JDK-8251547 : Remove the legacy elliptic curves
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 16
  • Submitted: 2020-08-13
  • Updated: 2020-09-16
  • Resolved: 2020-09-16
Related Reports
CSR :  
Description
Summary
-------
Removal of obsolete elliptic curves support, including underlying library libsunec.

Problem
-------
Weaknesses in the implementation of the native library EC code make it necessary to remove support for future releases. The most common EC curves have already been re-implemented in Java in the SunEC JCE provider.

Solution
--------
The final step of the obsoleted elliptic curve support is removal from the SunEC provider for future releases.  This includes the removal of the native library and the now unnecessary jdk.sunec.disableNative system property in SunEC [1].   Support for these curves must be found via a 3rd party provider.  SunEC will continue to support curves secp256r1, secp384r1, secp521r1, x25519, x448, ed25519, and ed448.

Specification
-------------
Removal of the following elliptic curves from the SunEC provider:
secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

A release note will be provided that these curves support has been removed.

Applications that use these curves via SunEC will receive an exception that the curve is not supported.  This is consistent with any unsupported curve; as well as JDK 15 which is disabled by default.

Below are java.security diffs removing the entries for the disabled curves, but keeping the namedCurves property in case it is useful for other means going forward.

    @@ -493,20 +493,11 @@
      #
      # This property contains a list of disabled EC Named Curves that can be included
      # in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
      # list in any of the disabledAlgorithms properties, add the property name as
      # an entry.
    - jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
    -     secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
    -     secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
    -     sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
    -     sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
    -     sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
    -     X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
    -     X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
    -     X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
    -     brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
    + #jdk.disabled.namedCurves=
      
      #
      # Algorithm restrictions for certification path (CertPath) processing
      #
      # In some environments, certain algorithms or key lengths may be undesirable
    @@ -640,12 +631,11 @@
      # Example:
      #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
      #
      #
      jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    -     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    -     include jdk.disabled.namedCurves
    +     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
          
      #
      # Legacy algorithms for certification path (CertPath) processing and
      # signed JAR files.
      #
    @@ -705,11 +695,11 @@
      # implementations.
      #
      # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
      #
      jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
    -       DSA keySize < 1024, include jdk.disabled.namedCurves
    +       DSA keySize < 1024
      
      #
      # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
      # (SSL/TLS/DTLS) processing
      #
    @@ -740,12 +730,11 @@
      #
      # Example:
      #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
      #       rsa_pkcs1_sha1, secp224r1
      jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    -     EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    -     include jdk.disabled.namedCurves
    +     EC keySize < 224, 3DES_EDE_CBC, anon, NULL
  
      #
      # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
      # processing in JSSE implementation.
      #

1:  CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
Comments
Moving to Approved.
16-09-2020