[security-dev 00304]: Re: ECC pkcs#11 bug

Lars Silvén lars at primekey.se
Mon Sep 15 15:51:13 UTC 2008


Hi Brad,

I have written a simple application that illustrates the problem: http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java

But you need a p11 module with ECC capability to run it. Do you have one? If not I could investigate if one of our HSM vendors could send you one.
Also to verify that the public key actually is usable a JCA provider with ECC is needed. But for that you could use BouncyCastle.

Start running the application without parameters and then you get a description of needed parameters.

Lars


Brad Wetmore wrote:
> Great, thanks for doing so.
> 
> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
> have a standalone test case for this already?  See step 3 of the
> contribute page.  If you do but you don't have it in jtreg format, I can
> get it into the jtreg format.
> 
> Brad
> 
> 
> Lars Silvén wrote:
>> Here is my SCA!
>>
>> //Lars
>>
>>
>> Brad Wetmore wrote:
>>> Hi Lars,
>>>
>>>> I have created a patch that is fixing the problem:
>>> This is Brad Wetmore, I am the Security group Moderator, and also the
>>> person who will be handling this when I get back to working on the Java
>>> ECC implementation.
>>>
>>> Unfortunately, I can't take your source contribution yet without a
>>> signed copy of the Sun Contribution Agreement in place.  This is done
>>> for your protection as well as the Sun's and the OpenJDK community's.
>>>
>>> Please see the following link for more information:
>>>
>>>     http://openjdk.java.net/contribute/
>>>
>>> The Signatories of the SCA are eligible to donate code to all products
>>> and projects owned or managed by Sun:  signing it once means you can
>>> contribute code to any Sun-sponsored open source project.
>>>
>>> If you have recently signed it and it hasn't yet appeared in our
>>> database yet, just let me know.
>>>
>>> Discussions of the problem is fine, it's just the source that we can't
>>> take at this point.
>>>
>>> Thanks,
>>>
>>> Brad
>>
>>
>> ------------------------------------------------------------------------
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lars.vcf
Type: text/x-vcard
Size: 296 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20080915/64f6de91/lars.vcf>


More information about the security-dev mailing list