java-17-openjdk/SOURCES/rh2052070-enable_algorithmparameters_in_fips_mode.patch
2022-04-20 12:22:31 +00:00

1183 lines
54 KiB
Diff

commit 6e74f283739af0d867df01d20f82865f559a45ea
Author: Martin Balao <mbalao@redhat.com>
Date: Mon Feb 28 04:58:05 2022 +0000
RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
index a020e1c15d8..6d459fdec01 100644
--- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.List;
+import jdk.internal.access.SharedSecrets;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.*;
@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*;
public final class SunJCE extends Provider {
+ private static final boolean systemFipsEnabled =
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled();
+
@java.io.Serial
private static final long serialVersionUID = 6812507587804302833L;
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
void putEntries() {
// reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3);
- attrs.put("SupportedModes", "ECB");
- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
- + "|OAEPWITHMD5ANDMGF1PADDING"
- + "|OAEPWITHSHA1ANDMGF1PADDING"
- + "|OAEPWITHSHA-1ANDMGF1PADDING"
- + "|OAEPWITHSHA-224ANDMGF1PADDING"
- + "|OAEPWITHSHA-256ANDMGF1PADDING"
- + "|OAEPWITHSHA-384ANDMGF1PADDING"
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
- ps("Cipher", "RSA",
- "com.sun.crypto.provider.RSACipher", null, attrs);
-
- // common block cipher modes, pads
- final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
- "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
- "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
- final String BLOCK_MODES128 = BLOCK_MODES +
- "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
- "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
- final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
-
- attrs.clear();
- attrs.put("SupportedModes", BLOCK_MODES);
- attrs.put("SupportedPaddings", BLOCK_PADS);
- attrs.put("SupportedKeyFormats", "RAW");
- ps("Cipher", "DES",
- "com.sun.crypto.provider.DESCipher", null, attrs);
- psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
- attrs);
- ps("Cipher", "Blowfish",
- "com.sun.crypto.provider.BlowfishCipher", null, attrs);
-
- ps("Cipher", "RC2",
- "com.sun.crypto.provider.RC2Cipher", null, attrs);
-
- attrs.clear();
- attrs.put("SupportedModes", BLOCK_MODES128);
- attrs.put("SupportedPaddings", BLOCK_PADS);
- attrs.put("SupportedKeyFormats", "RAW");
- psA("Cipher", "AES",
- "com.sun.crypto.provider.AESCipher$General", attrs);
-
- attrs.clear();
- attrs.put("SupportedKeyFormats", "RAW");
- psA("Cipher", "AES/KW/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
- attrs);
- ps("Cipher", "AES/KW/PKCS5Padding",
- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
- null, attrs);
- psA("Cipher", "AES/KWP/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
- attrs);
-
- psA("Cipher", "AES_128/ECB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
- attrs);
- psA("Cipher", "AES_128/CBC/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
- attrs);
- psA("Cipher", "AES_128/OFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
- attrs);
- psA("Cipher", "AES_128/CFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
- attrs);
- psA("Cipher", "AES_128/KW/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
- attrs);
- ps("Cipher", "AES_128/KW/PKCS5Padding",
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
- null, attrs);
- psA("Cipher", "AES_128/KWP/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
- attrs);
-
- psA("Cipher", "AES_192/ECB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
- attrs);
- psA("Cipher", "AES_192/CBC/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
- attrs);
- psA("Cipher", "AES_192/OFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
- attrs);
- psA("Cipher", "AES_192/CFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
- attrs);
- psA("Cipher", "AES_192/KW/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
- attrs);
- ps("Cipher", "AES_192/KW/PKCS5Padding",
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
- null, attrs);
- psA("Cipher", "AES_192/KWP/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
- attrs);
-
- psA("Cipher", "AES_256/ECB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
- attrs);
- psA("Cipher", "AES_256/CBC/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
- attrs);
- psA("Cipher", "AES_256/OFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
- attrs);
- psA("Cipher", "AES_256/CFB/NoPadding",
- "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
- attrs);
- psA("Cipher", "AES_256/KW/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
- attrs);
- ps("Cipher", "AES_256/KW/PKCS5Padding",
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
- null, attrs);
- psA("Cipher", "AES_256/KWP/NoPadding",
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
- attrs);
-
- attrs.clear();
- attrs.put("SupportedModes", "GCM");
- attrs.put("SupportedKeyFormats", "RAW");
-
- ps("Cipher", "AES/GCM/NoPadding",
- "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
- attrs);
- psA("Cipher", "AES_128/GCM/NoPadding",
- "com.sun.crypto.provider.GaloisCounterMode$AES128",
- attrs);
- psA("Cipher", "AES_192/GCM/NoPadding",
- "com.sun.crypto.provider.GaloisCounterMode$AES192",
- attrs);
- psA("Cipher", "AES_256/GCM/NoPadding",
- "com.sun.crypto.provider.GaloisCounterMode$AES256",
- attrs);
-
- attrs.clear();
- attrs.put("SupportedModes", "CBC");
- attrs.put("SupportedPaddings", "NOPADDING");
- attrs.put("SupportedKeyFormats", "RAW");
- ps("Cipher", "DESedeWrap",
- "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
-
- attrs.clear();
- attrs.put("SupportedModes", "ECB");
- attrs.put("SupportedPaddings", "NOPADDING");
- attrs.put("SupportedKeyFormats", "RAW");
- psA("Cipher", "ARCFOUR",
- "com.sun.crypto.provider.ARCFOURCipher", attrs);
-
- attrs.clear();
- attrs.put("SupportedKeyFormats", "RAW");
- ps("Cipher", "ChaCha20",
- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
- null, attrs);
- psA("Cipher", "ChaCha20-Poly1305",
- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
- attrs);
-
- // PBES1
- psA("Cipher", "PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
- null);
- ps("Cipher", "PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
- psA("Cipher", "PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
- null);
- psA("Cipher", "PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
- null);
- psA("Cipher", "PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
- null);
- psA("Cipher", "PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
- null);
-
- psA("Cipher", "PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
- null);
-
- // PBES2
- ps("Cipher", "PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
-
- ps("Cipher", "PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
-
- ps("Cipher", "PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
-
- ps("Cipher", "PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
-
- ps("Cipher", "PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
-
- ps("Cipher", "PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
-
- ps("Cipher", "PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
-
- ps("Cipher", "PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
-
- ps("Cipher", "PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
-
- ps("Cipher", "PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
-
- /*
- * Key(pair) Generator engines
- */
- ps("KeyGenerator", "DES",
- "com.sun.crypto.provider.DESKeyGenerator");
- psA("KeyGenerator", "DESede",
- "com.sun.crypto.provider.DESedeKeyGenerator",
- null);
- ps("KeyGenerator", "Blowfish",
- "com.sun.crypto.provider.BlowfishKeyGenerator");
- psA("KeyGenerator", "AES",
- "com.sun.crypto.provider.AESKeyGenerator",
- null);
- ps("KeyGenerator", "RC2",
- "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
- psA("KeyGenerator", "ARCFOUR",
- "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
- null);
- ps("KeyGenerator", "ChaCha20",
- "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
- ps("KeyGenerator", "HmacMD5",
- "com.sun.crypto.provider.HmacMD5KeyGenerator");
-
- psA("KeyGenerator", "HmacSHA1",
- "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
- psA("KeyGenerator", "HmacSHA224",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
- null);
- psA("KeyGenerator", "HmacSHA256",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
- null);
- psA("KeyGenerator", "HmacSHA384",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
- null);
- psA("KeyGenerator", "HmacSHA512",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
- null);
- psA("KeyGenerator", "HmacSHA512/224",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
- null);
- psA("KeyGenerator", "HmacSHA512/256",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
- null);
-
- psA("KeyGenerator", "HmacSHA3-224",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
- null);
- psA("KeyGenerator", "HmacSHA3-256",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
- null);
- psA("KeyGenerator", "HmacSHA3-384",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
- null);
- psA("KeyGenerator", "HmacSHA3-512",
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
- null);
-
- psA("KeyPairGenerator", "DiffieHellman",
- "com.sun.crypto.provider.DHKeyPairGenerator",
- null);
+ if (!systemFipsEnabled) {
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Cipher", "RSA",
+ "com.sun.crypto.provider.RSACipher", null, attrs);
+
+ // common block cipher modes, pads
+ final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
+ "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
+ "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
+ final String BLOCK_MODES128 = BLOCK_MODES +
+ "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
+ "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
+ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
+
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DES",
+ "com.sun.crypto.provider.DESCipher", null, attrs);
+ psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+ attrs);
+ ps("Cipher", "Blowfish",
+ "com.sun.crypto.provider.BlowfishCipher", null, attrs);
+
+ ps("Cipher", "RC2",
+ "com.sun.crypto.provider.RC2Cipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", BLOCK_MODES128);
+ attrs.put("SupportedPaddings", BLOCK_PADS);
+ attrs.put("SupportedKeyFormats", "RAW");
+ psA("Cipher", "AES",
+ "com.sun.crypto.provider.AESCipher$General", attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ psA("Cipher", "AES/KW/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
+ attrs);
+ ps("Cipher", "AES/KW/PKCS5Padding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
+ null, attrs);
+ psA("Cipher", "AES/KWP/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
+ attrs);
+
+ psA("Cipher", "AES_128/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_128/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+ attrs);
+ psA("Cipher", "AES_128/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_128/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_128/KW/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
+ attrs);
+ ps("Cipher", "AES_128/KW/PKCS5Padding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
+ null, attrs);
+ psA("Cipher", "AES_128/KWP/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
+ attrs);
+
+ psA("Cipher", "AES_192/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_192/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+ attrs);
+ psA("Cipher", "AES_192/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_192/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_192/KW/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
+ attrs);
+ ps("Cipher", "AES_192/KW/PKCS5Padding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
+ null, attrs);
+ psA("Cipher", "AES_192/KWP/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
+ attrs);
+
+ psA("Cipher", "AES_256/ECB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_256/CBC/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+ attrs);
+ psA("Cipher", "AES_256/OFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_256/CFB/NoPadding",
+ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+ attrs);
+ psA("Cipher", "AES_256/KW/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
+ attrs);
+ ps("Cipher", "AES_256/KW/PKCS5Padding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
+ null, attrs);
+ psA("Cipher", "AES_256/KWP/NoPadding",
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
+ attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "GCM");
+ attrs.put("SupportedKeyFormats", "RAW");
+
+ ps("Cipher", "AES/GCM/NoPadding",
+ "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
+ attrs);
+ psA("Cipher", "AES_128/GCM/NoPadding",
+ "com.sun.crypto.provider.GaloisCounterMode$AES128",
+ attrs);
+ psA("Cipher", "AES_192/GCM/NoPadding",
+ "com.sun.crypto.provider.GaloisCounterMode$AES192",
+ attrs);
+ psA("Cipher", "AES_256/GCM/NoPadding",
+ "com.sun.crypto.provider.GaloisCounterMode$AES256",
+ attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "CBC");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "DESedeWrap",
+ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
+
+ attrs.clear();
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING");
+ attrs.put("SupportedKeyFormats", "RAW");
+ psA("Cipher", "ARCFOUR",
+ "com.sun.crypto.provider.ARCFOURCipher", attrs);
+
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Cipher", "ChaCha20",
+ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
+ null, attrs);
+ psA("Cipher", "ChaCha20-Poly1305",
+ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
+ attrs);
+
+ // PBES1
+ psA("Cipher", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+ null);
+ ps("Cipher", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+ psA("Cipher", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+ null);
+ psA("Cipher", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+ null);
+ psA("Cipher", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+ null);
+ psA("Cipher", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+ null);
+
+ psA("Cipher", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+ null);
+
+ // PBES2
+ ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
+
+ ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+ ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
+
+ ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
+
+ ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
+
+ ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
+
+ /*
+ * Key(pair) Generator engines
+ */
+ ps("KeyGenerator", "DES",
+ "com.sun.crypto.provider.DESKeyGenerator");
+ psA("KeyGenerator", "DESede",
+ "com.sun.crypto.provider.DESedeKeyGenerator",
+ null);
+ ps("KeyGenerator", "Blowfish",
+ "com.sun.crypto.provider.BlowfishKeyGenerator");
+ psA("KeyGenerator", "AES",
+ "com.sun.crypto.provider.AESKeyGenerator",
+ null);
+ ps("KeyGenerator", "RC2",
+ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
+ psA("KeyGenerator", "ARCFOUR",
+ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+ null);
+ ps("KeyGenerator", "ChaCha20",
+ "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
+ ps("KeyGenerator", "HmacMD5",
+ "com.sun.crypto.provider.HmacMD5KeyGenerator");
+
+ psA("KeyGenerator", "HmacSHA1",
+ "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
+ psA("KeyGenerator", "HmacSHA224",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
+ null);
+ psA("KeyGenerator", "HmacSHA256",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
+ null);
+ psA("KeyGenerator", "HmacSHA384",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
+ null);
+ psA("KeyGenerator", "HmacSHA512",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
+ null);
+ psA("KeyGenerator", "HmacSHA512/224",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
+ null);
+ psA("KeyGenerator", "HmacSHA512/256",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
+ null);
+
+ psA("KeyGenerator", "HmacSHA3-224",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
+ null);
+ psA("KeyGenerator", "HmacSHA3-256",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
+ null);
+ psA("KeyGenerator", "HmacSHA3-384",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
+ null);
+ psA("KeyGenerator", "HmacSHA3-512",
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
+ null);
+
+ psA("KeyPairGenerator", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyPairGenerator",
+ null);
+ }
/*
* Algorithm parameter generation engines
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
null);
- /*
- * Key Agreement engines
- */
- attrs.clear();
- attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
- "|javax.crypto.interfaces.DHPrivateKey");
- psA("KeyAgreement", "DiffieHellman",
- "com.sun.crypto.provider.DHKeyAgreement",
- attrs);
+ if (!systemFipsEnabled) {
+ /*
+ * Key Agreement engines
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+ "|javax.crypto.interfaces.DHPrivateKey");
+ psA("KeyAgreement", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyAgreement",
+ attrs);
+ }
/*
* Algorithm Parameter engines
@@ -531,197 +540,199 @@ public final class SunJCE extends Provider {
psA("AlgorithmParameters", "ChaCha20-Poly1305",
"com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
- /*
- * Key factories
- */
- psA("KeyFactory", "DiffieHellman",
- "com.sun.crypto.provider.DHKeyFactory",
- null);
-
- /*
- * Secret-key factories
- */
- ps("SecretKeyFactory", "DES",
- "com.sun.crypto.provider.DESKeyFactory");
-
- psA("SecretKeyFactory", "DESede",
- "com.sun.crypto.provider.DESedeKeyFactory", null);
-
- psA("SecretKeyFactory", "PBEWithMD5AndDES",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
- null);
-
- /*
- * Internal in-house crypto algorithm used for
- * the JCEKS keystore type. Since this was developed
- * internally, there isn't an OID corresponding to this
- * algorithm.
- */
- ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
-
- psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
- null);
-
- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
- null);
-
- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
- null);
-
- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
- null);
-
- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
- null);
-
- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
-
- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
-
- // PBKDF2
- psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
- null);
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
-
- /*
- * MAC
- */
- attrs.clear();
- attrs.put("SupportedKeyFormats", "RAW");
- ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
- psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
- attrs);
- psA("Mac", "HmacSHA224",
- "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
- psA("Mac", "HmacSHA256",
- "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
- psA("Mac", "HmacSHA384",
- "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
- psA("Mac", "HmacSHA512",
- "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
- psA("Mac", "HmacSHA512/224",
- "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
- psA("Mac", "HmacSHA512/256",
- "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
- psA("Mac", "HmacSHA3-224",
- "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
- psA("Mac", "HmacSHA3-256",
- "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
- psA("Mac", "HmacSHA3-384",
- "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
- psA("Mac", "HmacSHA3-512",
- "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
-
- ps("Mac", "HmacPBESHA1",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
- null, attrs);
- ps("Mac", "HmacPBESHA224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
- null, attrs);
- ps("Mac", "HmacPBESHA256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
- null, attrs);
- ps("Mac", "HmacPBESHA384",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
- null, attrs);
- ps("Mac", "HmacPBESHA512",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
- null, attrs);
- ps("Mac", "HmacPBESHA512/224",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
- null, attrs);
- ps("Mac", "HmacPBESHA512/256",
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
- null, attrs);
-
-
- // PBMAC1
- ps("Mac", "PBEWithHmacSHA1",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
- ps("Mac", "PBEWithHmacSHA224",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
- ps("Mac", "PBEWithHmacSHA256",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
- ps("Mac", "PBEWithHmacSHA384",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
- ps("Mac", "PBEWithHmacSHA512",
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
- ps("Mac", "SslMacMD5",
- "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
- ps("Mac", "SslMacSHA1",
- "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
-
- /*
- * KeyStore
- */
- ps("KeyStore", "JCEKS",
- "com.sun.crypto.provider.JceKeyStore");
-
- /*
- * SSL/TLS mechanisms
- *
- * These are strictly internal implementations and may
- * be changed at any time. These names were chosen
- * because PKCS11/SunPKCS11 does not yet have TLS1.2
- * mechanisms, and it will cause calls to come here.
- */
- ps("KeyGenerator", "SunTlsPrf",
- "com.sun.crypto.provider.TlsPrfGenerator$V10");
- ps("KeyGenerator", "SunTls12Prf",
- "com.sun.crypto.provider.TlsPrfGenerator$V12");
-
- ps("KeyGenerator", "SunTlsMasterSecret",
- "com.sun.crypto.provider.TlsMasterSecretGenerator",
- List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
- null);
-
- ps("KeyGenerator", "SunTlsKeyMaterial",
- "com.sun.crypto.provider.TlsKeyMaterialGenerator",
- List.of("SunTls12KeyMaterial"), null);
-
- ps("KeyGenerator", "SunTlsRsaPremasterSecret",
- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
- List.of("SunTls12RsaPremasterSecret"), null);
+ if (!systemFipsEnabled) {
+ /*
+ * Key factories
+ */
+ psA("KeyFactory", "DiffieHellman",
+ "com.sun.crypto.provider.DHKeyFactory",
+ null);
+
+ /*
+ * Secret-key factories
+ */
+ ps("SecretKeyFactory", "DES",
+ "com.sun.crypto.provider.DESKeyFactory");
+
+ psA("SecretKeyFactory", "DESede",
+ "com.sun.crypto.provider.DESedeKeyFactory", null);
+
+ psA("SecretKeyFactory", "PBEWithMD5AndDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+ null);
+
+ /*
+ * Internal in-house crypto algorithm used for
+ * the JCEKS keystore type. Since this was developed
+ * internally, there isn't an OID corresponding to this
+ * algorithm.
+ */
+ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
+
+ psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+ null);
+
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+ null);
+
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+ null);
+
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+ null);
+
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+ null);
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
+
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
+
+ // PBKDF2
+ psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+ null);
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
+ /*
+ * MAC
+ */
+ attrs.clear();
+ attrs.put("SupportedKeyFormats", "RAW");
+ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+ psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+ attrs);
+ psA("Mac", "HmacSHA224",
+ "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
+ psA("Mac", "HmacSHA256",
+ "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
+ psA("Mac", "HmacSHA384",
+ "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
+ psA("Mac", "HmacSHA512",
+ "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
+ psA("Mac", "HmacSHA512/224",
+ "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
+ psA("Mac", "HmacSHA512/256",
+ "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
+ psA("Mac", "HmacSHA3-224",
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
+ psA("Mac", "HmacSHA3-256",
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
+ psA("Mac", "HmacSHA3-384",
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
+ psA("Mac", "HmacSHA3-512",
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
+
+ ps("Mac", "HmacPBESHA1",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
+ null, attrs);
+ ps("Mac", "HmacPBESHA224",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA256",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
+ null, attrs);
+ ps("Mac", "HmacPBESHA384",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/224",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
+ null, attrs);
+ ps("Mac", "HmacPBESHA512/256",
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
+ null, attrs);
+
+
+ // PBMAC1
+ ps("Mac", "PBEWithHmacSHA1",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+ ps("Mac", "PBEWithHmacSHA224",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+ ps("Mac", "PBEWithHmacSHA256",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+ ps("Mac", "PBEWithHmacSHA384",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+ ps("Mac", "PBEWithHmacSHA512",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+ ps("Mac", "SslMacMD5",
+ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+ ps("Mac", "SslMacSHA1",
+ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
+
+ /*
+ * KeyStore
+ */
+ ps("KeyStore", "JCEKS",
+ "com.sun.crypto.provider.JceKeyStore");
+
+ /*
+ * SSL/TLS mechanisms
+ *
+ * These are strictly internal implementations and may
+ * be changed at any time. These names were chosen
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
+ * mechanisms, and it will cause calls to come here.
+ */
+ ps("KeyGenerator", "SunTlsPrf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V10");
+ ps("KeyGenerator", "SunTls12Prf",
+ "com.sun.crypto.provider.TlsPrfGenerator$V12");
+
+ ps("KeyGenerator", "SunTlsMasterSecret",
+ "com.sun.crypto.provider.TlsMasterSecretGenerator",
+ List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
+ null);
+
+ ps("KeyGenerator", "SunTlsKeyMaterial",
+ "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+ List.of("SunTls12KeyMaterial"), null);
+
+ ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+ List.of("SunTls12RsaPremasterSecret"), null);
+ }
}
// Return the instance of this class or create one if needed.
diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
index 7cb5ebcde51..709d32912ca 100644
--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
@@ -193,20 +193,22 @@ public final class SunEntries {
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
+ }
- /*
- * Algorithm Parameter Generator engines
- */
- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
- "sun.security.provider.DSAParameterGenerator", attrs);
- attrs.remove("KeySize");
+ /*
+ * Algorithm Parameter Generator engines
+ */
+ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+ "sun.security.provider.DSAParameterGenerator", attrs);
+ attrs.remove("KeySize");
- /*
- * Algorithm Parameter engines
- */
- addWithAlias(p, "AlgorithmParameters", "DSA",
- "sun.security.provider.DSAParameters", attrs);
+ /*
+ * Algorithm Parameter engines
+ */
+ addWithAlias(p, "AlgorithmParameters", "DSA",
+ "sun.security.provider.DSAParameters", attrs);
+ if (!systemFipsEnabled) {
/*
* Key factories
*/
diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
index ca79f25cc44..16c5ad2e227 100644
--- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -27,6 +27,7 @@ package sun.security.rsa;
import java.util.*;
import java.security.Provider;
+import jdk.internal.access.SharedSecrets;
import static sun.security.util.SecurityProviderConstants.getAliases;
/**
@@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
*/
public final class SunRsaSignEntries {
+ private static final boolean systemFipsEnabled =
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled();
+
private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
@@ -56,49 +61,52 @@ public final class SunRsaSignEntries {
// start populating content using the specified provider
// common attribute map
HashMap<String, String> attrs = new HashMap<>(3);
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
+ if (!systemFipsEnabled) {
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+
+ add(p, "KeyFactory", "RSA",
+ "sun.security.rsa.RSAKeyFactory$Legacy",
+ getAliases("PKCS1"), null);
+ add(p, "KeyPairGenerator", "RSA",
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+ getAliases("PKCS1"), null);
+ addA(p, "Signature", "MD2withRSA",
+ "sun.security.rsa.RSASignature$MD2withRSA", attrs);
+ addA(p, "Signature", "MD5withRSA",
+ "sun.security.rsa.RSASignature$MD5withRSA", attrs);
+ addA(p, "Signature", "SHA1withRSA",
+ "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
+ addA(p, "Signature", "SHA224withRSA",
+ "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
+ addA(p, "Signature", "SHA256withRSA",
+ "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
+ addA(p, "Signature", "SHA384withRSA",
+ "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
+ addA(p, "Signature", "SHA512withRSA",
+ "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
+ addA(p, "Signature", "SHA512/224withRSA",
+ "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
+ addA(p, "Signature", "SHA512/256withRSA",
+ "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
+ addA(p, "Signature", "SHA3-224withRSA",
+ "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
+ addA(p, "Signature", "SHA3-256withRSA",
+ "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
+ addA(p, "Signature", "SHA3-384withRSA",
+ "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
+ addA(p, "Signature", "SHA3-512withRSA",
+ "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
- add(p, "KeyFactory", "RSA",
- "sun.security.rsa.RSAKeyFactory$Legacy",
- getAliases("PKCS1"), null);
- add(p, "KeyPairGenerator", "RSA",
- "sun.security.rsa.RSAKeyPairGenerator$Legacy",
- getAliases("PKCS1"), null);
- addA(p, "Signature", "MD2withRSA",
- "sun.security.rsa.RSASignature$MD2withRSA", attrs);
- addA(p, "Signature", "MD5withRSA",
- "sun.security.rsa.RSASignature$MD5withRSA", attrs);
- addA(p, "Signature", "SHA1withRSA",
- "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
- addA(p, "Signature", "SHA224withRSA",
- "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
- addA(p, "Signature", "SHA256withRSA",
- "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
- addA(p, "Signature", "SHA384withRSA",
- "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
- addA(p, "Signature", "SHA512withRSA",
- "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
- addA(p, "Signature", "SHA512/224withRSA",
- "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
- addA(p, "Signature", "SHA512/256withRSA",
- "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
- addA(p, "Signature", "SHA3-224withRSA",
- "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
- addA(p, "Signature", "SHA3-256withRSA",
- "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
- addA(p, "Signature", "SHA3-384withRSA",
- "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
- addA(p, "Signature", "SHA3-512withRSA",
- "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
+ addA(p, "KeyFactory", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+ addA(p, "KeyPairGenerator", "RSASSA-PSS",
+ "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
+ addA(p, "Signature", "RSASSA-PSS",
+ "sun.security.rsa.RSAPSSSignature", attrs);
+ }
- addA(p, "KeyFactory", "RSASSA-PSS",
- "sun.security.rsa.RSAKeyFactory$PSS", attrs);
- addA(p, "KeyPairGenerator", "RSASSA-PSS",
- "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
- addA(p, "Signature", "RSASSA-PSS",
- "sun.security.rsa.RSAPSSSignature", attrs);
addA(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters", null);
}
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
index 3a322854204..5a355e70cae 100644
--- openjdk.orig/src/java.base/share/conf/security/java.security
+++ openjdk/src/java.base/share/conf/security/java.security
@@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
fips.provider.2=SUN
fips.provider.3=SunEC
fips.provider.4=SunJSSE
+fips.provider.5=SunJCE
+fips.provider.6=SunRsaSign
#
# A list of preferred providers for specific algorithms. These providers will