Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238911

Disable native SunEC implementation by default

    Details

    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      System property will revert behavior
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      Disable by default the native library portion of the SunEC JCE provider to prevent all usage. The system property, jdk.sunec.disableNative, allows for re-enabling.

      Problem

      Recent weaknesses in the implementation of the native library EC code make it necessary to disable all API usage by default. The most common EC curves have already been re-implemented in Java in the SunEC JCE provider.

      Solution

      Disabling the native code will be controlled by a system property, jdk.sunec.disableNative. The default value will be case-insensitive "true", which means the native library is disabled. The system property must be set to case-insensitive "false" to allow access to the native library via the API, any other value will revert to the default setting. Each call to the native code will be checked before executing. The property is necessary for older releases and applications that require the older curves and are willing to accept the weaknesses. Access to the constant-time Java implemented curves is enabled regardless of the property.

      Specification

      Exceptions thrown when the native code is disabled will contain the message "Legacy SunEC curve disabled", followed by the name of the curve. Methods affected by the change are KeyPair.generateKeyPair(), KeyAgreement.generateSecret(), Signature.verify(), and Signature.sign(). All methods throw the same exception or wrapped exception as if the curve was not supported.

      The release notes will explain how to re-enable the provider along with why it was disabled by default. Disabling the native code will be controlled by a system property, jdk.sunec.disableNative. The default value will be case-insensitive "true", which means the native library is disabled. The system property must be set to case-insensitive "false" to allow access to the native library via the API, any other value will revert to the default setting. Access to the constant-time Java implemented curves is enabled regardless of the property.

      Webrev directory located at https://cr.openjdk.java.net/~ascarpino/8237219

      The affected curves are, these are the same curves that were put on the disabledAlgorithms security properties in https://bugs.openjdk.java.net/browse/JDK-8235540:

      secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

      Curves secp256r1, secp384r1, and secp521r1 remain enabled as they are implemented in Java.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ascarpino Anthony Scarpino
                Reporter:
                ascarpino Anthony Scarpino
                Reviewed By:
                Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: