Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints
weijun.wang at oracle.com
Tue Mar 13 00:29:50 UTC 2018
> On Mar 13, 2018, at 4:19 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> On 3/12/18 12:07 PM, Bernd Eckenfels wrote:
>> I always thought the logic is ‚case insensitive substring of canonical name‘, so it also works with things like ‚DHE‘ in ciphers. In that case ‚SHA‘ would match SHA-1 as well as SHA-xxx.
Really? my understanding is that SHA is an alias of SHA-1 and I never thought it covers SHA-256 etc., at least not in this case.
> Right, I was more making the point that you shouldn't expect aliases to match their corresponding names. For example, if you block on the alias "Rijndael", you should not assume it will block "AES".
>> *From:* security-dev <security-dev-bounces at openjdk.java.net> on behalf of Sean Mullan <sean.mullan at oracle.com>
>> *Sent:* Monday, March 12, 2018 3:41:36 PM
>> *To:* Weijun Wang; security-dev at openjdk.java.net
>> *Subject:* Re: Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints
>> On 3/12/18 4:39 AM, Weijun Wang wrote:
>>> I put "SHA-1" in a DisabledAlgorithmConstraints, it rejects SHA1 but allows sha1.
>> That sounds like a bug.
>>> The reason is that http://hg.openjdk.java.net/jdk/jdk/file/6b54e8cd9b3d/jdk/src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java#l96
>> does not see "sha1".
>>> On the other hand, it rejects both "SHA-1" and "sha-1", because it's a direct case-insenstive match.
>>> Also, it allows both "SHA" and "sha" because there is no special code for it. Isn't "SHA" also an alias of "SHA-1"?
>>> Do you think all these names should be recognized? Shall we clarify it in the spec?
>> I would tend to think that we should only specify (or guarantee) that
>> standard names are checked and used in the disabled algorithm
>> properties. Aliases have never been a supported/standard feature, so I
>> think if we start to accommodate them, then we have to document that and
>> it increases the complexity of the code and chance that we might miss
>> one. For example, SHA is an alias for SHA-1 in the JDK Sun provider but
>> there is no corresponding alias for SHAwithRSA in the SunRsaSign
>> provider, so it is inconsistent already.
More information about the security-dev