[security-dev 00331]: Re: ECC pkcs#11 bug

Lars Silvén lars at primekey.se
Thu Sep 25 20:46:27 UTC 2008


Hello,

Thank you for taking care of this.
We want this fix in both JDK 6 and 7. I like to know the release date for the
fix in both versions if possible.

Lars

Brad Wetmore wrote:
> 
> 
> Lars Silvén wrote:
>> Hi Brad,
>>
>> Do you have everything you need to fix the bug.
> 
> I believe so.  I haven't started looking at it closely yet, I'm still
> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
> bottle washer for several projects here.
> 
>> Or is there anything more I could do to help.
>>
>> I have now also tested the nCipher HSM. To get their p11 working my
>> patch had to be applied.
>>
>> Do you have any idea when we the fix could be released?
> 
> Are you looking for JDK7, or 6?
> 
> Brad
> 
>>
>> Best Regards
>>
>> Brad Wetmore wrote:
>>>
>>> Lars Silvén wrote:
>>>> Hi Brad,
>>>>
>>>> I have written a simple application that illustrates the problem:
>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>
>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>> one?
>>> Yes.
>>>
>>>> If not I could investigate if one of our HSM vendors could send you
>>>> one.
>>>> Also to verify that the public key actually is usable a JCA provider
>>>> with ECC is needed.
>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>
>>> Thanks for the case.
>>>
>>> Brad
>>>
>>>
>>>  But for that you could use BouncyCastle.
>>>> Start running the application without parameters and then you get a
>>>> description of needed parameters.
>>>>
>>>> Lars
>>>>
>>>>
>>>> Brad Wetmore wrote:
>>>>> Great, thanks for doing so.
>>>>>
>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>> have a standalone test case for this already?  See step 3 of the
>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>> I can
>>>>> get it into the jtreg format.
>>>>>
>>>>> Brad
>>>>>
>>>>>
>>>>> Lars Silvén wrote:
>>>>>> Here is my SCA!
>>>>>>
>>>>>> //Lars
>>>>>>
>>>>>>
>>>>>> Brad Wetmore wrote:
>>>>>>> Hi Lars,
>>>>>>>
>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>> the
>>>>>>> person who will be handling this when I get back to working on the
>>>>>>> Java
>>>>>>> ECC implementation.
>>>>>>>
>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>> done
>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>> community's.
>>>>>>>
>>>>>>> Please see the following link for more information:
>>>>>>>
>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>
>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>> products
>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>
>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>> database yet, just let me know.
>>>>>>>
>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>> can't
>>>>>>> take at this point.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Brad
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2446 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20080925/8749988f/smime.p7s>


More information about the security-dev mailing list