Hi Vincent and Brad, I'm not sure how things are at Sun currently. We work with Sun here in Sweden so we've heard a bit about wait with the Oracle story.
Anyhow I just want to let you know that if anyone is still working on crypto that this bug is very annoying, and affect all existing HSMs as far as I can see. ECC is rolling out pretty wide in europe now with new electronic passports and other ecc cards. So getting this fixed would be quite welcome, it's a small fix. I've tested it on SafeNet HSMs myself right now. Kind regards, Tomas Gustavsson PrimeKey Solutions AB Lars Silvén wrote: > -------- Forwarded Message -------- > From: Brad Wetmore <bradford.wetm...@sun.com> > To: Lars Silvén <l...@primekey.se> > Cc: security-dev@openjdk.java.net, Vinnie Ryan <vincent.r...@sun.com> > Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug > Date: Thu, 05 Feb 2009 11:34:49 -0800 > > Hi Lars, > > I was hoping that Vincent Ryan had already contacted you about this. > > I got redirected from ECC to work on the OpenJDK Bugzilla instance, > which is rolling out very soon. Vincent took over the ECC work late > last year along with your submission. The short answer is, between a > lengthy customer escalation and bugzilla, I've been so heads down for > the last 4 months, I'm not sure how far he's gotten. > > Vinnie, can you provide more info? > > Brad > > > Lars Silvén wrote: >> Brad, >> >> Any news about the p11 ECC bug. >> >> When will it be fixed? >> >> >> Best Regards, >> Lars >> >> >> >> Lars Silvén wrote: >>> Hello, >>> >>> Thank you for taking care of this. >>> We want this fix in both JDK 6 and 7. I like to know the release date for >>> the >>> fix in both versions if possible. >>> >>> Lars >>> >>> Brad Wetmore wrote: >>>> Lars Silvén wrote: >>>>> Hi Brad, >>>>> >>>>> Do you have everything you need to fix the bug. >>>> I believe so. I haven't started looking at it closely yet, I'm still >>>> mopping up several fires. Unfortunately, I'm the chef, busboy, and >>>> bottle washer for several projects here. >>>> >>>>> Or is there anything more I could do to help. >>>>> >>>>> I have now also tested the nCipher HSM. To get their p11 working my >>>>> patch had to be applied. >>>>> >>>>> Do you have any idea when we the fix could be released? >>>> Are you looking for JDK7, or 6? >>>> >>>> Brad >>>> >>>>> Best Regards >>>>> >>>>> Brad Wetmore wrote: >>>>>> Lars Silvén wrote: >>>>>>> Hi Brad, >>>>>>> >>>>>>> I have written a simple application that illustrates the problem: >>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java >>>>>>> >>>>>>> But you need a p11 module with ECC capability to run it. Do you have >>>>>>> one? >>>>>> Yes. >>>>>> >>>>>>> If not I could investigate if one of our HSM vendors could send you >>>>>>> one. >>>>>>> Also to verify that the public key actually is usable a JCA provider >>>>>>> with ECC is needed. >>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7. >>>>>> >>>>>> Thanks for the case. >>>>>> >>>>>> Brad >>>>>> >>>>>> >>>>>> But for that you could use BouncyCastle. >>>>>>> Start running the application without parameters and then you get a >>>>>>> description of needed parameters. >>>>>>> >>>>>>> Lars >>>>>>> >>>>>>> >>>>>>> Brad Wetmore wrote: >>>>>>>> Great, thanks for doing so. >>>>>>>> >>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do you >>>>>>>> have a standalone test case for this already? See step 3 of the >>>>>>>> contribute page. If you do but you don't have it in jtreg format, >>>>>>>> I can >>>>>>>> get it into the jtreg format. >>>>>>>> >>>>>>>> Brad >>>>>>>> >>>>>>>> >>>>>>>> Lars Silvén wrote: >>>>>>>>> Here is my SCA! >>>>>>>>> >>>>>>>>> //Lars >>>>>>>>> >>>>>>>>> >>>>>>>>> Brad Wetmore wrote: >>>>>>>>>> Hi Lars, >>>>>>>>>> >>>>>>>>>>> I have created a patch that is fixing the problem: >>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also >>>>>>>>>> the >>>>>>>>>> person who will be handling this when I get back to working on the >>>>>>>>>> Java >>>>>>>>>> ECC implementation. >>>>>>>>>> >>>>>>>>>> Unfortunately, I can't take your source contribution yet without a >>>>>>>>>> signed copy of the Sun Contribution Agreement in place. This is >>>>>>>>>> done >>>>>>>>>> for your protection as well as the Sun's and the OpenJDK >>>>>>>>>> community's. >>>>>>>>>> >>>>>>>>>> Please see the following link for more information: >>>>>>>>>> >>>>>>>>>> http://openjdk.java.net/contribute/ >>>>>>>>>> >>>>>>>>>> The Signatories of the SCA are eligible to donate code to all >>>>>>>>>> products >>>>>>>>>> and projects owned or managed by Sun: signing it once means you can >>>>>>>>>> contribute code to any Sun-sponsored open source project. >>>>>>>>>> >>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our >>>>>>>>>> database yet, just let me know. >>>>>>>>>> >>>>>>>>>> Discussions of the problem is fine, it's just the source that we >>>>>>>>>> can't >>>>>>>>>> take at this point. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Brad >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>>
