Here is another reference to this bug: http://forums.sun.com/thread.jspa?messageID=10270927
Regards, Tomas Andrew John Hughes wrote: > 2009/10/5 Tomas Gustavsson <to...@primekey.se>: >> Hi Vincent and Brad, >> >> I'm not sure how things are at Sun currently. We work with Sun here in >> Sweden so we've heard a bit about wait with the Oracle story. >> >> Anyhow I just want to let you know that if anyone is still working on >> crypto that this bug is very annoying, and affect all existing HSMs as >> far as I can see. ECC is rolling out pretty wide in europe now with new >> electronic passports and other ecc cards. >> So getting this fixed would be quite welcome, it's a small fix. I've >> tested it on SafeNet HSMs myself right now. >> >> >> Kind regards, >> Tomas Gustavsson >> PrimeKey Solutions AB >> >> >> Lars Silvén wrote: >>> -------- Forwarded Message -------- >>> From: Brad Wetmore <bradford.wetm...@sun.com> >>> To: Lars Silvén <l...@primekey.se> >>> Cc: security-dev@openjdk.java.net, Vinnie Ryan <vincent.r...@sun.com> >>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug >>> Date: Thu, 05 Feb 2009 11:34:49 -0800 >>> >>> Hi Lars, >>> >>> I was hoping that Vincent Ryan had already contacted you about this. >>> >>> I got redirected from ECC to work on the OpenJDK Bugzilla instance, >>> which is rolling out very soon. Vincent took over the ECC work late >>> last year along with your submission. The short answer is, between a >>> lengthy customer escalation and bugzilla, I've been so heads down for >>> the last 4 months, I'm not sure how far he's gotten. >>> >>> Vinnie, can you provide more info? >>> >>> Brad >>> >>> >>> Lars Silvén wrote: >>>> Brad, >>>> >>>> Any news about the p11 ECC bug. >>>> >>>> When will it be fixed? >>>> >>>> >>>> Best Regards, >>>> Lars >>>> >>>> >>>> >>>> Lars Silvén wrote: >>>>> Hello, >>>>> >>>>> Thank you for taking care of this. >>>>> We want this fix in both JDK 6 and 7. I like to know the release date for >>>>> the >>>>> fix in both versions if possible. >>>>> >>>>> Lars >>>>> >>>>> Brad Wetmore wrote: >>>>>> Lars Silvén wrote: >>>>>>> Hi Brad, >>>>>>> >>>>>>> Do you have everything you need to fix the bug. >>>>>> I believe so. I haven't started looking at it closely yet, I'm still >>>>>> mopping up several fires. Unfortunately, I'm the chef, busboy, and >>>>>> bottle washer for several projects here. >>>>>> >>>>>>> Or is there anything more I could do to help. >>>>>>> >>>>>>> I have now also tested the nCipher HSM. To get their p11 working my >>>>>>> patch had to be applied. >>>>>>> >>>>>>> Do you have any idea when we the fix could be released? >>>>>> Are you looking for JDK7, or 6? >>>>>> >>>>>> Brad >>>>>> >>>>>>> Best Regards >>>>>>> >>>>>>> Brad Wetmore wrote: >>>>>>>> Lars Silvén wrote: >>>>>>>>> Hi Brad, >>>>>>>>> >>>>>>>>> I have written a simple application that illustrates the problem: >>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java >>>>>>>>> >>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have >>>>>>>>> one? >>>>>>>> Yes. >>>>>>>> >>>>>>>>> If not I could investigate if one of our HSM vendors could send you >>>>>>>>> one. >>>>>>>>> Also to verify that the public key actually is usable a JCA provider >>>>>>>>> with ECC is needed. >>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7. >>>>>>>> >>>>>>>> Thanks for the case. >>>>>>>> >>>>>>>> Brad >>>>>>>> >>>>>>>> >>>>>>>> But for that you could use BouncyCastle. >>>>>>>>> Start running the application without parameters and then you get a >>>>>>>>> description of needed parameters. >>>>>>>>> >>>>>>>>> Lars >>>>>>>>> >>>>>>>>> >>>>>>>>> Brad Wetmore wrote: >>>>>>>>>> Great, thanks for doing so. >>>>>>>>>> >>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed. Do you >>>>>>>>>> have a standalone test case for this already? See step 3 of the >>>>>>>>>> contribute page. If you do but you don't have it in jtreg format, >>>>>>>>>> I can >>>>>>>>>> get it into the jtreg format. >>>>>>>>>> >>>>>>>>>> Brad >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Lars Silvén wrote: >>>>>>>>>>> Here is my SCA! >>>>>>>>>>> >>>>>>>>>>> //Lars >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Brad Wetmore wrote: >>>>>>>>>>>> Hi Lars, >>>>>>>>>>>> >>>>>>>>>>>>> I have created a patch that is fixing the problem: >>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also >>>>>>>>>>>> the >>>>>>>>>>>> person who will be handling this when I get back to working on the >>>>>>>>>>>> Java >>>>>>>>>>>> ECC implementation. >>>>>>>>>>>> >>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a >>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place. This is >>>>>>>>>>>> done >>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK >>>>>>>>>>>> community's. >>>>>>>>>>>> >>>>>>>>>>>> Please see the following link for more information: >>>>>>>>>>>> >>>>>>>>>>>> http://openjdk.java.net/contribute/ >>>>>>>>>>>> >>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all >>>>>>>>>>>> products >>>>>>>>>>>> and projects owned or managed by Sun: signing it once means you >>>>>>>>>>>> can >>>>>>>>>>>> contribute code to any Sun-sponsored open source project. >>>>>>>>>>>> >>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our >>>>>>>>>>>> database yet, just let me know. >>>>>>>>>>>> >>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we >>>>>>>>>>>> can't >>>>>>>>>>>> take at this point. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> Brad >>>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> > > What bug are we discussing here? I don't see any patch or bug ID.
