United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8031825 : OCSP client can't find responder cert if it uses a different subject key id algorithm than responderID

Details
Type:
Bug
Submit Date:
2014-01-15
Status:
Closed
Updated Date:
2014-05-07
Project Name:
JDK
Resolved Date:
2014-01-23
Component:
security-libs
OS:
Sub-Component:
java.security
CPU:
Priority:
P1
Resolution:
Fixed
Affected Versions:
8,8u5
Fixed Versions:

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
The OCSP client code tries to match the responderID (in an OCSP response) against the subject key identifier of the responder cert. This works if the subject key id is using the same algorithm as defined in RFC 2560 (160-bit SHA-1 hash of responder's public key), but RFC 5280 allows implementations to use a different algorithm. For example, RFC 7093 defines new methods using stronger SHA-2 algorithms. We fail to find a responder cert in these situations, and throw the following exception:

java.security.cert.CertPathValidatorException: Unable to verify OCSP Response's signature
                                    

Comments
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/57c26829deb6
User:  amurillo
Date:  2014-01-24 02:17:46 +0000

                                     
2014-01-24
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/57c26829deb6
User:  mullan
Date:  2014-01-23 00:13:11 +0000

                                     
2014-01-23
SQE approves this fix for JDK 8
                                     
2014-01-22
Release team: Approved for fixing.
                                     
2014-01-22
8-critical-request justification:

This bug fix is needed because the impact of this issue is pretty severe with an awkward workaround. The revocation checks for a signed applet would fail, and the signed applet would fail to load, and the only workaround is to disable OCSP in the Control Panel. 

So far we have only found one CA that this bug affects. However, we do not have 100% test coverage for all the CAs that we include.

Also, this bug can be triggered if the OCSP responder certificate is using stronger SHA-2 algorithms to generate the subject key identifier (see http://www.rfc-editor.org/rfc/rfc7093.txt ). So, there is an increased risk that we may encounter issues with other OCSP responders who are upgrading their certificates to use stronger algorithms.

The fix is understood, small, and should be low risk. Code Review in progress. See http://cr.openjdk.java.net/~mullan/webrevs/8031825/webrev.00/
                                     
2014-01-17



Hardware and Software, Engineered to Work Together