commit 6e74f283739af0d867df01d20f82865f559a45ea Author: Martin Balao Date: Mon Feb 28 04:58:05 2022 +0000 RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java index a020e1c15d8..6d459fdec01 100644 --- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -31,6 +31,7 @@ import java.security.SecureRandom; import java.security.PrivilegedAction; import java.util.HashMap; import java.util.List; +import jdk.internal.access.SharedSecrets; import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityProviderConstants.*; @@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*; public final class SunJCE extends Provider { + private static final boolean systemFipsEnabled = + SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + .isSystemFipsEnabled(); + @java.io.Serial private static final long serialVersionUID = 6812507587804302833L; @@ -143,285 +148,287 @@ public final class SunJCE extends Provider { void putEntries() { // reuse attribute map and reset before each reuse HashMap attrs = new HashMap<>(3); - attrs.put("SupportedModes", "ECB"); - attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" - + "|OAEPWITHMD5ANDMGF1PADDING" - + "|OAEPWITHSHA1ANDMGF1PADDING" - + "|OAEPWITHSHA-1ANDMGF1PADDING" - + "|OAEPWITHSHA-224ANDMGF1PADDING" - + "|OAEPWITHSHA-256ANDMGF1PADDING" - + "|OAEPWITHSHA-384ANDMGF1PADDING" - + "|OAEPWITHSHA-512ANDMGF1PADDING" - + "|OAEPWITHSHA-512/224ANDMGF1PADDING" - + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); - attrs.put("SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); - ps("Cipher", "RSA", - "com.sun.crypto.provider.RSACipher", null, attrs); - - // common block cipher modes, pads - final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + - "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + - "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; - final String BLOCK_MODES128 = BLOCK_MODES + - "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" + - "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; - final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; - - attrs.clear(); - attrs.put("SupportedModes", BLOCK_MODES); - attrs.put("SupportedPaddings", BLOCK_PADS); - attrs.put("SupportedKeyFormats", "RAW"); - ps("Cipher", "DES", - "com.sun.crypto.provider.DESCipher", null, attrs); - psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", - attrs); - ps("Cipher", "Blowfish", - "com.sun.crypto.provider.BlowfishCipher", null, attrs); - - ps("Cipher", "RC2", - "com.sun.crypto.provider.RC2Cipher", null, attrs); - - attrs.clear(); - attrs.put("SupportedModes", BLOCK_MODES128); - attrs.put("SupportedPaddings", BLOCK_PADS); - attrs.put("SupportedKeyFormats", "RAW"); - psA("Cipher", "AES", - "com.sun.crypto.provider.AESCipher$General", attrs); - - attrs.clear(); - attrs.put("SupportedKeyFormats", "RAW"); - psA("Cipher", "AES/KW/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding", - attrs); - ps("Cipher", "AES/KW/PKCS5Padding", - "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding", - null, attrs); - psA("Cipher", "AES/KWP/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding", - attrs); - - psA("Cipher", "AES_128/ECB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", - attrs); - psA("Cipher", "AES_128/CBC/NoPadding", - "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", - attrs); - psA("Cipher", "AES_128/OFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", - attrs); - psA("Cipher", "AES_128/CFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", - attrs); - psA("Cipher", "AES_128/KW/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding", - attrs); - ps("Cipher", "AES_128/KW/PKCS5Padding", - "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding", - null, attrs); - psA("Cipher", "AES_128/KWP/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding", - attrs); - - psA("Cipher", "AES_192/ECB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", - attrs); - psA("Cipher", "AES_192/CBC/NoPadding", - "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", - attrs); - psA("Cipher", "AES_192/OFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", - attrs); - psA("Cipher", "AES_192/CFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", - attrs); - psA("Cipher", "AES_192/KW/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding", - attrs); - ps("Cipher", "AES_192/KW/PKCS5Padding", - "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding", - null, attrs); - psA("Cipher", "AES_192/KWP/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding", - attrs); - - psA("Cipher", "AES_256/ECB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", - attrs); - psA("Cipher", "AES_256/CBC/NoPadding", - "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", - attrs); - psA("Cipher", "AES_256/OFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", - attrs); - psA("Cipher", "AES_256/CFB/NoPadding", - "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", - attrs); - psA("Cipher", "AES_256/KW/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding", - attrs); - ps("Cipher", "AES_256/KW/PKCS5Padding", - "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding", - null, attrs); - psA("Cipher", "AES_256/KWP/NoPadding", - "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding", - attrs); - - attrs.clear(); - attrs.put("SupportedModes", "GCM"); - attrs.put("SupportedKeyFormats", "RAW"); - - ps("Cipher", "AES/GCM/NoPadding", - "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null, - attrs); - psA("Cipher", "AES_128/GCM/NoPadding", - "com.sun.crypto.provider.GaloisCounterMode$AES128", - attrs); - psA("Cipher", "AES_192/GCM/NoPadding", - "com.sun.crypto.provider.GaloisCounterMode$AES192", - attrs); - psA("Cipher", "AES_256/GCM/NoPadding", - "com.sun.crypto.provider.GaloisCounterMode$AES256", - attrs); - - attrs.clear(); - attrs.put("SupportedModes", "CBC"); - attrs.put("SupportedPaddings", "NOPADDING"); - attrs.put("SupportedKeyFormats", "RAW"); - ps("Cipher", "DESedeWrap", - "com.sun.crypto.provider.DESedeWrapCipher", null, attrs); - - attrs.clear(); - attrs.put("SupportedModes", "ECB"); - attrs.put("SupportedPaddings", "NOPADDING"); - attrs.put("SupportedKeyFormats", "RAW"); - psA("Cipher", "ARCFOUR", - "com.sun.crypto.provider.ARCFOURCipher", attrs); - - attrs.clear(); - attrs.put("SupportedKeyFormats", "RAW"); - ps("Cipher", "ChaCha20", - "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only", - null, attrs); - psA("Cipher", "ChaCha20-Poly1305", - "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305", - attrs); - - // PBES1 - psA("Cipher", "PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEWithMD5AndDESCipher", - null); - ps("Cipher", "PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); - psA("Cipher", "PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", - null); - psA("Cipher", "PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", - null); - psA("Cipher", "PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", - null); - psA("Cipher", "PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", - null); - - psA("Cipher", "PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", - null); - - // PBES2 - ps("Cipher", "PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128"); - - ps("Cipher", "PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128"); - - ps("Cipher", "PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128"); - - ps("Cipher", "PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128"); - - ps("Cipher", "PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128"); - - ps("Cipher", "PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); - - ps("Cipher", "PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256"); - - ps("Cipher", "PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256"); - - ps("Cipher", "PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256"); - - ps("Cipher", "PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256"); - - /* - * Key(pair) Generator engines - */ - ps("KeyGenerator", "DES", - "com.sun.crypto.provider.DESKeyGenerator"); - psA("KeyGenerator", "DESede", - "com.sun.crypto.provider.DESedeKeyGenerator", - null); - ps("KeyGenerator", "Blowfish", - "com.sun.crypto.provider.BlowfishKeyGenerator"); - psA("KeyGenerator", "AES", - "com.sun.crypto.provider.AESKeyGenerator", - null); - ps("KeyGenerator", "RC2", - "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator"); - psA("KeyGenerator", "ARCFOUR", - "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", - null); - ps("KeyGenerator", "ChaCha20", - "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator"); - ps("KeyGenerator", "HmacMD5", - "com.sun.crypto.provider.HmacMD5KeyGenerator"); - - psA("KeyGenerator", "HmacSHA1", - "com.sun.crypto.provider.HmacSHA1KeyGenerator", null); - psA("KeyGenerator", "HmacSHA224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224", - null); - psA("KeyGenerator", "HmacSHA256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256", - null); - psA("KeyGenerator", "HmacSHA384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384", - null); - psA("KeyGenerator", "HmacSHA512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512", - null); - psA("KeyGenerator", "HmacSHA512/224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224", - null); - psA("KeyGenerator", "HmacSHA512/256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256", - null); - - psA("KeyGenerator", "HmacSHA3-224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224", - null); - psA("KeyGenerator", "HmacSHA3-256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256", - null); - psA("KeyGenerator", "HmacSHA3-384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384", - null); - psA("KeyGenerator", "HmacSHA3-512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512", - null); - - psA("KeyPairGenerator", "DiffieHellman", - "com.sun.crypto.provider.DHKeyPairGenerator", - null); + if (!systemFipsEnabled) { + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" + + "|OAEPWITHMD5ANDMGF1PADDING" + + "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + ps("Cipher", "RSA", + "com.sun.crypto.provider.RSACipher", null, attrs); + + // common block cipher modes, pads + final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; + final String BLOCK_MODES128 = BLOCK_MODES + + "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" + + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; + final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; + + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DES", + "com.sun.crypto.provider.DESCipher", null, attrs); + psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", + attrs); + ps("Cipher", "Blowfish", + "com.sun.crypto.provider.BlowfishCipher", null, attrs); + + ps("Cipher", "RC2", + "com.sun.crypto.provider.RC2Cipher", null, attrs); + + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES128); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + psA("Cipher", "AES", + "com.sun.crypto.provider.AESCipher$General", attrs); + + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + psA("Cipher", "AES/KW/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding", + attrs); + ps("Cipher", "AES/KW/PKCS5Padding", + "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding", + null, attrs); + psA("Cipher", "AES/KWP/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding", + attrs); + + psA("Cipher", "AES_128/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", + attrs); + psA("Cipher", "AES_128/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", + attrs); + psA("Cipher", "AES_128/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", + attrs); + psA("Cipher", "AES_128/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", + attrs); + psA("Cipher", "AES_128/KW/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding", + attrs); + ps("Cipher", "AES_128/KW/PKCS5Padding", + "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding", + null, attrs); + psA("Cipher", "AES_128/KWP/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding", + attrs); + + psA("Cipher", "AES_192/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", + attrs); + psA("Cipher", "AES_192/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", + attrs); + psA("Cipher", "AES_192/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", + attrs); + psA("Cipher", "AES_192/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", + attrs); + psA("Cipher", "AES_192/KW/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding", + attrs); + ps("Cipher", "AES_192/KW/PKCS5Padding", + "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding", + null, attrs); + psA("Cipher", "AES_192/KWP/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding", + attrs); + + psA("Cipher", "AES_256/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", + attrs); + psA("Cipher", "AES_256/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", + attrs); + psA("Cipher", "AES_256/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", + attrs); + psA("Cipher", "AES_256/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", + attrs); + psA("Cipher", "AES_256/KW/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding", + attrs); + ps("Cipher", "AES_256/KW/PKCS5Padding", + "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding", + null, attrs); + psA("Cipher", "AES_256/KWP/NoPadding", + "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding", + attrs); + + attrs.clear(); + attrs.put("SupportedModes", "GCM"); + attrs.put("SupportedKeyFormats", "RAW"); + + ps("Cipher", "AES/GCM/NoPadding", + "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null, + attrs); + psA("Cipher", "AES_128/GCM/NoPadding", + "com.sun.crypto.provider.GaloisCounterMode$AES128", + attrs); + psA("Cipher", "AES_192/GCM/NoPadding", + "com.sun.crypto.provider.GaloisCounterMode$AES192", + attrs); + psA("Cipher", "AES_256/GCM/NoPadding", + "com.sun.crypto.provider.GaloisCounterMode$AES256", + attrs); + + attrs.clear(); + attrs.put("SupportedModes", "CBC"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DESedeWrap", + "com.sun.crypto.provider.DESedeWrapCipher", null, attrs); + + attrs.clear(); + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + psA("Cipher", "ARCFOUR", + "com.sun.crypto.provider.ARCFOURCipher", attrs); + + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "ChaCha20", + "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only", + null, attrs); + psA("Cipher", "ChaCha20-Poly1305", + "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305", + attrs); + + // PBES1 + psA("Cipher", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEWithMD5AndDESCipher", + null); + ps("Cipher", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); + psA("Cipher", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", + null); + psA("Cipher", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", + null); + psA("Cipher", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", + null); + psA("Cipher", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", + null); + + psA("Cipher", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", + null); + + // PBES2 + ps("Cipher", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128"); + + ps("Cipher", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128"); + + ps("Cipher", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128"); + + ps("Cipher", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128"); + + ps("Cipher", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128"); + + ps("Cipher", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); + + ps("Cipher", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256"); + + ps("Cipher", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256"); + + ps("Cipher", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256"); + + ps("Cipher", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256"); + + /* + * Key(pair) Generator engines + */ + ps("KeyGenerator", "DES", + "com.sun.crypto.provider.DESKeyGenerator"); + psA("KeyGenerator", "DESede", + "com.sun.crypto.provider.DESedeKeyGenerator", + null); + ps("KeyGenerator", "Blowfish", + "com.sun.crypto.provider.BlowfishKeyGenerator"); + psA("KeyGenerator", "AES", + "com.sun.crypto.provider.AESKeyGenerator", + null); + ps("KeyGenerator", "RC2", + "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator"); + psA("KeyGenerator", "ARCFOUR", + "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", + null); + ps("KeyGenerator", "ChaCha20", + "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator"); + ps("KeyGenerator", "HmacMD5", + "com.sun.crypto.provider.HmacMD5KeyGenerator"); + + psA("KeyGenerator", "HmacSHA1", + "com.sun.crypto.provider.HmacSHA1KeyGenerator", null); + psA("KeyGenerator", "HmacSHA224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224", + null); + psA("KeyGenerator", "HmacSHA256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256", + null); + psA("KeyGenerator", "HmacSHA384", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384", + null); + psA("KeyGenerator", "HmacSHA512", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512", + null); + psA("KeyGenerator", "HmacSHA512/224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224", + null); + psA("KeyGenerator", "HmacSHA512/256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256", + null); + + psA("KeyGenerator", "HmacSHA3-224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224", + null); + psA("KeyGenerator", "HmacSHA3-256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256", + null); + psA("KeyGenerator", "HmacSHA3-384", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384", + null); + psA("KeyGenerator", "HmacSHA3-512", + "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512", + null); + + psA("KeyPairGenerator", "DiffieHellman", + "com.sun.crypto.provider.DHKeyPairGenerator", + null); + } /* * Algorithm parameter generation engines @@ -430,15 +437,17 @@ public final class SunJCE extends Provider { "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", null); - /* - * Key Agreement engines - */ - attrs.clear(); - attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + - "|javax.crypto.interfaces.DHPrivateKey"); - psA("KeyAgreement", "DiffieHellman", - "com.sun.crypto.provider.DHKeyAgreement", - attrs); + if (!systemFipsEnabled) { + /* + * Key Agreement engines + */ + attrs.clear(); + attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + + "|javax.crypto.interfaces.DHPrivateKey"); + psA("KeyAgreement", "DiffieHellman", + "com.sun.crypto.provider.DHKeyAgreement", + attrs); + } /* * Algorithm Parameter engines @@ -531,197 +540,199 @@ public final class SunJCE extends Provider { psA("AlgorithmParameters", "ChaCha20-Poly1305", "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null); - /* - * Key factories - */ - psA("KeyFactory", "DiffieHellman", - "com.sun.crypto.provider.DHKeyFactory", - null); - - /* - * Secret-key factories - */ - ps("SecretKeyFactory", "DES", - "com.sun.crypto.provider.DESKeyFactory"); - - psA("SecretKeyFactory", "DESede", - "com.sun.crypto.provider.DESedeKeyFactory", null); - - psA("SecretKeyFactory", "PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", - null); - - /* - * Internal in-house crypto algorithm used for - * the JCEKS keystore type. Since this was developed - * internally, there isn't an OID corresponding to this - * algorithm. - */ - ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES"); - - psA("SecretKeyFactory", "PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", - null); - - psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", - null); - - psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", - null); - - psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", - null); - - psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", - null); - - ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128"); - - ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128"); - - ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128"); - - ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128"); - - ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); - - ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); - - ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256"); - - ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256"); - - ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256"); - - ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256"); - - // PBKDF2 - psA("SecretKeyFactory", "PBKDF2WithHmacSHA1", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", - null); - ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA224"); - ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA256"); - ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); - ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); - - /* - * MAC - */ - attrs.clear(); - attrs.put("SupportedKeyFormats", "RAW"); - ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); - psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", - attrs); - psA("Mac", "HmacSHA224", - "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs); - psA("Mac", "HmacSHA256", - "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs); - psA("Mac", "HmacSHA384", - "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs); - psA("Mac", "HmacSHA512", - "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs); - psA("Mac", "HmacSHA512/224", - "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs); - psA("Mac", "HmacSHA512/256", - "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs); - psA("Mac", "HmacSHA3-224", - "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs); - psA("Mac", "HmacSHA3-256", - "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs); - psA("Mac", "HmacSHA3-384", - "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs); - psA("Mac", "HmacSHA3-512", - "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs); - - ps("Mac", "HmacPBESHA1", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1", - null, attrs); - ps("Mac", "HmacPBESHA224", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224", - null, attrs); - ps("Mac", "HmacPBESHA256", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256", - null, attrs); - ps("Mac", "HmacPBESHA384", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384", - null, attrs); - ps("Mac", "HmacPBESHA512", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512", - null, attrs); - ps("Mac", "HmacPBESHA512/224", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224", - null, attrs); - ps("Mac", "HmacPBESHA512/256", - "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256", - null, attrs); - - - // PBMAC1 - ps("Mac", "PBEWithHmacSHA1", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); - ps("Mac", "PBEWithHmacSHA224", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs); - ps("Mac", "PBEWithHmacSHA256", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs); - ps("Mac", "PBEWithHmacSHA384", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); - ps("Mac", "PBEWithHmacSHA512", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); - ps("Mac", "SslMacMD5", - "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); - ps("Mac", "SslMacSHA1", - "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs); - - /* - * KeyStore - */ - ps("KeyStore", "JCEKS", - "com.sun.crypto.provider.JceKeyStore"); - - /* - * SSL/TLS mechanisms - * - * These are strictly internal implementations and may - * be changed at any time. These names were chosen - * because PKCS11/SunPKCS11 does not yet have TLS1.2 - * mechanisms, and it will cause calls to come here. - */ - ps("KeyGenerator", "SunTlsPrf", - "com.sun.crypto.provider.TlsPrfGenerator$V10"); - ps("KeyGenerator", "SunTls12Prf", - "com.sun.crypto.provider.TlsPrfGenerator$V12"); - - ps("KeyGenerator", "SunTlsMasterSecret", - "com.sun.crypto.provider.TlsMasterSecretGenerator", - List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"), - null); - - ps("KeyGenerator", "SunTlsKeyMaterial", - "com.sun.crypto.provider.TlsKeyMaterialGenerator", - List.of("SunTls12KeyMaterial"), null); - - ps("KeyGenerator", "SunTlsRsaPremasterSecret", - "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", - List.of("SunTls12RsaPremasterSecret"), null); + if (!systemFipsEnabled) { + /* + * Key factories + */ + psA("KeyFactory", "DiffieHellman", + "com.sun.crypto.provider.DHKeyFactory", + null); + + /* + * Secret-key factories + */ + ps("SecretKeyFactory", "DES", + "com.sun.crypto.provider.DESKeyFactory"); + + psA("SecretKeyFactory", "DESede", + "com.sun.crypto.provider.DESedeKeyFactory", null); + + psA("SecretKeyFactory", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", + null); + + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES"); + + psA("SecretKeyFactory", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", + null); + + psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", + null); + + psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", + null); + + psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", + null); + + psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", + null); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256"); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256"); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256"); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256"); + + // PBKDF2 + psA("SecretKeyFactory", "PBKDF2WithHmacSHA1", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", + null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA224"); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA256"); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); + + /* + * MAC + */ + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); + psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", + attrs); + psA("Mac", "HmacSHA224", + "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs); + psA("Mac", "HmacSHA256", + "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs); + psA("Mac", "HmacSHA384", + "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs); + psA("Mac", "HmacSHA512", + "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs); + psA("Mac", "HmacSHA512/224", + "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs); + psA("Mac", "HmacSHA512/256", + "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs); + psA("Mac", "HmacSHA3-224", + "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs); + psA("Mac", "HmacSHA3-256", + "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs); + psA("Mac", "HmacSHA3-384", + "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs); + psA("Mac", "HmacSHA3-512", + "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs); + + ps("Mac", "HmacPBESHA1", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1", + null, attrs); + ps("Mac", "HmacPBESHA224", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224", + null, attrs); + ps("Mac", "HmacPBESHA256", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256", + null, attrs); + ps("Mac", "HmacPBESHA384", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384", + null, attrs); + ps("Mac", "HmacPBESHA512", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512", + null, attrs); + ps("Mac", "HmacPBESHA512/224", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224", + null, attrs); + ps("Mac", "HmacPBESHA512/256", + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256", + null, attrs); + + + // PBMAC1 + ps("Mac", "PBEWithHmacSHA1", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); + ps("Mac", "PBEWithHmacSHA224", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs); + ps("Mac", "PBEWithHmacSHA256", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs); + ps("Mac", "PBEWithHmacSHA384", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); + ps("Mac", "PBEWithHmacSHA512", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); + ps("Mac", "SslMacMD5", + "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); + ps("Mac", "SslMacSHA1", + "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs); + + /* + * KeyStore + */ + ps("KeyStore", "JCEKS", + "com.sun.crypto.provider.JceKeyStore"); + + /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may + * be changed at any time. These names were chosen + * because PKCS11/SunPKCS11 does not yet have TLS1.2 + * mechanisms, and it will cause calls to come here. + */ + ps("KeyGenerator", "SunTlsPrf", + "com.sun.crypto.provider.TlsPrfGenerator$V10"); + ps("KeyGenerator", "SunTls12Prf", + "com.sun.crypto.provider.TlsPrfGenerator$V12"); + + ps("KeyGenerator", "SunTlsMasterSecret", + "com.sun.crypto.provider.TlsMasterSecretGenerator", + List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"), + null); + + ps("KeyGenerator", "SunTlsKeyMaterial", + "com.sun.crypto.provider.TlsKeyMaterialGenerator", + List.of("SunTls12KeyMaterial"), null); + + ps("KeyGenerator", "SunTlsRsaPremasterSecret", + "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", + List.of("SunTls12RsaPremasterSecret"), null); + } } // Return the instance of this class or create one if needed. diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java index 7cb5ebcde51..709d32912ca 100644 --- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -193,20 +193,22 @@ public final class SunEntries { String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); + } - /* - * Algorithm Parameter Generator engines - */ - addWithAlias(p, "AlgorithmParameterGenerator", "DSA", - "sun.security.provider.DSAParameterGenerator", attrs); - attrs.remove("KeySize"); + /* + * Algorithm Parameter Generator engines + */ + addWithAlias(p, "AlgorithmParameterGenerator", "DSA", + "sun.security.provider.DSAParameterGenerator", attrs); + attrs.remove("KeySize"); - /* - * Algorithm Parameter engines - */ - addWithAlias(p, "AlgorithmParameters", "DSA", - "sun.security.provider.DSAParameters", attrs); + /* + * Algorithm Parameter engines + */ + addWithAlias(p, "AlgorithmParameters", "DSA", + "sun.security.provider.DSAParameters", attrs); + if (!systemFipsEnabled) { /* * Key factories */ diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java index ca79f25cc44..16c5ad2e227 100644 --- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java +++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java @@ -27,6 +27,7 @@ package sun.security.rsa; import java.util.*; import java.security.Provider; +import jdk.internal.access.SharedSecrets; import static sun.security.util.SecurityProviderConstants.getAliases; /** @@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases; */ public final class SunRsaSignEntries { + private static final boolean systemFipsEnabled = + SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + .isSystemFipsEnabled(); + private void add(Provider p, String type, String algo, String cn, List aliases, HashMap attrs) { services.add(new Provider.Service(p, type, algo, cn, @@ -56,49 +61,52 @@ public final class SunRsaSignEntries { // start populating content using the specified provider // common attribute map HashMap attrs = new HashMap<>(3); - attrs.put("SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); + if (!systemFipsEnabled) { + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + + add(p, "KeyFactory", "RSA", + "sun.security.rsa.RSAKeyFactory$Legacy", + getAliases("PKCS1"), null); + add(p, "KeyPairGenerator", "RSA", + "sun.security.rsa.RSAKeyPairGenerator$Legacy", + getAliases("PKCS1"), null); + addA(p, "Signature", "MD2withRSA", + "sun.security.rsa.RSASignature$MD2withRSA", attrs); + addA(p, "Signature", "MD5withRSA", + "sun.security.rsa.RSASignature$MD5withRSA", attrs); + addA(p, "Signature", "SHA1withRSA", + "sun.security.rsa.RSASignature$SHA1withRSA", attrs); + addA(p, "Signature", "SHA224withRSA", + "sun.security.rsa.RSASignature$SHA224withRSA", attrs); + addA(p, "Signature", "SHA256withRSA", + "sun.security.rsa.RSASignature$SHA256withRSA", attrs); + addA(p, "Signature", "SHA384withRSA", + "sun.security.rsa.RSASignature$SHA384withRSA", attrs); + addA(p, "Signature", "SHA512withRSA", + "sun.security.rsa.RSASignature$SHA512withRSA", attrs); + addA(p, "Signature", "SHA512/224withRSA", + "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs); + addA(p, "Signature", "SHA512/256withRSA", + "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs); + addA(p, "Signature", "SHA3-224withRSA", + "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs); + addA(p, "Signature", "SHA3-256withRSA", + "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs); + addA(p, "Signature", "SHA3-384withRSA", + "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs); + addA(p, "Signature", "SHA3-512withRSA", + "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs); - add(p, "KeyFactory", "RSA", - "sun.security.rsa.RSAKeyFactory$Legacy", - getAliases("PKCS1"), null); - add(p, "KeyPairGenerator", "RSA", - "sun.security.rsa.RSAKeyPairGenerator$Legacy", - getAliases("PKCS1"), null); - addA(p, "Signature", "MD2withRSA", - "sun.security.rsa.RSASignature$MD2withRSA", attrs); - addA(p, "Signature", "MD5withRSA", - "sun.security.rsa.RSASignature$MD5withRSA", attrs); - addA(p, "Signature", "SHA1withRSA", - "sun.security.rsa.RSASignature$SHA1withRSA", attrs); - addA(p, "Signature", "SHA224withRSA", - "sun.security.rsa.RSASignature$SHA224withRSA", attrs); - addA(p, "Signature", "SHA256withRSA", - "sun.security.rsa.RSASignature$SHA256withRSA", attrs); - addA(p, "Signature", "SHA384withRSA", - "sun.security.rsa.RSASignature$SHA384withRSA", attrs); - addA(p, "Signature", "SHA512withRSA", - "sun.security.rsa.RSASignature$SHA512withRSA", attrs); - addA(p, "Signature", "SHA512/224withRSA", - "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs); - addA(p, "Signature", "SHA512/256withRSA", - "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs); - addA(p, "Signature", "SHA3-224withRSA", - "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs); - addA(p, "Signature", "SHA3-256withRSA", - "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs); - addA(p, "Signature", "SHA3-384withRSA", - "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs); - addA(p, "Signature", "SHA3-512withRSA", - "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs); + addA(p, "KeyFactory", "RSASSA-PSS", + "sun.security.rsa.RSAKeyFactory$PSS", attrs); + addA(p, "KeyPairGenerator", "RSASSA-PSS", + "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs); + addA(p, "Signature", "RSASSA-PSS", + "sun.security.rsa.RSAPSSSignature", attrs); + } - addA(p, "KeyFactory", "RSASSA-PSS", - "sun.security.rsa.RSAKeyFactory$PSS", attrs); - addA(p, "KeyPairGenerator", "RSASSA-PSS", - "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs); - addA(p, "Signature", "RSASSA-PSS", - "sun.security.rsa.RSAPSSSignature", attrs); addA(p, "AlgorithmParameters", "RSASSA-PSS", "sun.security.rsa.PSSParameters", null); } diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security index 3a322854204..5a355e70cae 100644 --- openjdk.orig/src/java.base/share/conf/security/java.security +++ openjdk/src/java.base/share/conf/security/java.security @@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg fips.provider.2=SUN fips.provider.3=SunEC fips.provider.4=SunJSSE +fips.provider.5=SunJCE +fips.provider.6=SunRsaSign # # A list of preferred providers for specific algorithms. These providers will