Hi Lars,
I was hoping that Vincent Ryan had already contacted you about this.
I got redirected from ECC to work on the OpenJDK Bugzilla instance,
which is rolling out very soon. Vincent took over the ECC work late
last year along with your submission. The short answer is, between a
lengthy customer escalation and bugzilla, I've been so heads down for
the last 4 months, I'm not sure how far he's gotten.
Vinnie, can you provide more info?
Brad
Lars Silvén wrote:
Brad,
Any news about the p11 ECC bug.
When will it be fixed?
Best Regards,
Lars
Lars Silvén wrote:
Hello,
Thank you for taking care of this.
We want this fix in both JDK 6 and 7. I like to know the release date for the
fix in both versions if possible.
Lars
Brad Wetmore wrote:
Lars Silvén wrote:
Hi Brad,
Do you have everything you need to fix the bug.
I believe so. I haven't started looking at it closely yet, I'm still
mopping up several fires. Unfortunately, I'm the chef, busboy, and
bottle washer for several projects here.
Or is there anything more I could do to help.
I have now also tested the nCipher HSM. To get their p11 working my
patch had to be applied.
Do you have any idea when we the fix could be released?
Are you looking for JDK7, or 6?
Brad
Best Regards
Brad Wetmore wrote:
Lars Silvén wrote:
Hi Brad,
I have written a simple application that illustrates the problem:
http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
But you need a p11 module with ECC capability to run it. Do you have
one?
Yes.
If not I could investigate if one of our HSM vendors could send you
one.
Also to verify that the public key actually is usable a JCA provider
with ECC is needed.
I'm going to be working on adding ECC to the JCE provider for JDK 7.
Thanks for the case.
Brad
But for that you could use BouncyCastle.
Start running the application without parameters and then you get a
description of needed parameters.
Lars
Brad Wetmore wrote:
Great, thanks for doing so.
I'll be working on this fairly soon, so I'll get a bug filed. Do you
have a standalone test case for this already? See step 3 of the
contribute page. If you do but you don't have it in jtreg format,
I can
get it into the jtreg format.
Brad
Lars Silvén wrote:
Here is my SCA!
//Lars
Brad Wetmore wrote:
Hi Lars,
I have created a patch that is fixing the problem:
This is Brad Wetmore, I am the Security group Moderator, and also
the
person who will be handling this when I get back to working on the
Java
ECC implementation.
Unfortunately, I can't take your source contribution yet without a
signed copy of the Sun Contribution Agreement in place. This is
done
for your protection as well as the Sun's and the OpenJDK
community's.
Please see the following link for more information:
http://openjdk.java.net/contribute/
The Signatories of the SCA are eligible to donate code to all
products
and projects owned or managed by Sun: signing it once means you can
contribute code to any Sun-sponsored open source project.
If you have recently signed it and it hasn't yet appeared in our
database yet, just let me know.
Discussions of the problem is fine, it's just the source that we
can't
take at this point.
Thanks,
Brad
------------------------------------------------------------------------
