[security-dev 00322]: Re: ECC pkcs#11 bug

Lars Silvén lars at primekey.se
Thu Sep 18 12:02:58 UTC 2008 

Hi Brad,

Do you have everything you need to fix the bug. Or is there anything more I could do to help.

I have now also tested the nCipher HSM. To get their p11 working my patch had to be applied.

Do you have any idea when we the fix could be released?


Best Regards

Brad Wetmore wrote:
> 
> 
> Lars Silvén wrote:
>> Hi Brad,
>>
>> I have written a simple application that illustrates the problem:
>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>
>> But you need a p11 module with ECC capability to run it. Do you have one?
> 
> Yes.
> 
>> If not I could investigate if one of our HSM vendors could send you one.
>> Also to verify that the public key actually is usable a JCA provider
>> with ECC is needed.
> 
> I'm going to be working on adding ECC to the JCE provider for JDK 7.
> 
> Thanks for the case.
> 
> Brad
> 
> 
>  But for that you could use BouncyCastle.
>>
>> Start running the application without parameters and then you get a
>> description of needed parameters.
>>
>> Lars
>>
>>
>> Brad Wetmore wrote:
>>> Great, thanks for doing so.
>>>
>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>> have a standalone test case for this already?  See step 3 of the
>>> contribute page.  If you do but you don't have it in jtreg format, I can
>>> get it into the jtreg format.
>>>
>>> Brad
>>>
>>>
>>> Lars Silvén wrote:
>>>> Here is my SCA!
>>>>
>>>> //Lars
>>>>
>>>>
>>>> Brad Wetmore wrote:
>>>>> Hi Lars,
>>>>>
>>>>>> I have created a patch that is fixing the problem:
>>>>> This is Brad Wetmore, I am the Security group Moderator, and also the
>>>>> person who will be handling this when I get back to working on the
>>>>> Java
>>>>> ECC implementation.
>>>>>
>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>> signed copy of the Sun Contribution Agreement in place.  This is done
>>>>> for your protection as well as the Sun's and the OpenJDK community's.
>>>>>
>>>>> Please see the following link for more information:
>>>>>
>>>>>     http://openjdk.java.net/contribute/
>>>>>
>>>>> The Signatories of the SCA are eligible to donate code to all products
>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>> contribute code to any Sun-sponsored open source project.
>>>>>
>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>> database yet, just let me know.
>>>>>
>>>>> Discussions of the problem is fine, it's just the source that we can't
>>>>> take at this point.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Brad
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lars.vcf
Type: text/x-vcard
Size: 296 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20080918/b1dfd996/lars.vcf>

More information about the security-dev mailing list