFactory.java:433)
>> 	at TestKeyFactory.testPublic(TestKeyFactory.java:83)
>> 	at TestKeyFactory.test(TestKeyFactory.java:117)
>> 	at TestKeyFactory.main(TestKeyFactory.java:146)
>> 	at PKCS11Test.premain(PKCS11Test.java:907)
>> 	at PKCS11Test.testNSS(PKCS11Test.java:605)
>> 	at PKCS11Test.main(PKCS11Test.java:254)
>> 	at TestKeyFactory.main(TestKeyFactory.java:124)
>> 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> 	at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
>> 	at java.base/java.lang.Thread.run(Thread.java:829)
>> Caused by: java.io.IOException: Point does not match field size
>> 	at java.base/sun.security.util.ECUtil.decodePoint(ECUtil.java:48)
>> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:89)
>> 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.implGetPublicKeySpec(P11ECKeyFactory.java:297)
>> 	... 15 more
>> ```
> 
> OK, thanks. That's helpful.

@jerboaa 

I recognize that [JDK-8026976](https://bugs.openjdk.org/browse/JDK-8026976) requires a maintainer approval.
I'm sorry to bother you, but could you approve?

Thanks.

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2958#issuecomment-2705536391

More information about the jdk-updates-dev mailing list