JDK-8043634 : Use a PKCS11 config attribute to control encoding of an EC point
  • Type: Backport
  • Backport of: JDK-7099228
  • Component: security-libs
  • Affected Version: 7
  • Priority: P1
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-05-21
  • Updated: 2014-08-01
  • Resolved: 2014-06-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u85 b02Fixed 7u2Fixed
Comments
Verified 6u85 b02 on solaris sparcv9 with regtest sun/security/pkcs11/ec/TestKeyFactory.java Test passes 6u85 b02 and fails 6u85 b01.
01-08-2014
awaiting signed sunpkcs11.jar from RE, he is running into build issues
20-06-2014
This bug is essential to make EC cipher work in JDK 6 via the SunPKCS11 provider. A mail from Xuelei: -------------------------- Hi, During the backport of JDK-8037066 to JDK 6u85, Mala and I noticed the DER decode exception (see attached log, I make a little update to show the cause explicit) in regression test: j2se/test/sun/security/pkcs11/ec/TestKeyFactory.java and the new regression tests for JDK-8037066. This failure can be reproduced in nightsvr.us.oracle.com always. It turns out that EC public key in PKCS11 is not encode as DER as expected. Need to backport JDK-7099228 to JDK 6u. As this test will be ignored if the EC KeyFactory is not available, JPRT test cannot catch the issue. It is also strange that SQE also did not catch the failure. As we support EC cipher via the underlying PKCS11 provider, we may want to check the testing environment and make sure that the EC implementation, for example EC KeyFactory, is available in the daily testing environment. Thanks, Xuelei
22-05-2014
This bug needs to be backported to 6ux to fix the issue around the EC public keys in PKCS11 not being encode as DER as expected. JPRT tests which use EC KeyFactory are being ignored for JDK6 and show exception : java.lang.RuntimeException: Could not parse key values at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:954) at sun.security.pkcs11.P11Key$P11ECPublicKey.getW(P11Key.java:975) at sun.security.ec.ECKeyFactory.implTranslatePublicKey(ECKeyFactory.java:169) This bug is currently essential for the tests of bug# JDK-8037066 to pass
21-05-2014