[8u] RFR: 8266929: Unable to use algorithms from 3p providers

Mon May 17 12:25:27 UTC 2021

Hi Dan,

On Wed, 2021-05-12 at 17:28 +0000, Lutker, Dan wrote:
> Hi all,
> Please review the webrev below, it fixes a regression where algorithms
> from a 3p Security Provider are never made available from a singed JAR
> since the cache is populated during the verification of the JARs and
> does not refresh afterwards. This fix depends on the RFR for 8156584
> [2].
> 
> Issue: https://bugs.openjdk.java.net/browse/JDK-8266929
> Webrev:
> http://cr.openjdk.java.net/~alvdavi/webrevs/lutkerd/8266929/webrev.8u.jdk.00/

This seems to be an issue with JDK 11 and even JDK head, no?

$ cat UseBCAlgo.java 
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.Security;
import java.security.NoSuchAlgorithmException;

public class UseBCAlgo {
    public static void main (String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        new javax.crypto.EncryptedPrivateKeyInfo("SHA384WITHDSA", new byte[]{0});
        System.out.println("Successfully created third-party provider algo. GOOD.");
        Security.removeProvider("BC");
	try {
           new javax.crypto.EncryptedPrivateKeyInfo("SHA384WITHDSA", new byte[]{0}); // this should fail
	   throw new RuntimeException("Test failed!");
	} catch (NoSuchAlgorithmException e) {
           System.out.println("Test passed!");
	}
    }
}

$ java -showversion -cp bcprov-jdk15on-168.jar:. UseBCAlgo
openjdk version "17-internal" 2021-09-14
OpenJDK Runtime Environment (build 17-internal+0-adhoc.sgehwolf.jdk-jdk)
OpenJDK 64-Bit Server VM (build 17-internal+0-adhoc.sgehwolf.jdk-jdk, mixed mode, sharing)
Successfully created third-party provider algo. GOOD.
Exception in thread "main" java.lang.RuntimeException: Test failed!
	at UseBCAlgo.main(UseBCAlgo.java:14)

$ java -showversion -cp bcprov-jdk15on-168.jar:. UseBCAlgo
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment 18.9 (build 11.0.11+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9, mixed mode, sharing)
Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: SHA384WITHDSA
	at java.base/sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
	at java.base/javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:139)
	at UseBCAlgo.main(UseBCAlgo.java:9)

$ java -showversion -cp bcprov-jdk15on-168.jar:. UseBCAlgo
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: SHA384WITHDSA
	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
	at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:137)
	at UseBCAlgo.main(UseBCAlgo.java:9)

We should propose this in later JDKs first and then backport.

Thanks,
Severin