commit aaf92165ad1cbb1c9818eb60178c91293e13b053
Author: Andrew John Hughes <andrew@openjdk.org>
Date:   Mon Jan 24 15:13:14 2022 +0000

    RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support

diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
index fa494b680f..b5aa5c749d 100644
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -57,10 +57,6 @@ public final class Security {
     private static final Debug sdebug =
                         Debug.getInstance("properties");
 
-    /* System property file*/
-    private static final String SYSTEM_PROPERTIES =
-        "/etc/crypto-policies/back-ends/java.config";
-
     /* The java.security properties */
     private static Properties props;
 
@@ -202,13 +198,6 @@ public final class Security {
             }
         }
 
-        String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
-        if (disableSystemProps == null &&
-            "true".equalsIgnoreCase(props.getProperty
-                ("security.useSystemPropertiesFile"))) {
-            loadedProps = loadedProps && SystemConfigurator.configure(props);
-        }
-
         if (!loadedProps) {
             initializeStatic();
             if (sdebug != null) {
@@ -217,6 +206,28 @@ public final class Security {
             }
         }
 
+        String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+        if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
+            "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
+            if (!SystemConfigurator.configureSysProps(props)) {
+                if (sdebug != null) {
+                    sdebug.println("WARNING: System properties could not be loaded.");
+                }
+            }
+        }
+
+        // FIPS support depends on the contents of java.security so
+        // ensure it has loaded first
+        if (loadedProps) {
+            boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
+             if (sdebug != null) {
+                if (fipsEnabled) {
+                    sdebug.println("FIPS support enabled.");
+                } else {
+                    sdebug.println("FIPS support disabled.");
+                }
+             }
+        }
     }
 
     /*
diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
index d1f677597d..7da65b1d2c 100644
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -76,7 +76,7 @@ final class SystemConfigurator {
      * java.security.disableSystemPropertiesFile property is not set and
      * security.useSystemPropertiesFile is true.
      */
-    static boolean configure(Properties props) {
+    static boolean configureSysProps(Properties props) {
         boolean loadedProps = false;
 
         try (BufferedInputStream bis =
@@ -96,11 +96,19 @@ final class SystemConfigurator {
                 e.printStackTrace();
             }
         }
+        return loadedProps;
+    }
+
+    /*
+     * Invoked at the end of java.security.Security initialisation
+     * if java.security properties have been loaded
+     */
+    static boolean configureFIPS(Properties props) {
+        boolean loadedProps = false;
 
         try {
             if (enableFips()) {
                 if (sdebug != null) { sdebug.println("FIPS mode detected"); }
-                loadedProps = false;
                 // Remove all security providers
                 Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
                 while (i.hasNext()) {