2009/10/5 Tomas Gustavsson <to...@primekey.se>: > > Hi Vincent and Brad, > > I'm not sure how things are at Sun currently. We work with Sun here in > Sweden so we've heard a bit about wait with the Oracle story. > > Anyhow I just want to let you know that if anyone is still working on > crypto that this bug is very annoying, and affect all existing HSMs as > far as I can see. ECC is rolling out pretty wide in europe now with new > electronic passports and other ecc cards. > So getting this fixed would be quite welcome, it's a small fix. I've > tested it on SafeNet HSMs myself right now. > > > Kind regards, > Tomas Gustavsson > PrimeKey Solutions AB > > > Lars Silvén wrote: >> -------- Forwarded Message -------- >> From: Brad Wetmore <bradford.wetm...@sun.com> >> To: Lars Silvén <l...@primekey.se> >> Cc: security-dev@openjdk.java.net, Vinnie Ryan <vincent.r...@sun.com> >> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug >> Date: Thu, 05 Feb 2009 11:34:49 -0800 >> >> Hi Lars, >> >> I was hoping that Vincent Ryan had already contacted you about this. >> >> I got redirected from ECC to work on the OpenJDK Bugzilla instance, >> which is rolling out very soon. Vincent took over the ECC work late >> last year along with your submission. The short answer is, between a >> lengthy customer escalation and bugzilla, I've been so heads down for >> the last 4 months, I'm not sure how far he's gotten. >> >> Vinnie, can you provide more info? >> >> Brad >> >> >> Lars Silvén wrote: >>> Brad, >>> >>> Any news about the p11 ECC bug. >>> >>> When will it be fixed? >>> >>> >>> Best Regards, >>> Lars >>> >>> >>> >>> Lars Silvén wrote: >>>> Hello, >>>> >>>> Thank you for taking care of this. >>>> We want this fix in both JDK 6 and 7. I like to know the release date for >>>> the >>>> fix in both versions if possible. >>>> >>>> Lars >>>> >>>> Brad Wetmore wrote: >>>>> Lars Silvén wrote: >>>>>> Hi Brad, >>>>>> >>>>>> Do you have everything you need to fix the bug. >>>>> I believe so. I haven't started looking at it closely yet, I'm still >>>>> mopping up several fires. Unfortunately, I'm the chef, busboy, and >>>>> bottle washer for several projects here. >>>>> >>>>>> Or is there anything more I could do to help. >>>>>> >>>>>> I have now also tested the nCipher HSM. To get their p11 working my >>>>>> patch had to be applied. >>>>>> >>>>>> Do you have any idea when we the fix could be released? >>>>> Are you looking for JDK7, or 6? >>>>> >>>>> Brad >>>>> >>>>>> Best Regards >>>>>> >>>>>> Brad Wetmore wrote: >>>>>>> Lars Silvén wrote: >>>>>>>> Hi Brad, >>>>>>>> >>>>>>>> I have written a simple application that illustrates the problem: >>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java >>>>>>>> >>>>>>>> But you need a p11 module with ECC capability to run it. Do you have >>>>>>>> one? >>>>>>> Yes. >>>>>>> >>>>>>>> If not I could investigate if one of our HSM vendors could send you >>>>>>>> one. >>>>>>>> Also to verify that the public key actually is usable a JCA provider >>>>>>>> with ECC is needed. >>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7. >>>>>>> >>>>>>> Thanks for the case. >>>>>>> >>>>>>> Brad >>>>>>> >>>>>>> >>>>>>> But for that you could use BouncyCastle. >>>>>>>> Start running the application without parameters and then you get a >>>>>>>> description of needed parameters. >>>>>>>> >>>>>>>> Lars >>>>>>>> >>>>>>>> >>>>>>>> Brad Wetmore wrote: >>>>>>>>> Great, thanks for doing so. >>>>>>>>> >>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do you >>>>>>>>> have a standalone test case for this already? See step 3 of the >>>>>>>>> contribute page. If you do but you don't have it in jtreg format, >>>>>>>>> I can >>>>>>>>> get it into the jtreg format. >>>>>>>>> >>>>>>>>> Brad >>>>>>>>> >>>>>>>>> >>>>>>>>> Lars Silvén wrote: >>>>>>>>>> Here is my SCA! >>>>>>>>>> >>>>>>>>>> //Lars >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Brad Wetmore wrote: >>>>>>>>>>> Hi Lars, >>>>>>>>>>> >>>>>>>>>>>> I have created a patch that is fixing the problem: >>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also >>>>>>>>>>> the >>>>>>>>>>> person who will be handling this when I get back to working on the >>>>>>>>>>> Java >>>>>>>>>>> ECC implementation. >>>>>>>>>>> >>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a >>>>>>>>>>> signed copy of the Sun Contribution Agreement in place. This is >>>>>>>>>>> done >>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK >>>>>>>>>>> community's. >>>>>>>>>>> >>>>>>>>>>> Please see the following link for more information: >>>>>>>>>>> >>>>>>>>>>> http://openjdk.java.net/contribute/ >>>>>>>>>>> >>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all >>>>>>>>>>> products >>>>>>>>>>> and projects owned or managed by Sun: signing it once means you can >>>>>>>>>>> contribute code to any Sun-sponsored open source project. >>>>>>>>>>> >>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our >>>>>>>>>>> database yet, just let me know. >>>>>>>>>>> >>>>>>>>>>> Discussions of the problem is fine, it's just the source that we >>>>>>>>>>> can't >>>>>>>>>>> take at this point. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> Brad >>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >
What bug are we discussing here? I don't see any patch or bug ID. -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
