2009/10/6 Tomas Gustavsson <to...@primekey.se>: > > Hi Andrew, > > I guess no bug Id was created after all. > The issue is that the pkcs#11 library returns a tag-length-value > encoding for an EC public key, but the Sun provider expects something > else. So when trying to read the public key from pkcs#11 we get an > exception. > > The patch, which is very small and backwards compatible (if there are > pkcs#11's that does return the value originally expected), can be found > here: > http://bunny.primekey.se/~lars/sunP11Bug/patch.txt > > A simple test case: > http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java > > We've been in contact with an HSM vendor (Utimaco) and they claim that > the tag-length-value is the right way. Since we tested this with several > different HSMs it seems they are in agreement as well :-) > (I can forward their explanation as well if needed). > > Kind regards, > Tomas > > PS: Lars (who is my collegue) has completed the "Sun Contribution > Agreement". > > > Andrew John Hughes wrote: >> 2009/10/5 Tomas Gustavsson <to...@primekey.se>: >>> Hi Vincent and Brad, >>> >>> I'm not sure how things are at Sun currently. We work with Sun here in >>> Sweden so we've heard a bit about wait with the Oracle story. >>> >>> Anyhow I just want to let you know that if anyone is still working on >>> crypto that this bug is very annoying, and affect all existing HSMs as >>> far as I can see. ECC is rolling out pretty wide in europe now with new >>> electronic passports and other ecc cards. >>> So getting this fixed would be quite welcome, it's a small fix. I've >>> tested it on SafeNet HSMs myself right now. >>> >>> >>> Kind regards, >>> Tomas Gustavsson >>> PrimeKey Solutions AB >>> >>> >>> Lars Silvén wrote: >>>> -------- Forwarded Message -------- >>>> From: Brad Wetmore <bradford.wetm...@sun.com> >>>> To: Lars Silvén <l...@primekey.se> >>>> Cc: security-dev@openjdk.java.net, Vinnie Ryan <vincent.r...@sun.com> >>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug >>>> Date: Thu, 05 Feb 2009 11:34:49 -0800 >>>> >>>> Hi Lars, >>>> >>>> I was hoping that Vincent Ryan had already contacted you about this. >>>> >>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance, >>>> which is rolling out very soon. Vincent took over the ECC work late >>>> last year along with your submission. The short answer is, between a >>>> lengthy customer escalation and bugzilla, I've been so heads down for >>>> the last 4 months, I'm not sure how far he's gotten. >>>> >>>> Vinnie, can you provide more info? >>>> >>>> Brad >>>> >>>> >>>> Lars Silvén wrote: >>>>> Brad, >>>>> >>>>> Any news about the p11 ECC bug. >>>>> >>>>> When will it be fixed? >>>>> >>>>> >>>>> Best Regards, >>>>> Lars >>>>> >>>>> >>>>> >>>>> Lars Silvén wrote: >>>>>> Hello, >>>>>> >>>>>> Thank you for taking care of this. >>>>>> We want this fix in both JDK 6 and 7. I like to know the release date >>>>>> for the >>>>>> fix in both versions if possible. >>>>>> >>>>>> Lars >>>>>> >>>>>> Brad Wetmore wrote: >>>>>>> Lars Silvén wrote: >>>>>>>> Hi Brad, >>>>>>>> >>>>>>>> Do you have everything you need to fix the bug. >>>>>>> I believe so. I haven't started looking at it closely yet, I'm still >>>>>>> mopping up several fires. Unfortunately, I'm the chef, busboy, and >>>>>>> bottle washer for several projects here. >>>>>>> >>>>>>>> Or is there anything more I could do to help. >>>>>>>> >>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my >>>>>>>> patch had to be applied. >>>>>>>> >>>>>>>> Do you have any idea when we the fix could be released? >>>>>>> Are you looking for JDK7, or 6? >>>>>>> >>>>>>> Brad >>>>>>> >>>>>>>> Best Regards >>>>>>>> >>>>>>>> Brad Wetmore wrote: >>>>>>>>> Lars Silvén wrote: >>>>>>>>>> Hi Brad, >>>>>>>>>> >>>>>>>>>> I have written a simple application that illustrates the problem: >>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java >>>>>>>>>> >>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have >>>>>>>>>> one? >>>>>>>>> Yes. >>>>>>>>> >>>>>>>>>> If not I could investigate if one of our HSM vendors could send you >>>>>>>>>> one. >>>>>>>>>> Also to verify that the public key actually is usable a JCA provider >>>>>>>>>> with ECC is needed. >>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7. >>>>>>>>> >>>>>>>>> Thanks for the case. >>>>>>>>> >>>>>>>>> Brad >>>>>>>>> >>>>>>>>> >>>>>>>>> But for that you could use BouncyCastle. >>>>>>>>>> Start running the application without parameters and then you get a >>>>>>>>>> description of needed parameters. >>>>>>>>>> >>>>>>>>>> Lars >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Brad Wetmore wrote: >>>>>>>>>>> Great, thanks for doing so. >>>>>>>>>>> >>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do >>>>>>>>>>> you >>>>>>>>>>> have a standalone test case for this already? See step 3 of the >>>>>>>>>>> contribute page. If you do but you don't have it in jtreg format, >>>>>>>>>>> I can >>>>>>>>>>> get it into the jtreg format. >>>>>>>>>>> >>>>>>>>>>> Brad >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Lars Silvén wrote: >>>>>>>>>>>> Here is my SCA! >>>>>>>>>>>> >>>>>>>>>>>> //Lars >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Brad Wetmore wrote: >>>>>>>>>>>>> Hi Lars, >>>>>>>>>>>>> >>>>>>>>>>>>>> I have created a patch that is fixing the problem: >>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also >>>>>>>>>>>>> the >>>>>>>>>>>>> person who will be handling this when I get back to working on the >>>>>>>>>>>>> Java >>>>>>>>>>>>> ECC implementation. >>>>>>>>>>>>> >>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a >>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place. This is >>>>>>>>>>>>> done >>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK >>>>>>>>>>>>> community's. >>>>>>>>>>>>> >>>>>>>>>>>>> Please see the following link for more information: >>>>>>>>>>>>> >>>>>>>>>>>>> http://openjdk.java.net/contribute/ >>>>>>>>>>>>> >>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all >>>>>>>>>>>>> products >>>>>>>>>>>>> and projects owned or managed by Sun: signing it once means you >>>>>>>>>>>>> can >>>>>>>>>>>>> contribute code to any Sun-sponsored open source project. >>>>>>>>>>>>> >>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our >>>>>>>>>>>>> database yet, just let me know. >>>>>>>>>>>>> >>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we >>>>>>>>>>>>> can't >>>>>>>>>>>>> take at this point. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> >>>>>>>>>>>>> Brad >>>>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >> >> What bug are we discussing here? I don't see any patch or bug ID. >
Ah, this sounds like a similar, if not the same bug as 6763530 which we discussed here: http://mail.openjdk.java.net/pipermail/security-dev/2009-September/001252.html I posted a patch for this some time ago, as you can see from the discussion, and then a revised version based on Michael StJohn's patch http://cr.openjdk.java.net/~andrew/6763530/webrev.02/ but it has not yet been accepted into OpenJDK. The bug is due to the data being DER encoded. DER octet streams also start with a 4 but the length is different from that expected by the current code. The bug is triggered when newer versions of the NSS library are used for ECC support. -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
