Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8251547

Remove the legacy elliptic curves

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 16
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Risk:
      low
    • Compatibility Risk Description:
      The commonly used curves are supported in the java implementation and the others are not widely used or obsoleted. Users of the removed curves could cause them to get a 3rd party provider to continue their usage.
    • Interface Kind:
      System or security property, Other
    • Scope:
      JDK

      Description

      Summary

      Removal of obsolete elliptic curves support, including underlying library libsunec.

      Problem

      Weaknesses in the implementation of the native library EC code make it necessary to remove support for future releases. The most common EC curves have already been re-implemented in Java in the SunEC JCE provider.

      Solution

      The final step of the obsoleted elliptic curve support is removal from the SunEC provider for future releases. This includes the removal of the native library and the now unnecessary jdk.sunec.disableNative system property in SunEC [1]. Support for these curves must be found via a 3rd party provider. SunEC will continue to support curves secp256r1, secp384r1, secp521r1, x25519, x448, ed25519, and ed448.

      Specification

      Removal of the following elliptic curves from the SunEC provider: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

      A release note will be provided that these curves support has been removed.

      Applications that use these curves via SunEC will receive an exception that the curve is not supported. This is consistent with any unsupported curve; as well as JDK 15 which is disabled by default.

      Below are java.security diffs removing the entries for the disabled curves, but keeping the namedCurves property in case it is useful for other means going forward.

      @@ -493,20 +493,11 @@
        #
        # This property contains a list of disabled EC Named Curves that can be included
        # in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
        # list in any of the disabledAlgorithms properties, add the property name as
        # an entry.
      - jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
      -     secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
      -     secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
      -     sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
      -     sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
      -     sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
      -     X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
      -     X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
      -     X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
      -     brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
      + #jdk.disabled.namedCurves=
      
        #
        # Algorithm restrictions for certification path (CertPath) processing
        #
        # In some environments, certain algorithms or key lengths may be undesirable
      @@ -640,12 +631,11 @@
        # Example:
        #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
        #
        #
        jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
      -     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
      -     include jdk.disabled.namedCurves
      +     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
      
        #
        # Legacy algorithms for certification path (CertPath) processing and
        # signed JAR files.
        #
      @@ -705,11 +695,11 @@
        # implementations.
        #
        # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
        #
        jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      -       DSA keySize < 1024, include jdk.disabled.namedCurves
      +       DSA keySize < 1024
      
        #
        # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
        # (SSL/TLS/DTLS) processing
        #
      @@ -740,12 +730,11 @@
        #
        # Example:
        #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
        #       rsa_pkcs1_sha1, secp224r1
        jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
      -     EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
      -     include jdk.disabled.namedCurves
      +     EC keySize < 224, 3DES_EDE_CBC, anon, NULL
      
        #
        # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
        # processing in JSSE implementation.
        #

      1: CSR: https://bugs.openjdk.java.net/browse/JDK-8238911

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ascarpino Anthony Scarpino
                Reporter:
                mullan Sean Mullan
                Reviewed By:
                Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: