[security-dev 00550]: Re: ECC pkcs#11 bug

Lars Silvén lars at primekey.se
Thu Feb 5 12:40:14 UTC 2009


Brad,

Any news about the p11 ECC bug.

When will it be fixed?


Best Regards,
Lars



Lars Silvén wrote:
> Hello,
> 
> Thank you for taking care of this.
> We want this fix in both JDK 6 and 7. I like to know the release date for the
> fix in both versions if possible.
> 
> Lars
> 
> Brad Wetmore wrote:
>>
>> Lars Silvén wrote:
>>> Hi Brad,
>>>
>>> Do you have everything you need to fix the bug.
>> I believe so.  I haven't started looking at it closely yet, I'm still
>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>> bottle washer for several projects here.
>>
>>> Or is there anything more I could do to help.
>>>
>>> I have now also tested the nCipher HSM. To get their p11 working my
>>> patch had to be applied.
>>>
>>> Do you have any idea when we the fix could be released?
>> Are you looking for JDK7, or 6?
>>
>> Brad
>>
>>> Best Regards
>>>
>>> Brad Wetmore wrote:
>>>> Lars Silvén wrote:
>>>>> Hi Brad,
>>>>>
>>>>> I have written a simple application that illustrates the problem:
>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>
>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>> one?
>>>> Yes.
>>>>
>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>> one.
>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>> with ECC is needed.
>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>
>>>> Thanks for the case.
>>>>
>>>> Brad
>>>>
>>>>
>>>>  But for that you could use BouncyCastle.
>>>>> Start running the application without parameters and then you get a
>>>>> description of needed parameters.
>>>>>
>>>>> Lars
>>>>>
>>>>>
>>>>> Brad Wetmore wrote:
>>>>>> Great, thanks for doing so.
>>>>>>
>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>> I can
>>>>>> get it into the jtreg format.
>>>>>>
>>>>>> Brad
>>>>>>
>>>>>>
>>>>>> Lars Silvén wrote:
>>>>>>> Here is my SCA!
>>>>>>>
>>>>>>> //Lars
>>>>>>>
>>>>>>>
>>>>>>> Brad Wetmore wrote:
>>>>>>>> Hi Lars,
>>>>>>>>
>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>> the
>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>> Java
>>>>>>>> ECC implementation.
>>>>>>>>
>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>> done
>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>> community's.
>>>>>>>>
>>>>>>>> Please see the following link for more information:
>>>>>>>>
>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>
>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>> products
>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>
>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>> database yet, just let me know.
>>>>>>>>
>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>> can't
>>>>>>>> take at this point.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Brad
>>>>>>> ------------------------------------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lars.vcf
Type: text/x-vcard
Size: 322 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20090205/fe700bbb/lars.vcf>


More information about the security-dev mailing list