[security-dev 00329]: Re: ECC pkcs#11 bug
Brad Wetmore
Bradford.Wetmore at Sun.COM
Thu Sep 25 01:38:40 UTC 2008
Lars Silvén wrote:
> Hi Brad,
>
> Do you have everything you need to fix the bug.
I believe so. I haven't started looking at it closely yet, I'm still
mopping up several fires. Unfortunately, I'm the chef, busboy, and
bottle washer for several projects here.
> Or is there anything more I could do to help.
>
> I have now also tested the nCipher HSM. To get their p11 working my patch had to be applied.
>
> Do you have any idea when we the fix could be released?
Are you looking for JDK7, or 6?
Brad
>
> Best Regards
>
> Brad Wetmore wrote:
>>
>> Lars Silvén wrote:
>>> Hi Brad,
>>>
>>> I have written a simple application that illustrates the problem:
>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>
>>> But you need a p11 module with ECC capability to run it. Do you have one?
>> Yes.
>>
>>> If not I could investigate if one of our HSM vendors could send you one.
>>> Also to verify that the public key actually is usable a JCA provider
>>> with ECC is needed.
>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>
>> Thanks for the case.
>>
>> Brad
>>
>>
>> But for that you could use BouncyCastle.
>>> Start running the application without parameters and then you get a
>>> description of needed parameters.
>>>
>>> Lars
>>>
>>>
>>> Brad Wetmore wrote:
>>>> Great, thanks for doing so.
>>>>
>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do you
>>>> have a standalone test case for this already? See step 3 of the
>>>> contribute page. If you do but you don't have it in jtreg format, I can
>>>> get it into the jtreg format.
>>>>
>>>> Brad
>>>>
>>>>
>>>> Lars Silvén wrote:
>>>>> Here is my SCA!
>>>>>
>>>>> //Lars
>>>>>
>>>>>
>>>>> Brad Wetmore wrote:
>>>>>> Hi Lars,
>>>>>>
>>>>>>> I have created a patch that is fixing the problem:
>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also the
>>>>>> person who will be handling this when I get back to working on the
>>>>>> Java
>>>>>> ECC implementation.
>>>>>>
>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>> signed copy of the Sun Contribution Agreement in place. This is done
>>>>>> for your protection as well as the Sun's and the OpenJDK community's.
>>>>>>
>>>>>> Please see the following link for more information:
>>>>>>
>>>>>> http://openjdk.java.net/contribute/
>>>>>>
>>>>>> The Signatories of the SCA are eligible to donate code to all products
>>>>>> and projects owned or managed by Sun: signing it once means you can
>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>
>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>> database yet, just let me know.
>>>>>>
>>>>>> Discussions of the problem is fine, it's just the source that we can't
>>>>>> take at this point.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Brad
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>
More information about the security-dev
mailing list