SunPKCS11 throws ProviderException for unsupported curves

XMLWordPrintable

    • Type: Enhancement
    • Resolution: Won't Fix
    • Priority: P4
    • tbd
    • Affects Version/s: None
    • Component/s: security-libs
    • None

      When an EC curve is supported by the JDK but not by the underlying native code implementation then a ProviderException is thrown when keypair generation is attempted.

      It would be more helpful if the native code implementation could be queried to confirm that the EC curve is actually supported, ahead of keypair generation.

      $java UnsupportedCurve
      Registered a JCE provider: SunPKCS11-NSS
      Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_BUFFER_TOO_SMALL
      at jdk.crypto.pkcs11/sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:424)
      at java.base/java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:715)
      at InvalidCurve.main(InvalidCurve.java:62)
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_BUFFER_TOO_SMALL
      at jdk.crypto.pkcs11/sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)
      at jdk.crypto.pkcs11/sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:416)
      ... 2 more

            Assignee:
            Anthony Scarpino
            Reporter:
            Vincent Ryan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: