JDK-8238911 : Disable native SunEC implementation by default
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 7-pool,8-pool,11-pool,14-pool,15
  • Submitted: 2020-02-11
  • Updated: 2021-02-10
  • Resolved: 2020-03-23
Related Reports
CSR :  
JDK-8237219 - Disable native SunEC implementation by default
Relates :  
JDK-8261502 - ECDHKeyAgreement: Allows alternate ECPrivateKey impl and revised exception handling
Description
Summary
-------
Disable by default the native library portion of the SunEC JCE provider to prevent all usage.  The system property, jdk.sunec.disableNative, allows for re-enabling.


Problem
-------

Recent weaknesses in the implementation of the native library EC code make it necessary to disable all API usage by default.  The most common EC curves have already been re-implemented in Java in the SunEC JCE provider.  

Solution
--------

Disabling the native code will be controlled by a system property, jdk.sunec.disableNative.  The default value will be case-insensitive "true", which means the native library is disabled.  The system property must be set to case-insensitive "false" to allow access to the native library via the API, any other value will revert to the default setting.  Each call to the native code will be checked before executing.  The property is necessary for older releases and applications that require the older curves and are willing to accept the weaknesses.  Access to the constant-time Java implemented curves is enabled regardless of the property.


Specification
-------------

Exceptions thrown when the native code is disabled will contain the message "Legacy SunEC curve disabled", followed by the name of the curve.
Methods affected by the change are KeyPair.generateKeyPair(), KeyAgreement.generateSecret(), Signature.verify(), and Signature.sign().  All methods throw the same exception or wrapped exception as if the curve was not supported.

The release notes will explain how to re-enable the provider along with why it was disabled by default.  Disabling the native code will be controlled by a system property, jdk.sunec.disableNative.  The default value will be case-insensitive "true", which means the native library is disabled.  The system property must be set to case-insensitive "false" to allow access to the native library via the API, any other value will revert to the default setting. Access to the constant-time Java implemented curves is enabled regardless of the property.

Webrev directory located at https://cr.openjdk.java.net/~ascarpino/8237219

The affected curves are, these are the same curves that were put on the disabledAlgorithms security properties in https://bugs.openjdk.java.net/browse/JDK-8235540: 

secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

Curves secp256r1, secp384r1, and secp521r1 remain enabled as they are implemented in Java.
Comments
Moving to Approved.
23-03-2020
Sean and I discussed this and we both think the the property in a "disabling" theme rather than enabling constant time is best. Thanks for the suggestion.
23-03-2020
Moving to Provisional (not Approved). Please consider a system property named like jdk.sunec.useConstantTimeImpl defaulting to false. If you decide to using the current wording, Finalize the request.
23-03-2020