JDK-7099228 : Use a PKCS11 config attribute to control encoding of an EC point
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u10,7
  • Priority: P1
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2011-10-10
  • Updated: 2017-04-10
  • Resolved: 2011-11-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 JDK 8
5.0u75Resolved 6u85Fixed 7u2 b12Fixed 8Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
The fix for CR 7054637 introduced a PKCS11 token attribute to control whether an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.

It has been reported that the numeric identifier chosen for that attribute will clash with
the identifier already chosen by a vendor of PKCS11 tokens as a vendor extension.

To avoid this and any future namespace collisions from other token vendors a JCE provider
attribute should be used instead of a token attribute.

SUGGESTED FIX Modify the fix for CR 7054637 to use a JCE provider attribute rather than a PKCS11 token attribute to avoid a namespace collision and unintended behaviour in the token.

EVALUATION Problem identified for one PKCS11 token vendor. Fix as suggested