[security-dev 01278]: Re: ECC pkcs#11 bug]

Andrew John Hughes gnu_andrew at member.fsf.org
Tue Oct 6 05:30:41 PDT 2009

2009/10/6 Tomas Gustavsson <tomas at primekey.se>:
> Hi Andrew,
> I guess no bug Id was created after all.
> The issue is that the pkcs#11 library returns a tag-length-value
> encoding for an EC public key, but the Sun provider expects something
> else. So when trying to read the public key from pkcs#11 we get an
> exception.
> The patch, which is very small and backwards compatible (if there are
> pkcs#11's that does return the value originally expected), can be found
> here:
> http://bunny.primekey.se/~lars/sunP11Bug/patch.txt
> A simple test case:
> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
> We've been in contact with an HSM vendor (Utimaco) and they claim that
> the tag-length-value is the right way. Since we tested this with several
> different HSMs it seems they are in agreement as well :-)
> (I can forward their explanation as well if needed).
> Kind regards,
> Tomas
> PS: Lars (who is my collegue) has completed the "Sun Contribution
> Agreement".
> Andrew John Hughes wrote:
>> 2009/10/5 Tomas Gustavsson <tomas at primekey.se>:
>>> Hi Vincent and Brad,
>>> I'm not sure how things are at Sun currently. We work with Sun here in
>>> Sweden so we've heard a bit about wait with the Oracle story.
>>> Anyhow I just want to let you know that if anyone is still working on
>>> crypto that this bug is very annoying, and affect all existing HSMs as
>>> far as I can see. ECC is rolling out pretty wide in europe now with new
>>> electronic passports and other ecc cards.
>>> So getting this fixed would be quite welcome, it's a small fix. I've
>>> tested it on SafeNet HSMs myself right now.
>>> Kind regards,
>>> Tomas Gustavsson
>>> PrimeKey Solutions AB
>>> Lars Silvén wrote:
>>>> -------- Forwarded Message --------
>>>> From: Brad Wetmore <Bradford.Wetmore at Sun.COM>
>>>> To: Lars Silvén <lars at primekey.se>
>>>> Cc: security-dev at openjdk.java.net, Vinnie Ryan <Vincent.Ryan at Sun.COM>
>>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug
>>>> Date: Thu, 05 Feb 2009 11:34:49 -0800
>>>> Hi Lars,
>>>> I was hoping that Vincent Ryan had already contacted you about this.
>>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance,
>>>> which is rolling out very soon.  Vincent took over the ECC work late
>>>> last year along with your submission.  The short answer is, between a
>>>> lengthy customer escalation and bugzilla, I've been so heads down for
>>>> the last 4 months, I'm not sure how far he's gotten.
>>>> Vinnie, can you provide more info?
>>>> Brad
>>>> Lars Silvén wrote:
>>>>> Brad,
>>>>> Any news about the p11 ECC bug.
>>>>> When will it be fixed?
>>>>> Best Regards,
>>>>> Lars
>>>>> Lars Silvén wrote:
>>>>>> Hello,
>>>>>> Thank you for taking care of this.
>>>>>> We want this fix in both JDK 6 and 7. I like to know the release date for the
>>>>>> fix in both versions if possible.
>>>>>> Lars
>>>>>> Brad Wetmore wrote:
>>>>>>> Lars Silvén wrote:
>>>>>>>> Hi Brad,
>>>>>>>> Do you have everything you need to fix the bug.
>>>>>>> I believe so.  I haven't started looking at it closely yet, I'm still
>>>>>>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>>>>>>> bottle washer for several projects here.
>>>>>>>> Or is there anything more I could do to help.
>>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my
>>>>>>>> patch had to be applied.
>>>>>>>> Do you have any idea when we the fix could be released?
>>>>>>> Are you looking for JDK7, or 6?
>>>>>>> Brad
>>>>>>>> Best Regards
>>>>>>>> Brad Wetmore wrote:
>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>> Hi Brad,
>>>>>>>>>> I have written a simple application that illustrates the problem:
>>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>>>>>>> one?
>>>>>>>>> Yes.
>>>>>>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>>>>>>> one.
>>>>>>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>>>>>>> with ECC is needed.
>>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>>>>>> Thanks for the case.
>>>>>>>>> Brad
>>>>>>>>>  But for that you could use BouncyCastle.
>>>>>>>>>> Start running the application without parameters and then you get a
>>>>>>>>>> description of needed parameters.
>>>>>>>>>> Lars
>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>> Great, thanks for doing so.
>>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>>>>>>> I can
>>>>>>>>>>> get it into the jtreg format.
>>>>>>>>>>> Brad
>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>> Here is my SCA!
>>>>>>>>>>>> //Lars
>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>> Hi Lars,
>>>>>>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>>>>>>> the
>>>>>>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>>>>>>> Java
>>>>>>>>>>>>> ECC implementation.
>>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>>>>>>> done
>>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>>>>>>> community's.
>>>>>>>>>>>>> Please see the following link for more information:
>>>>>>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>>>>>>> products
>>>>>>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>>>>>>> database yet, just let me know.
>>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>>>>>>> can't
>>>>>>>>>>>>> take at this point.
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Brad
>>>>>>>>>>>> ------------------------------------------------------------------------
>> What bug are we discussing here? I don't see any patch or bug ID.

Ah, this sounds like a similar, if not the same bug as 6763530 which
we discussed here:


I posted a patch for this some time ago, as you can see from the
discussion, and then a revised version based on Michael StJohn's patch


but it has not yet been accepted into OpenJDK.  The bug is due to the
data being DER encoded.  DER octet streams also start with a 4 but the
length is different from that expected by the current code.  The bug
is triggered when newer versions of the NSS library are used for ECC
Andrew :-)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and the OpenJDK

PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

More information about the security-dev mailing list