Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
Resolves: rhbz#1995889
This commit is contained in:
Andrew Hughes
parent
d4c6f7c9b1
commit
cba3bba79b
@ -298,7 +298,7 @@
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 33
|
||||
%global rpmrelease 2
|
||||
%global rpmrelease 3
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||
@ -1175,6 +1175,8 @@ Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
|
||||
Patch1007: rh1915071-always_initialise_configurator_access.patch
|
||||
# RH1929465: Improve system FIPS detection
|
||||
Patch1008: rh1929465-improve_system_FIPS_detection.patch
|
||||
# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
|
||||
Patch1009: rh1995150-disable_non-fips_crypto.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1537,6 +1539,7 @@ popd # openjdk
|
||||
%patch1004
|
||||
%patch1007
|
||||
%patch1008
|
||||
%patch1009
|
||||
|
||||
# Extract systemtap tapsets
|
||||
%if %{with_systemtap}
|
||||
@ -2254,6 +2257,10 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.3.ea
|
||||
- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
|
||||
- Resolves: rhbz#1995889
|
||||
|
||||
* Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
||||
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
|
||||
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
|
||||
|
||||
596
rh1995150-disable_non-fips_crypto.patch
Normal file
596
rh1995150-disable_non-fips_crypto.patch
Normal file
@ -0,0 +1,596 @@
|
||||
diff --git openjdk/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
|
||||
index 9d4a794de1a..39e69362458 100644
|
||||
--- openjdk/src/java.base/share/classes/module-info.java
|
||||
+++ openjdk/src/java.base/share/classes/module-info.java
|
||||
@@ -151,6 +151,7 @@ module java.base {
|
||||
java.management,
|
||||
java.naming,
|
||||
java.rmi,
|
||||
+ jdk.crypto.ec,
|
||||
jdk.jartool,
|
||||
jdk.jlink,
|
||||
jdk.net,
|
||||
diff --git openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
||||
index 912cad59714..c5e13c98bd9 100644
|
||||
--- openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
||||
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
||||
@@ -30,6 +30,7 @@ import java.net.*;
|
||||
import java.util.*;
|
||||
import java.security.*;
|
||||
|
||||
+import jdk.internal.access.SharedSecrets;
|
||||
import jdk.internal.util.StaticProperty;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
import sun.security.util.SecurityProviderConstants;
|
||||
@@ -83,6 +84,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
|
||||
|
||||
public final class SunEntries {
|
||||
|
||||
+ private static final boolean systemFipsEnabled =
|
||||
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled();
|
||||
+
|
||||
// the default algo used by SecureRandom class for new SecureRandom() calls
|
||||
public static final String DEF_SECURE_RANDOM_ALGO;
|
||||
|
||||
@@ -94,147 +99,149 @@ public final class SunEntries {
|
||||
// common attribute map
|
||||
HashMap<String, String> attrs = new HashMap<>(3);
|
||||
|
||||
- /*
|
||||
- * SecureRandom engines
|
||||
- */
|
||||
- attrs.put("ThreadSafe", "true");
|
||||
- if (NativePRNG.isAvailable()) {
|
||||
- add(p, "SecureRandom", "NativePRNG",
|
||||
- "sun.security.provider.NativePRNG", attrs);
|
||||
- }
|
||||
- if (NativePRNG.Blocking.isAvailable()) {
|
||||
- add(p, "SecureRandom", "NativePRNGBlocking",
|
||||
- "sun.security.provider.NativePRNG$Blocking", attrs);
|
||||
- }
|
||||
- if (NativePRNG.NonBlocking.isAvailable()) {
|
||||
- add(p, "SecureRandom", "NativePRNGNonBlocking",
|
||||
- "sun.security.provider.NativePRNG$NonBlocking", attrs);
|
||||
+ if (!systemFipsEnabled) {
|
||||
+ /*
|
||||
+ * SecureRandom engines
|
||||
+ */
|
||||
+ attrs.put("ThreadSafe", "true");
|
||||
+ if (NativePRNG.isAvailable()) {
|
||||
+ add(p, "SecureRandom", "NativePRNG",
|
||||
+ "sun.security.provider.NativePRNG", attrs);
|
||||
+ }
|
||||
+ if (NativePRNG.Blocking.isAvailable()) {
|
||||
+ add(p, "SecureRandom", "NativePRNGBlocking",
|
||||
+ "sun.security.provider.NativePRNG$Blocking", attrs);
|
||||
+ }
|
||||
+ if (NativePRNG.NonBlocking.isAvailable()) {
|
||||
+ add(p, "SecureRandom", "NativePRNGNonBlocking",
|
||||
+ "sun.security.provider.NativePRNG$NonBlocking", attrs);
|
||||
+ }
|
||||
+ attrs.put("ImplementedIn", "Software");
|
||||
+ add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
|
||||
+ add(p, "SecureRandom", "SHA1PRNG",
|
||||
+ "sun.security.provider.SecureRandom", attrs);
|
||||
+
|
||||
+ /*
|
||||
+ * Signature engines
|
||||
+ */
|
||||
+ attrs.clear();
|
||||
+ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
|
||||
+ "|java.security.interfaces.DSAPrivateKey";
|
||||
+ attrs.put("SupportedKeyClasses", dsaKeyClasses);
|
||||
+ attrs.put("ImplementedIn", "Software");
|
||||
+
|
||||
+ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
|
||||
+
|
||||
+ addWithAlias(p, "Signature", "SHA1withDSA",
|
||||
+ "sun.security.provider.DSA$SHA1withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "NONEwithDSA",
|
||||
+ "sun.security.provider.DSA$RawDSA", attrs);
|
||||
+
|
||||
+ // for DSA signatures with 224/256-bit digests
|
||||
+ attrs.put("KeySize", "2048");
|
||||
+
|
||||
+ addWithAlias(p, "Signature", "SHA224withDSA",
|
||||
+ "sun.security.provider.DSA$SHA224withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "SHA256withDSA",
|
||||
+ "sun.security.provider.DSA$SHA256withDSA", attrs);
|
||||
+
|
||||
+ addWithAlias(p, "Signature", "SHA3-224withDSA",
|
||||
+ "sun.security.provider.DSA$SHA3_224withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "SHA3-256withDSA",
|
||||
+ "sun.security.provider.DSA$SHA3_256withDSA", attrs);
|
||||
+
|
||||
+ attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
|
||||
+
|
||||
+ addWithAlias(p, "Signature", "SHA384withDSA",
|
||||
+ "sun.security.provider.DSA$SHA384withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "SHA512withDSA",
|
||||
+ "sun.security.provider.DSA$SHA512withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "SHA3-384withDSA",
|
||||
+ "sun.security.provider.DSA$SHA3_384withDSA", attrs);
|
||||
+ addWithAlias(p, "Signature", "SHA3-512withDSA",
|
||||
+ "sun.security.provider.DSA$SHA3_512withDSA", attrs);
|
||||
+
|
||||
+ attrs.remove("KeySize");
|
||||
+
|
||||
+ add(p, "Signature", "SHA1withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA1withDSAinP1363Format");
|
||||
+ add(p, "Signature", "NONEwithDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$RawDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA224withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA224withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA256withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA256withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA384withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA384withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA512withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA512withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA3-224withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA3-256withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA3-384withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
|
||||
+ add(p, "Signature", "SHA3-512withDSAinP1363Format",
|
||||
+ "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
|
||||
+ /*
|
||||
+ * Key Pair Generator engines
|
||||
+ */
|
||||
+ attrs.clear();
|
||||
+ attrs.put("ImplementedIn", "Software");
|
||||
+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only
|
||||
+
|
||||
+ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
|
||||
+ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
|
||||
+ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
|
||||
+
|
||||
+ /*
|
||||
+ * Algorithm Parameter Generator engines
|
||||
+ */
|
||||
+ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
|
||||
+ "sun.security.provider.DSAParameterGenerator", attrs);
|
||||
+ attrs.remove("KeySize");
|
||||
+
|
||||
+ /*
|
||||
+ * Algorithm Parameter engines
|
||||
+ */
|
||||
+ addWithAlias(p, "AlgorithmParameters", "DSA",
|
||||
+ "sun.security.provider.DSAParameters", attrs);
|
||||
+
|
||||
+ /*
|
||||
+ * Key factories
|
||||
+ */
|
||||
+ addWithAlias(p, "KeyFactory", "DSA",
|
||||
+ "sun.security.provider.DSAKeyFactory", attrs);
|
||||
+
|
||||
+ /*
|
||||
+ * Digest engines
|
||||
+ */
|
||||
+ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
|
||||
+ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
|
||||
+ attrs);
|
||||
+
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-224",
|
||||
+ "sun.security.provider.SHA2$SHA224", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-256",
|
||||
+ "sun.security.provider.SHA2$SHA256", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-384",
|
||||
+ "sun.security.provider.SHA5$SHA384", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-512",
|
||||
+ "sun.security.provider.SHA5$SHA512", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-512/224",
|
||||
+ "sun.security.provider.SHA5$SHA512_224", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA-512/256",
|
||||
+ "sun.security.provider.SHA5$SHA512_256", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA3-224",
|
||||
+ "sun.security.provider.SHA3$SHA224", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA3-256",
|
||||
+ "sun.security.provider.SHA3$SHA256", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA3-384",
|
||||
+ "sun.security.provider.SHA3$SHA384", attrs);
|
||||
+ addWithAlias(p, "MessageDigest", "SHA3-512",
|
||||
+ "sun.security.provider.SHA3$SHA512", attrs);
|
||||
}
|
||||
- attrs.put("ImplementedIn", "Software");
|
||||
- add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
|
||||
- add(p, "SecureRandom", "SHA1PRNG",
|
||||
- "sun.security.provider.SecureRandom", attrs);
|
||||
-
|
||||
- /*
|
||||
- * Signature engines
|
||||
- */
|
||||
- attrs.clear();
|
||||
- String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
|
||||
- "|java.security.interfaces.DSAPrivateKey";
|
||||
- attrs.put("SupportedKeyClasses", dsaKeyClasses);
|
||||
- attrs.put("ImplementedIn", "Software");
|
||||
-
|
||||
- attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
|
||||
-
|
||||
- addWithAlias(p, "Signature", "SHA1withDSA",
|
||||
- "sun.security.provider.DSA$SHA1withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "NONEwithDSA",
|
||||
- "sun.security.provider.DSA$RawDSA", attrs);
|
||||
-
|
||||
- // for DSA signatures with 224/256-bit digests
|
||||
- attrs.put("KeySize", "2048");
|
||||
-
|
||||
- addWithAlias(p, "Signature", "SHA224withDSA",
|
||||
- "sun.security.provider.DSA$SHA224withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "SHA256withDSA",
|
||||
- "sun.security.provider.DSA$SHA256withDSA", attrs);
|
||||
-
|
||||
- addWithAlias(p, "Signature", "SHA3-224withDSA",
|
||||
- "sun.security.provider.DSA$SHA3_224withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "SHA3-256withDSA",
|
||||
- "sun.security.provider.DSA$SHA3_256withDSA", attrs);
|
||||
-
|
||||
- attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
|
||||
-
|
||||
- addWithAlias(p, "Signature", "SHA384withDSA",
|
||||
- "sun.security.provider.DSA$SHA384withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "SHA512withDSA",
|
||||
- "sun.security.provider.DSA$SHA512withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "SHA3-384withDSA",
|
||||
- "sun.security.provider.DSA$SHA3_384withDSA", attrs);
|
||||
- addWithAlias(p, "Signature", "SHA3-512withDSA",
|
||||
- "sun.security.provider.DSA$SHA3_512withDSA", attrs);
|
||||
-
|
||||
- attrs.remove("KeySize");
|
||||
-
|
||||
- add(p, "Signature", "SHA1withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA1withDSAinP1363Format");
|
||||
- add(p, "Signature", "NONEwithDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$RawDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA224withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA224withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA256withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA256withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA384withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA384withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA512withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA512withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA3-224withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA3-256withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA3-384withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
|
||||
- add(p, "Signature", "SHA3-512withDSAinP1363Format",
|
||||
- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
|
||||
- /*
|
||||
- * Key Pair Generator engines
|
||||
- */
|
||||
- attrs.clear();
|
||||
- attrs.put("ImplementedIn", "Software");
|
||||
- attrs.put("KeySize", "2048"); // for DSA KPG and APG only
|
||||
-
|
||||
- String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
|
||||
- dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
|
||||
- addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
|
||||
-
|
||||
- /*
|
||||
- * Algorithm Parameter Generator engines
|
||||
- */
|
||||
- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
|
||||
- "sun.security.provider.DSAParameterGenerator", attrs);
|
||||
- attrs.remove("KeySize");
|
||||
-
|
||||
- /*
|
||||
- * Algorithm Parameter engines
|
||||
- */
|
||||
- addWithAlias(p, "AlgorithmParameters", "DSA",
|
||||
- "sun.security.provider.DSAParameters", attrs);
|
||||
-
|
||||
- /*
|
||||
- * Key factories
|
||||
- */
|
||||
- addWithAlias(p, "KeyFactory", "DSA",
|
||||
- "sun.security.provider.DSAKeyFactory", attrs);
|
||||
-
|
||||
- /*
|
||||
- * Digest engines
|
||||
- */
|
||||
- add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
|
||||
- add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
|
||||
- attrs);
|
||||
-
|
||||
- addWithAlias(p, "MessageDigest", "SHA-224",
|
||||
- "sun.security.provider.SHA2$SHA224", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-256",
|
||||
- "sun.security.provider.SHA2$SHA256", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-384",
|
||||
- "sun.security.provider.SHA5$SHA384", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-512",
|
||||
- "sun.security.provider.SHA5$SHA512", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-512/224",
|
||||
- "sun.security.provider.SHA5$SHA512_224", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA-512/256",
|
||||
- "sun.security.provider.SHA5$SHA512_256", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA3-224",
|
||||
- "sun.security.provider.SHA3$SHA224", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA3-256",
|
||||
- "sun.security.provider.SHA3$SHA256", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA3-384",
|
||||
- "sun.security.provider.SHA3$SHA384", attrs);
|
||||
- addWithAlias(p, "MessageDigest", "SHA3-512",
|
||||
- "sun.security.provider.SHA3$SHA512", attrs);
|
||||
|
||||
/*
|
||||
* Certificates
|
||||
diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
index 8c9e4f9dbe6..9eeb3013e0d 100644
|
||||
--- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
+++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
@@ -38,6 +38,7 @@ import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
+import jdk.internal.access.SharedSecrets;
|
||||
import sun.security.ec.ed.EdDSAAlgorithmParameters;
|
||||
import sun.security.ec.ed.EdDSAKeyFactory;
|
||||
import sun.security.ec.ed.EdDSAKeyPairGenerator;
|
||||
@@ -56,6 +57,10 @@ public final class SunEC extends Provider {
|
||||
|
||||
private static final long serialVersionUID = -2279741672933606418L;
|
||||
|
||||
+ private static final boolean systemFipsEnabled =
|
||||
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled();
|
||||
+
|
||||
private static class ProviderServiceA extends ProviderService {
|
||||
ProviderServiceA(Provider p, String type, String algo, String cn,
|
||||
HashMap<String, String> attrs) {
|
||||
@@ -249,85 +254,86 @@ public final class SunEC extends Provider {
|
||||
|
||||
putXDHEntries();
|
||||
putEdDSAEntries();
|
||||
-
|
||||
- /*
|
||||
- * Signature engines
|
||||
- */
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
|
||||
- null, ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
|
||||
- ATTRS));
|
||||
-
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "NONEwithECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$RawinP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA1withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA224withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA256withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA384withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA512withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
|
||||
-
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA3-224withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA3-256withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA3-384withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "SHA3-512withECDSAinP1363Format",
|
||||
- "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
|
||||
-
|
||||
- /*
|
||||
- * Key Pair Generator engine
|
||||
- */
|
||||
- putService(new ProviderService(this, "KeyPairGenerator",
|
||||
- "EC", "sun.security.ec.ECKeyPairGenerator",
|
||||
- List.of("EllipticCurve"), ATTRS));
|
||||
-
|
||||
- /*
|
||||
- * Key Agreement engine
|
||||
- */
|
||||
- putService(new ProviderService(this, "KeyAgreement",
|
||||
- "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
|
||||
+ if (!systemFipsEnabled) {
|
||||
+ /*
|
||||
+ * Signature engines
|
||||
+ */
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
|
||||
+ null, ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
|
||||
+ ATTRS));
|
||||
+
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "NONEwithECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$RawinP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA1withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA224withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA256withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA384withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA512withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
|
||||
+
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA3-224withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA3-256withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA3-384withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "SHA3-512withECDSAinP1363Format",
|
||||
+ "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
|
||||
+
|
||||
+ /*
|
||||
+ * Key Pair Generator engine
|
||||
+ */
|
||||
+ putService(new ProviderService(this, "KeyPairGenerator",
|
||||
+ "EC", "sun.security.ec.ECKeyPairGenerator",
|
||||
+ List.of("EllipticCurve"), ATTRS));
|
||||
+
|
||||
+ /*
|
||||
+ * Key Agreement engine
|
||||
+ */
|
||||
+ putService(new ProviderService(this, "KeyAgreement",
|
||||
+ "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
|
||||
+ }
|
||||
}
|
||||
|
||||
private void putXDHEntries() {
|
||||
@@ -344,23 +350,25 @@ public final class SunEC extends Provider {
|
||||
"X448", "sun.security.ec.XDHKeyFactory.X448",
|
||||
ATTRS));
|
||||
|
||||
- putService(new ProviderService(this, "KeyPairGenerator",
|
||||
- "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
- "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
- "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
|
||||
- ATTRS));
|
||||
-
|
||||
- putService(new ProviderService(this, "KeyAgreement",
|
||||
- "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyAgreement",
|
||||
- "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyAgreement",
|
||||
- "X448", "sun.security.ec.XDHKeyAgreement.X448",
|
||||
- ATTRS));
|
||||
+ if (!systemFipsEnabled) {
|
||||
+ putService(new ProviderService(this, "KeyPairGenerator",
|
||||
+ "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
+ "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
+ "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
|
||||
+ ATTRS));
|
||||
+
|
||||
+ putService(new ProviderService(this, "KeyAgreement",
|
||||
+ "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyAgreement",
|
||||
+ "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyAgreement",
|
||||
+ "X448", "sun.security.ec.XDHKeyAgreement.X448",
|
||||
+ ATTRS));
|
||||
+ }
|
||||
}
|
||||
|
||||
private void putEdDSAEntries() {
|
||||
@@ -375,21 +383,23 @@ public final class SunEC extends Provider {
|
||||
putService(new ProviderServiceA(this, "KeyFactory",
|
||||
"Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
|
||||
|
||||
- putService(new ProviderService(this, "KeyPairGenerator",
|
||||
- "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
- "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
|
||||
- ATTRS));
|
||||
- putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
- "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
|
||||
- ATTRS));
|
||||
-
|
||||
- putService(new ProviderService(this, "Signature",
|
||||
- "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
|
||||
- putService(new ProviderServiceA(this, "Signature",
|
||||
- "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
|
||||
+ if (!systemFipsEnabled) {
|
||||
+ putService(new ProviderService(this, "KeyPairGenerator",
|
||||
+ "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
+ "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
|
||||
+ ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "KeyPairGenerator",
|
||||
+ "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
|
||||
+ ATTRS));
|
||||
+
|
||||
+ putService(new ProviderService(this, "Signature",
|
||||
+ "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
|
||||
+ putService(new ProviderServiceA(this, "Signature",
|
||||
+ "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
|
||||
+ }
|
||||
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user