[security-dev 01278]: Re: ECC pkcs#11 bug]

Andrew John Hughes gnu_andrew at member.fsf.org
Tue Oct 6 12:30:41 UTC 2009


2009/10/6 Tomas Gustavsson <tomas at primekey.se>:
>
> Hi Andrew,
>
> I guess no bug Id was created after all.
> The issue is that the pkcs#11 library returns a tag-length-value
> encoding for an EC public key, but the Sun provider expects something
> else. So when trying to read the public key from pkcs#11 we get an
> exception.
>
> The patch, which is very small and backwards compatible (if there are
> pkcs#11's that does return the value originally expected), can be found
> here:
> http://bunny.primekey.se/~lars/sunP11Bug/patch.txt
>
> A simple test case:
> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>
> We've been in contact with an HSM vendor (Utimaco) and they claim that
> the tag-length-value is the right way. Since we tested this with several
> different HSMs it seems they are in agreement as well :-)
> (I can forward their explanation as well if needed).
>
> Kind regards,
> Tomas
>
> PS: Lars (who is my collegue) has completed the "Sun Contribution
> Agreement".
>
>
> Andrew John Hughes wrote:
>> 2009/10/5 Tomas Gustavsson <tomas at primekey.se>:
>>> Hi Vincent and Brad,
>>>
>>> I'm not sure how things are at Sun currently. We work with Sun here in
>>> Sweden so we've heard a bit about wait with the Oracle story.
>>>
>>> Anyhow I just want to let you know that if anyone is still working on
>>> crypto that this bug is very annoying, and affect all existing HSMs as
>>> far as I can see. ECC is rolling out pretty wide in europe now with new
>>> electronic passports and other ecc cards.
>>> So getting this fixed would be quite welcome, it's a small fix. I've
>>> tested it on SafeNet HSMs myself right now.
>>>
>>>
>>> Kind regards,
>>> Tomas Gustavsson
>>> PrimeKey Solutions AB
>>>
>>>
>>> Lars Silvén wrote:
>>>> -------- Forwarded Message --------
>>>> From: Brad Wetmore <Bradford.Wetmore at Sun.COM>
>>>> To: Lars Silvén <lars at primekey.se>
>>>> Cc: security-dev at openjdk.java.net, Vinnie Ryan <Vincent.Ryan at Sun.COM>
>>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug
>>>> Date: Thu, 05 Feb 2009 11:34:49 -0800
>>>>
>>>> Hi Lars,
>>>>
>>>> I was hoping that Vincent Ryan had already contacted you about this.
>>>>
>>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance,
>>>> which is rolling out very soon.  Vincent took over the ECC work late
>>>> last year along with your submission.  The short answer is, between a
>>>> lengthy customer escalation and bugzilla, I've been so heads down for
>>>> the last 4 months, I'm not sure how far he's gotten.
>>>>
>>>> Vinnie, can you provide more info?
>>>>
>>>> Brad
>>>>
>>>>
>>>> Lars Silvén wrote:
>>>>> Brad,
>>>>>
>>>>> Any news about the p11 ECC bug.
>>>>>
>>>>> When will it be fixed?
>>>>>
>>>>>
>>>>> Best Regards,
>>>>> Lars
>>>>>
>>>>>
>>>>>
>>>>> Lars Silvén wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Thank you for taking care of this.
>>>>>> We want this fix in both JDK 6 and 7. I like to know the release date for the
>>>>>> fix in both versions if possible.
>>>>>>
>>>>>> Lars
>>>>>>
>>>>>> Brad Wetmore wrote:
>>>>>>> Lars Silvén wrote:
>>>>>>>> Hi Brad,
>>>>>>>>
>>>>>>>> Do you have everything you need to fix the bug.
>>>>>>> I believe so.  I haven't started looking at it closely yet, I'm still
>>>>>>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>>>>>>> bottle washer for several projects here.
>>>>>>>
>>>>>>>> Or is there anything more I could do to help.
>>>>>>>>
>>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my
>>>>>>>> patch had to be applied.
>>>>>>>>
>>>>>>>> Do you have any idea when we the fix could be released?
>>>>>>> Are you looking for JDK7, or 6?
>>>>>>>
>>>>>>> Brad
>>>>>>>
>>>>>>>> Best Regards
>>>>>>>>
>>>>>>>> Brad Wetmore wrote:
>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>> Hi Brad,
>>>>>>>>>>
>>>>>>>>>> I have written a simple application that illustrates the problem:
>>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>>>>>>
>>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>>>>>>> one?
>>>>>>>>> Yes.
>>>>>>>>>
>>>>>>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>>>>>>> one.
>>>>>>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>>>>>>> with ECC is needed.
>>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>>>>>>
>>>>>>>>> Thanks for the case.
>>>>>>>>>
>>>>>>>>> Brad
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  But for that you could use BouncyCastle.
>>>>>>>>>> Start running the application without parameters and then you get a
>>>>>>>>>> description of needed parameters.
>>>>>>>>>>
>>>>>>>>>> Lars
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>> Great, thanks for doing so.
>>>>>>>>>>>
>>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>>>>>>> I can
>>>>>>>>>>> get it into the jtreg format.
>>>>>>>>>>>
>>>>>>>>>>> Brad
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>> Here is my SCA!
>>>>>>>>>>>>
>>>>>>>>>>>> //Lars
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>> Hi Lars,
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>>>>>>> the
>>>>>>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>>>>>>> Java
>>>>>>>>>>>>> ECC implementation.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>>>>>>> done
>>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>>>>>>> community's.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please see the following link for more information:
>>>>>>>>>>>>>
>>>>>>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>>>>>>
>>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>>>>>>> products
>>>>>>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>>>>>>
>>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>>>>>>> database yet, just let me know.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>>>>>>> can't
>>>>>>>>>>>>> take at this point.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Brad
>>>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>
>> What bug are we discussing here? I don't see any patch or bug ID.
>

Ah, this sounds like a similar, if not the same bug as 6763530 which
we discussed here:

http://mail.openjdk.java.net/pipermail/security-dev/2009-September/001252.html

I posted a patch for this some time ago, as you can see from the
discussion, and then a revised version based on Michael StJohn's patch

http://cr.openjdk.java.net/~andrew/6763530/webrev.02/

but it has not yet been accepted into OpenJDK.  The bug is due to the
data being DER encoded.  DER octet streams also start with a 4 but the
length is different from that expected by the current code.  The bug
is triggered when newer versions of the NSS library are used for ECC
support.
-- 
Andrew :-)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net

PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8



More information about the security-dev mailing list