JDK-8182143 : SHA224-based signature algorithms are not enabled for TLSv12 on Windows
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,9,10
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2017-06-14
  • Updated: 2017-12-13
  • Resolved: 2017-06-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10
10 b13Fixed
Related Reports
Relates :  
JDK-8182388 - Backout 8182143
Description
javax/net/ssl/TLSv12/SignatureAlgorithms.java test skips if only SHA-224 is enabled on Windows:

http://hg.openjdk.java.net/jdk9/dev/jdk/file/e8f3a872e69a/test/javax/net/ssl/TLSv12/SignatureAlgorithms.java#l438 

        /* 
         * Ignore testing on Windows if only SHA-224 is available. 
         */ 
        if ((Security.getProvider("SunMSCAPI") != null) && 
                (disabledAlgorithms.contains("SHA-1")) && 
                (disabledAlgorithms.contains("SHA-256"))) { 

            System.out.println( 
                "Windows system does not support SHA-224 algorithms yet. " + 
                "Ignore the testing"); 

            return; 
        } 


But SHA224-based signature algorithms should be provided by Java-based security providers on all supported platforms:

https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SUNProvider 

TLS client sends a signature_algorithms extension in a ClientHello message. The extension contains a list of signature algorithms which the client is okay to use. I noticed that on non-Windows platforms the client includes SHA224-based signature algorithms to the extension, but SHA224-based signature algorithms are not included to the extension on Windows. 

Here is the code which figures out which signature algorithms are available 

http://hg.openjdk.java.net/jdk9/dev/jdk/file/e8f3a872e69a/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java#l398 

The code checks if SunMSCAPI provider is not available, and if so, it adds SHA224-based signature algorithms. As a result, SHA224-based signatures are not sent in signature_algorithms extension on Windows. 

Since SHA224-based signature algorithms are provided by other security providers, they should be enabled on Windows as well.
Comments
Code review: http://mail.openjdk.java.net/pipermail/security-dev/2017-June/016003.html
15-06-2017
TLSv12 handshaking with SHA-224 signature algorithms seems to work fine with the following patch: diff -r 3801153e1036 src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java --- a/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Mon Jun 12 12:45:52 2017 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Tue Jun 13 18:09:46 2017 -0700 @@ -411,16 +411,12 @@ "SHA1withRSA", --p); supports(HashAlgorithm.SHA1, SignatureAlgorithm.ECDSA, "SHA1withECDSA", --p); - - if (Security.getProvider("SunMSCAPI") == null) { - supports(HashAlgorithm.SHA224, SignatureAlgorithm.DSA, - "SHA224withDSA", --p); - supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA, - "SHA224withRSA", --p); - supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA, - "SHA224withECDSA", --p); - } - + supports(HashAlgorithm.SHA224, SignatureAlgorithm.DSA, + "SHA224withDSA", --p); + supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA, + "SHA224withRSA", --p); + supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA, + "SHA224withECDSA", --p); supports(HashAlgorithm.SHA256, SignatureAlgorithm.DSA, "SHA256withDSA", --p); supports(HashAlgorithm.SHA256, SignatureAlgorithm.RSA, diff -r 3801153e1036 test/javax/net/ssl/TLSv12/SignatureAlgorithms.java --- a/test/javax/net/ssl/TLSv12/SignatureAlgorithms.java Mon Jun 12 12:45:52 2017 -0700 +++ b/test/javax/net/ssl/TLSv12/SignatureAlgorithms.java Tue Jun 13 18:09:46 2017 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -434,21 +434,6 @@ */ parseArguments(args); - - /* - * Ignore testing on Windows if only SHA-224 is available. - */ - if ((Security.getProvider("SunMSCAPI") != null) && - (disabledAlgorithms.contains("SHA-1")) && - (disabledAlgorithms.contains("SHA-256"))) { - - System.out.println( - "Windows system does not support SHA-224 algorithms yet. " + - "Ignore the testing"); - - return; - } - /* * Expose the target algorithms by diabling unexpected algorithms. */ javax/net/ssl/TLSv12/SignatureAlgorithms.java test passed on all platforms with the patch above.
14-06-2017