[security-dev 01547]: Re: PING: [PATCH FOR REVIEW]: 6763530: Fix breakage of NSS-based Elliptic Curve Cryptography in OpenJDK6

Erik Trimble erik.trimble at oracle.com
Mon Jun 28 00:41:38 UTC 2010 

As of right now, I show it fixed in openjdk6 b19, and openjdk7 b84.

However, I don't see any open CR  for it to be fixed in an Oracle JDK 6 
release.  You'd have to ask our Sustaining folks about what the schedule 
would be (or if it's even on the schedule), as I don't have any 
visibility thereof.

I see a related CR in the form of 6830224: pkcs11 should be able to 
accept DER encoded CKA_EC_POINT
That one hasn't been touched in over a year.*

*-Erik



On 6/27/2010 5:13 PM, Michael StJohns wrote:
> At 08:09 PM 6/27/2010, Andrew John Hughes wrote:
>    
>> On 28 June 2010 01:05, Michael StJohns<mstjohns at comcast.net>  wrote:
>>      
>>> Hi Andrew -
>>>
>>> I really need to work on fleshing out my emails... :-/
>>>
>>> The _20 release of the normal (non-OpenJDK) is missing this update. Â I had thought that this fix was supposed to be back-ported to the closed JDK 6 release. Â I've got the OpenJDK built on my local machine, but the folks I'm working with would rather use the pre-packaged Windows version etc etc etc... *sigh*.
>>>
>>>        
>> By its very nature, we don't know what's in the proprietary JDK.
>> That's an issue you need to take up with Oracle.  The bug is fixed in
>> OpenJDK6 and 7.
>>      
> Yes but - the RP/committer for this was Vincent - part of the Sun crowd..
>
> No worries.  If they can't answer, I'll reopen the bug and see what's what.
>
> Thanks - Mike
>
>
>    
>>> Thanks - Mike
>>>
>>>
>>> At 07:17 PM 6/27/2010, Andrew John Hughes wrote:
>>>        
>>>>> At 05:37 PM 6/27/2010, Michael StJohns wrote:
>>>>>            
>>>>>> Hi guys -
>>>>>>
>>>>>> I see from the Mercurial logs that this went in to both the jdk6 and jdk7 repositories. Ã, For jdk6 - it's rev 302 which looks like this should have ended up in the _19 release
>>>>>>
>>>>>> But all the files in lib/ext/sunpkcs11.jar Ã, for _20 are all tagged as 1 September 2009....
>>>>>>
>>>>>> Is the sunpkcs11.jar provider not getting regenerated and rebundled during the release process?
>>>>>>
>>>>>> Mike
>>>>>>              
>>>> It has been:
>>>>
>>>> $ hg log -R jdk -k 6763530
>>>> changeset: Â  302:82b80660cac3
>>>> user: Â  Â  Â  Â vinnie
>>>> date: Â  Â  Â  Â Thu Jan 21 23:59:41 2010 +0000
>>>> summary: Â  Â  6763530: Cannot decode PublicKey (Proider SunPKCS11,
>>>> curve prime256v1)
>>>>
>>>> and certainly is present on IcedTea6's builds.
>>>> --
>>>> Andrew :-)
>>>>
>>>> Free Java Software Engineer
>>>> Red Hat, Inc. (http://www.redhat.com)
>>>>
>>>> Support Free Java!
>>>> Contribute to GNU Classpath and the OpenJDK
>>>> http://www.gnu.org/software/classpath
>>>> http://openjdk.java.net
>>>>
>>>> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
>>>> Fingerprint: F8EF F1EA 401E 2E60 15FA Â 7927 142C 2591 94EF D9D8
>>>>          
>>>
>>>
>>>        
>>
>>
>> -- 
>> Andrew :-)
>>
>> Free Java Software Engineer
>> Red Hat, Inc. (http://www.redhat.com)
>>
>> Support Free Java!
>> Contribute to GNU Classpath and the OpenJDK
>> http://www.gnu.org/software/classpath
>> http://openjdk.java.net
>>
>> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
>> Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8
>>      
>
>    


-- 
Erik Trimble
Java System Support
Mailstop:  usca22-123
Phone:  x17195
Santa Clara, CA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20100628/4ba30b75/attachment.htm>

More information about the security-dev mailing list