[security-dev 01282]: Re: ECC pkcs#11 bug]

Tomas Gustavsson tomas at primekey.se
Tue Oct 6 04:28:04 PDT 2009

Hi Andrew,

I guess no bug Id was created after all.
The issue is that the pkcs#11 library returns a tag-length-value
encoding for an EC public key, but the Sun provider expects something
else. So when trying to read the public key from pkcs#11 we get an

The patch, which is very small and backwards compatible (if there are
pkcs#11's that does return the value originally expected), can be found

A simple test case:

We've been in contact with an HSM vendor (Utimaco) and they claim that
the tag-length-value is the right way. Since we tested this with several
different HSMs it seems they are in agreement as well :-)
(I can forward their explanation as well if needed).

Kind regards,

PS: Lars (who is my collegue) has completed the "Sun Contribution

Andrew John Hughes wrote:
> 2009/10/5 Tomas Gustavsson <tomas at primekey.se>:
>> Hi Vincent and Brad,
>> I'm not sure how things are at Sun currently. We work with Sun here in
>> Sweden so we've heard a bit about wait with the Oracle story.
>> Anyhow I just want to let you know that if anyone is still working on
>> crypto that this bug is very annoying, and affect all existing HSMs as
>> far as I can see. ECC is rolling out pretty wide in europe now with new
>> electronic passports and other ecc cards.
>> So getting this fixed would be quite welcome, it's a small fix. I've
>> tested it on SafeNet HSMs myself right now.
>> Kind regards,
>> Tomas Gustavsson
>> PrimeKey Solutions AB
>> Lars Silvén wrote:
>>> -------- Forwarded Message --------
>>> From: Brad Wetmore <Bradford.Wetmore at Sun.COM>
>>> To: Lars Silvén <lars at primekey.se>
>>> Cc: security-dev at openjdk.java.net, Vinnie Ryan <Vincent.Ryan at Sun.COM>
>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug
>>> Date: Thu, 05 Feb 2009 11:34:49 -0800
>>> Hi Lars,
>>> I was hoping that Vincent Ryan had already contacted you about this.
>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance,
>>> which is rolling out very soon.  Vincent took over the ECC work late
>>> last year along with your submission.  The short answer is, between a
>>> lengthy customer escalation and bugzilla, I've been so heads down for
>>> the last 4 months, I'm not sure how far he's gotten.
>>> Vinnie, can you provide more info?
>>> Brad
>>> Lars Silvén wrote:
>>>> Brad,
>>>> Any news about the p11 ECC bug.
>>>> When will it be fixed?
>>>> Best Regards,
>>>> Lars
>>>> Lars Silvén wrote:
>>>>> Hello,
>>>>> Thank you for taking care of this.
>>>>> We want this fix in both JDK 6 and 7. I like to know the release date for the
>>>>> fix in both versions if possible.
>>>>> Lars
>>>>> Brad Wetmore wrote:
>>>>>> Lars Silvén wrote:
>>>>>>> Hi Brad,
>>>>>>> Do you have everything you need to fix the bug.
>>>>>> I believe so.  I haven't started looking at it closely yet, I'm still
>>>>>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>>>>>> bottle washer for several projects here.
>>>>>>> Or is there anything more I could do to help.
>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my
>>>>>>> patch had to be applied.
>>>>>>> Do you have any idea when we the fix could be released?
>>>>>> Are you looking for JDK7, or 6?
>>>>>> Brad
>>>>>>> Best Regards
>>>>>>> Brad Wetmore wrote:
>>>>>>>> Lars Silvén wrote:
>>>>>>>>> Hi Brad,
>>>>>>>>> I have written a simple application that illustrates the problem:
>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>>>>>> one?
>>>>>>>> Yes.
>>>>>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>>>>>> one.
>>>>>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>>>>>> with ECC is needed.
>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>>>>> Thanks for the case.
>>>>>>>> Brad
>>>>>>>>  But for that you could use BouncyCastle.
>>>>>>>>> Start running the application without parameters and then you get a
>>>>>>>>> description of needed parameters.
>>>>>>>>> Lars
>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>> Great, thanks for doing so.
>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>>>>>> I can
>>>>>>>>>> get it into the jtreg format.
>>>>>>>>>> Brad
>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>> Here is my SCA!
>>>>>>>>>>> //Lars
>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>> Hi Lars,
>>>>>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>>>>>> the
>>>>>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>>>>>> Java
>>>>>>>>>>>> ECC implementation.
>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>>>>>> done
>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>>>>>> community's.
>>>>>>>>>>>> Please see the following link for more information:
>>>>>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>>>>>> products
>>>>>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>>>>>> database yet, just let me know.
>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>>>>>> can't
>>>>>>>>>>>> take at this point.
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Brad
>>>>>>>>>>> ------------------------------------------------------------------------
> What bug are we discussing here? I don't see any patch or bug ID.

More information about the security-dev mailing list