[security-dev 00331]: Re: ECC pkcs#11 bug
Lars Silvén
lars at primekey.se
Thu Sep 25 20:46:27 UTC 2008
Hello,
Thank you for taking care of this.
We want this fix in both JDK 6 and 7. I like to know the release date for the
fix in both versions if possible.
Lars
Brad Wetmore wrote:
>
>
> Lars Silvén wrote:
>> Hi Brad,
>>
>> Do you have everything you need to fix the bug.
>
> I believe so. I haven't started looking at it closely yet, I'm still
> mopping up several fires. Unfortunately, I'm the chef, busboy, and
> bottle washer for several projects here.
>
>> Or is there anything more I could do to help.
>>
>> I have now also tested the nCipher HSM. To get their p11 working my
>> patch had to be applied.
>>
>> Do you have any idea when we the fix could be released?
>
> Are you looking for JDK7, or 6?
>
> Brad
>
>>
>> Best Regards
>>
>> Brad Wetmore wrote:
>>>
>>> Lars Silvén wrote:
>>>> Hi Brad,
>>>>
>>>> I have written a simple application that illustrates the problem:
>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>
>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>> one?
>>> Yes.
>>>
>>>> If not I could investigate if one of our HSM vendors could send you
>>>> one.
>>>> Also to verify that the public key actually is usable a JCA provider
>>>> with ECC is needed.
>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>
>>> Thanks for the case.
>>>
>>> Brad
>>>
>>>
>>> But for that you could use BouncyCastle.
>>>> Start running the application without parameters and then you get a
>>>> description of needed parameters.
>>>>
>>>> Lars
>>>>
>>>>
>>>> Brad Wetmore wrote:
>>>>> Great, thanks for doing so.
>>>>>
>>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do you
>>>>> have a standalone test case for this already? See step 3 of the
>>>>> contribute page. If you do but you don't have it in jtreg format,
>>>>> I can
>>>>> get it into the jtreg format.
>>>>>
>>>>> Brad
>>>>>
>>>>>
>>>>> Lars Silvén wrote:
>>>>>> Here is my SCA!
>>>>>>
>>>>>> //Lars
>>>>>>
>>>>>>
>>>>>> Brad Wetmore wrote:
>>>>>>> Hi Lars,
>>>>>>>
>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>> the
>>>>>>> person who will be handling this when I get back to working on the
>>>>>>> Java
>>>>>>> ECC implementation.
>>>>>>>
>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>> signed copy of the Sun Contribution Agreement in place. This is
>>>>>>> done
>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>> community's.
>>>>>>>
>>>>>>> Please see the following link for more information:
>>>>>>>
>>>>>>> http://openjdk.java.net/contribute/
>>>>>>>
>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>> products
>>>>>>> and projects owned or managed by Sun: signing it once means you can
>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>
>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>> database yet, just let me know.
>>>>>>>
>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>> can't
>>>>>>> take at this point.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Brad
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2446 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20080925/8749988f/smime.p7s>
More information about the security-dev
mailing list