Blob Blame History Raw
commit 6e74f283739af0d867df01d20f82865f559a45ea
Author: Martin Balao <mbalao@redhat.com>
Date:   Mon Feb 28 04:58:05 2022 +0000

    RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode

diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
index a020e1c15d8..6d459fdec01 100644
--- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
 import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.List;
+import jdk.internal.access.SharedSecrets;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 import static sun.security.util.SecurityProviderConstants.*;
 
@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*;
 
 public final class SunJCE extends Provider {
 
+    private static final boolean systemFipsEnabled =
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+            .isSystemFipsEnabled();
+
     @java.io.Serial
     private static final long serialVersionUID = 6812507587804302833L;
 
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
     void putEntries() {
         // reuse attribute map and reset before each reuse
         HashMap<String, String> attrs = new HashMap<>(3);
-        attrs.put("SupportedModes", "ECB");
-        attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
-                + "|OAEPWITHMD5ANDMGF1PADDING"
-                + "|OAEPWITHSHA1ANDMGF1PADDING"
-                + "|OAEPWITHSHA-1ANDMGF1PADDING"
-                + "|OAEPWITHSHA-224ANDMGF1PADDING"
-                + "|OAEPWITHSHA-256ANDMGF1PADDING"
-                + "|OAEPWITHSHA-384ANDMGF1PADDING"
-                + "|OAEPWITHSHA-512ANDMGF1PADDING"
-                + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
-                + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
-        attrs.put("SupportedKeyClasses",
-                "java.security.interfaces.RSAPublicKey" +
-                "|java.security.interfaces.RSAPrivateKey");
-        ps("Cipher", "RSA",
-                "com.sun.crypto.provider.RSACipher", null, attrs);
-
-        // common block cipher modes, pads
-        final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
-            "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
-            "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
-        final String BLOCK_MODES128 = BLOCK_MODES +
-            "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
-            "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
-        final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
-
-        attrs.clear();
-        attrs.put("SupportedModes", BLOCK_MODES);
-        attrs.put("SupportedPaddings", BLOCK_PADS);
-        attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher", "DES",
-                "com.sun.crypto.provider.DESCipher", null, attrs);
-        psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
-                attrs);
-        ps("Cipher", "Blowfish",
-                "com.sun.crypto.provider.BlowfishCipher", null, attrs);
-
-        ps("Cipher", "RC2",
-                "com.sun.crypto.provider.RC2Cipher", null, attrs);
-
-        attrs.clear();
-        attrs.put("SupportedModes", BLOCK_MODES128);
-        attrs.put("SupportedPaddings", BLOCK_PADS);
-        attrs.put("SupportedKeyFormats", "RAW");
-        psA("Cipher", "AES",
-                "com.sun.crypto.provider.AESCipher$General", attrs);
-
-        attrs.clear();
-        attrs.put("SupportedKeyFormats", "RAW");
-        psA("Cipher", "AES/KW/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
-                attrs);
-        ps("Cipher", "AES/KW/PKCS5Padding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
-                null, attrs);
-        psA("Cipher", "AES/KWP/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
-                attrs);
-
-        psA("Cipher", "AES_128/ECB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_128/CBC/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
-                attrs);
-        psA("Cipher", "AES_128/OFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_128/CFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_128/KW/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
-                attrs);
-        ps("Cipher", "AES_128/KW/PKCS5Padding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
-                null, attrs);
-        psA("Cipher", "AES_128/KWP/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
-                attrs);
-
-        psA("Cipher", "AES_192/ECB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_192/CBC/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
-                attrs);
-        psA("Cipher", "AES_192/OFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_192/CFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_192/KW/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
-                attrs);
-        ps("Cipher", "AES_192/KW/PKCS5Padding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
-                null, attrs);
-        psA("Cipher", "AES_192/KWP/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
-                attrs);
-
-        psA("Cipher", "AES_256/ECB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_256/CBC/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
-                attrs);
-        psA("Cipher", "AES_256/OFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_256/CFB/NoPadding",
-                "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
-                attrs);
-        psA("Cipher", "AES_256/KW/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
-                attrs);
-        ps("Cipher", "AES_256/KW/PKCS5Padding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
-                null, attrs);
-        psA("Cipher", "AES_256/KWP/NoPadding",
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
-                attrs);
-
-        attrs.clear();
-        attrs.put("SupportedModes", "GCM");
-        attrs.put("SupportedKeyFormats", "RAW");
-
-        ps("Cipher", "AES/GCM/NoPadding",
-                "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
-                attrs);
-        psA("Cipher", "AES_128/GCM/NoPadding",
-                "com.sun.crypto.provider.GaloisCounterMode$AES128",
-                attrs);
-        psA("Cipher", "AES_192/GCM/NoPadding",
-                "com.sun.crypto.provider.GaloisCounterMode$AES192",
-                attrs);
-        psA("Cipher", "AES_256/GCM/NoPadding",
-                "com.sun.crypto.provider.GaloisCounterMode$AES256",
-                attrs);
-
-        attrs.clear();
-        attrs.put("SupportedModes", "CBC");
-        attrs.put("SupportedPaddings", "NOPADDING");
-        attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher", "DESedeWrap",
-                "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
-
-        attrs.clear();
-        attrs.put("SupportedModes", "ECB");
-        attrs.put("SupportedPaddings", "NOPADDING");
-        attrs.put("SupportedKeyFormats", "RAW");
-        psA("Cipher", "ARCFOUR",
-                "com.sun.crypto.provider.ARCFOURCipher", attrs);
-
-        attrs.clear();
-        attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher",  "ChaCha20",
-                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
-                null, attrs);
-        psA("Cipher",  "ChaCha20-Poly1305",
-                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
-                attrs);
-
-        // PBES1
-        psA("Cipher", "PBEWithMD5AndDES",
-                "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
-                null);
-        ps("Cipher", "PBEWithMD5AndTripleDES",
-                "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
-        psA("Cipher", "PBEWithSHA1AndDESede",
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
-                null);
-        psA("Cipher", "PBEWithSHA1AndRC2_40",
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
-                null);
-        psA("Cipher", "PBEWithSHA1AndRC2_128",
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
-                null);
-        psA("Cipher", "PBEWithSHA1AndRC4_40",
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
-                null);
-
-        psA("Cipher", "PBEWithSHA1AndRC4_128",
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
-                null);
-
-        // PBES2
-        ps("Cipher", "PBEWithHmacSHA1AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
-
-        ps("Cipher", "PBEWithHmacSHA224AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
-
-        ps("Cipher", "PBEWithHmacSHA256AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
-
-        ps("Cipher", "PBEWithHmacSHA384AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
-
-        ps("Cipher", "PBEWithHmacSHA512AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
-
-        ps("Cipher", "PBEWithHmacSHA1AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
-
-        ps("Cipher", "PBEWithHmacSHA224AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
-
-        ps("Cipher", "PBEWithHmacSHA256AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
-
-        ps("Cipher", "PBEWithHmacSHA384AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
-
-        ps("Cipher", "PBEWithHmacSHA512AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
-
-        /*
-         * Key(pair) Generator engines
-         */
-        ps("KeyGenerator", "DES",
-                "com.sun.crypto.provider.DESKeyGenerator");
-        psA("KeyGenerator", "DESede",
-                "com.sun.crypto.provider.DESedeKeyGenerator",
-                null);
-        ps("KeyGenerator", "Blowfish",
-                "com.sun.crypto.provider.BlowfishKeyGenerator");
-        psA("KeyGenerator", "AES",
-                "com.sun.crypto.provider.AESKeyGenerator",
-                null);
-        ps("KeyGenerator", "RC2",
-                "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
-        psA("KeyGenerator", "ARCFOUR",
-                "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
-                null);
-        ps("KeyGenerator", "ChaCha20",
-                "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
-        ps("KeyGenerator", "HmacMD5",
-                "com.sun.crypto.provider.HmacMD5KeyGenerator");
-
-        psA("KeyGenerator", "HmacSHA1",
-                "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
-        psA("KeyGenerator", "HmacSHA224",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
-                null);
-        psA("KeyGenerator", "HmacSHA256",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
-                null);
-        psA("KeyGenerator", "HmacSHA384",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
-                null);
-        psA("KeyGenerator", "HmacSHA512",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
-                null);
-        psA("KeyGenerator", "HmacSHA512/224",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
-                null);
-        psA("KeyGenerator", "HmacSHA512/256",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
-                null);
-
-        psA("KeyGenerator", "HmacSHA3-224",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
-                null);
-        psA("KeyGenerator", "HmacSHA3-256",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
-                null);
-        psA("KeyGenerator", "HmacSHA3-384",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
-                null);
-        psA("KeyGenerator", "HmacSHA3-512",
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
-                null);
-
-        psA("KeyPairGenerator", "DiffieHellman",
-                "com.sun.crypto.provider.DHKeyPairGenerator",
-                null);
+        if (!systemFipsEnabled) {
+            attrs.put("SupportedModes", "ECB");
+            attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+                    + "|OAEPWITHMD5ANDMGF1PADDING"
+                    + "|OAEPWITHSHA1ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-1ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-224ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-256ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-384ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-512ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+                    + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+            attrs.put("SupportedKeyClasses",
+                    "java.security.interfaces.RSAPublicKey" +
+                    "|java.security.interfaces.RSAPrivateKey");
+            ps("Cipher", "RSA",
+                    "com.sun.crypto.provider.RSACipher", null, attrs);
+
+            // common block cipher modes, pads
+            final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
+                "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
+                "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
+            final String BLOCK_MODES128 = BLOCK_MODES +
+                "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
+                "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
+            final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
+
+            attrs.clear();
+            attrs.put("SupportedModes", BLOCK_MODES);
+            attrs.put("SupportedPaddings", BLOCK_PADS);
+            attrs.put("SupportedKeyFormats", "RAW");
+            ps("Cipher", "DES",
+                    "com.sun.crypto.provider.DESCipher", null, attrs);
+            psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+                    attrs);
+            ps("Cipher", "Blowfish",
+                    "com.sun.crypto.provider.BlowfishCipher", null, attrs);
+
+            ps("Cipher", "RC2",
+                    "com.sun.crypto.provider.RC2Cipher", null, attrs);
+
+            attrs.clear();
+            attrs.put("SupportedModes", BLOCK_MODES128);
+            attrs.put("SupportedPaddings", BLOCK_PADS);
+            attrs.put("SupportedKeyFormats", "RAW");
+            psA("Cipher", "AES",
+                    "com.sun.crypto.provider.AESCipher$General", attrs);
+
+            attrs.clear();
+            attrs.put("SupportedKeyFormats", "RAW");
+            psA("Cipher", "AES/KW/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
+                    attrs);
+            ps("Cipher", "AES/KW/PKCS5Padding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
+                    null, attrs);
+            psA("Cipher", "AES/KWP/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
+                    attrs);
+
+            psA("Cipher", "AES_128/ECB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_128/CBC/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_128/OFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_128/CFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_128/KW/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
+                    attrs);
+            ps("Cipher", "AES_128/KW/PKCS5Padding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
+                    null, attrs);
+            psA("Cipher", "AES_128/KWP/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
+                    attrs);
+
+            psA("Cipher", "AES_192/ECB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_192/CBC/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_192/OFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_192/CFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_192/KW/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
+                    attrs);
+            ps("Cipher", "AES_192/KW/PKCS5Padding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
+                    null, attrs);
+            psA("Cipher", "AES_192/KWP/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
+                    attrs);
+
+            psA("Cipher", "AES_256/ECB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_256/CBC/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_256/OFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_256/CFB/NoPadding",
+                    "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+                    attrs);
+            psA("Cipher", "AES_256/KW/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
+                    attrs);
+            ps("Cipher", "AES_256/KW/PKCS5Padding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
+                    null, attrs);
+            psA("Cipher", "AES_256/KWP/NoPadding",
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
+                    attrs);
+
+            attrs.clear();
+            attrs.put("SupportedModes", "GCM");
+            attrs.put("SupportedKeyFormats", "RAW");
+
+            ps("Cipher", "AES/GCM/NoPadding",
+                    "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
+                    attrs);
+            psA("Cipher", "AES_128/GCM/NoPadding",
+                    "com.sun.crypto.provider.GaloisCounterMode$AES128",
+                    attrs);
+            psA("Cipher", "AES_192/GCM/NoPadding",
+                    "com.sun.crypto.provider.GaloisCounterMode$AES192",
+                    attrs);
+            psA("Cipher", "AES_256/GCM/NoPadding",
+                    "com.sun.crypto.provider.GaloisCounterMode$AES256",
+                    attrs);
+
+            attrs.clear();
+            attrs.put("SupportedModes", "CBC");
+            attrs.put("SupportedPaddings", "NOPADDING");
+            attrs.put("SupportedKeyFormats", "RAW");
+            ps("Cipher", "DESedeWrap",
+                    "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
+
+            attrs.clear();
+            attrs.put("SupportedModes", "ECB");
+            attrs.put("SupportedPaddings", "NOPADDING");
+            attrs.put("SupportedKeyFormats", "RAW");
+            psA("Cipher", "ARCFOUR",
+                    "com.sun.crypto.provider.ARCFOURCipher", attrs);
+
+            attrs.clear();
+            attrs.put("SupportedKeyFormats", "RAW");
+            ps("Cipher",  "ChaCha20",
+                    "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
+                    null, attrs);
+            psA("Cipher",  "ChaCha20-Poly1305",
+                    "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
+                    attrs);
+
+            // PBES1
+            psA("Cipher", "PBEWithMD5AndDES",
+                    "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+                    null);
+            ps("Cipher", "PBEWithMD5AndTripleDES",
+                    "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+            psA("Cipher", "PBEWithSHA1AndDESede",
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+                    null);
+            psA("Cipher", "PBEWithSHA1AndRC2_40",
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+                    null);
+            psA("Cipher", "PBEWithSHA1AndRC2_128",
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+                    null);
+            psA("Cipher", "PBEWithSHA1AndRC4_40",
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+                    null);
+
+            psA("Cipher", "PBEWithSHA1AndRC4_128",
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+                    null);
+
+            // PBES2
+            ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+            ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
+
+            ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
+
+            ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
+
+            ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
+
+            ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+            ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
+
+            ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
+
+            ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
+
+            ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
+
+            /*
+             * Key(pair) Generator engines
+             */
+            ps("KeyGenerator", "DES",
+                    "com.sun.crypto.provider.DESKeyGenerator");
+            psA("KeyGenerator", "DESede",
+                    "com.sun.crypto.provider.DESedeKeyGenerator",
+                    null);
+            ps("KeyGenerator", "Blowfish",
+                    "com.sun.crypto.provider.BlowfishKeyGenerator");
+            psA("KeyGenerator", "AES",
+                    "com.sun.crypto.provider.AESKeyGenerator",
+                    null);
+            ps("KeyGenerator", "RC2",
+                    "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
+            psA("KeyGenerator", "ARCFOUR",
+                    "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+                    null);
+            ps("KeyGenerator", "ChaCha20",
+                    "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
+            ps("KeyGenerator", "HmacMD5",
+                    "com.sun.crypto.provider.HmacMD5KeyGenerator");
+
+            psA("KeyGenerator", "HmacSHA1",
+                    "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
+            psA("KeyGenerator", "HmacSHA224",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
+                    null);
+            psA("KeyGenerator", "HmacSHA256",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
+                    null);
+            psA("KeyGenerator", "HmacSHA384",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
+                    null);
+            psA("KeyGenerator", "HmacSHA512",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
+                    null);
+            psA("KeyGenerator", "HmacSHA512/224",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
+                    null);
+            psA("KeyGenerator", "HmacSHA512/256",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
+                    null);
+
+            psA("KeyGenerator", "HmacSHA3-224",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
+                    null);
+            psA("KeyGenerator", "HmacSHA3-256",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
+                    null);
+            psA("KeyGenerator", "HmacSHA3-384",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
+                    null);
+            psA("KeyGenerator", "HmacSHA3-512",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
+                    null);
+
+            psA("KeyPairGenerator", "DiffieHellman",
+                    "com.sun.crypto.provider.DHKeyPairGenerator",
+                    null);
+        }
 
         /*
          * Algorithm parameter generation engines
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
                 "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
                 null);
 
-        /*
-         * Key Agreement engines
-         */
-        attrs.clear();
-        attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
-                        "|javax.crypto.interfaces.DHPrivateKey");
-        psA("KeyAgreement", "DiffieHellman",
-                "com.sun.crypto.provider.DHKeyAgreement",
-                attrs);
+        if (!systemFipsEnabled) {
+            /*
+             * Key Agreement engines
+             */
+            attrs.clear();
+            attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+                            "|javax.crypto.interfaces.DHPrivateKey");
+            psA("KeyAgreement", "DiffieHellman",
+                    "com.sun.crypto.provider.DHKeyAgreement",
+                    attrs);
+        }
 
         /*
          * Algorithm Parameter engines
@@ -531,197 +540,199 @@ public final class SunJCE extends Provider {
         psA("AlgorithmParameters", "ChaCha20-Poly1305",
                 "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
 
-        /*
-         * Key factories
-         */
-        psA("KeyFactory", "DiffieHellman",
-                "com.sun.crypto.provider.DHKeyFactory",
-                null);
-
-        /*
-         * Secret-key factories
-         */
-        ps("SecretKeyFactory", "DES",
-                "com.sun.crypto.provider.DESKeyFactory");
-
-        psA("SecretKeyFactory", "DESede",
-                "com.sun.crypto.provider.DESedeKeyFactory", null);
-
-        psA("SecretKeyFactory", "PBEWithMD5AndDES",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
-                null);
-
-        /*
-         * Internal in-house crypto algorithm used for
-         * the JCEKS keystore type.  Since this was developed
-         * internally, there isn't an OID corresponding to this
-         * algorithm.
-         */
-        ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
-
-        psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
-                null);
-
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
-                null);
-
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
-                null);
-
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
-                null);
-
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
-                null);
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
-
-        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
-
-        // PBKDF2
-        psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
-                null);
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
-
-        /*
-         * MAC
-         */
-        attrs.clear();
-        attrs.put("SupportedKeyFormats", "RAW");
-        ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
-        psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
-                attrs);
-        psA("Mac", "HmacSHA224",
-                "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
-        psA("Mac", "HmacSHA256",
-                "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
-        psA("Mac", "HmacSHA384",
-                "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
-        psA("Mac", "HmacSHA512",
-                "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
-        psA("Mac", "HmacSHA512/224",
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
-        psA("Mac", "HmacSHA512/256",
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
-        psA("Mac", "HmacSHA3-224",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
-        psA("Mac", "HmacSHA3-256",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
-        psA("Mac", "HmacSHA3-384",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
-        psA("Mac", "HmacSHA3-512",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
-
-        ps("Mac", "HmacPBESHA1",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
-                null, attrs);
-        ps("Mac", "HmacPBESHA224",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
-                null, attrs);
-        ps("Mac", "HmacPBESHA256",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
-                null, attrs);
-        ps("Mac", "HmacPBESHA384",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
-                null, attrs);
-        ps("Mac", "HmacPBESHA512",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
-                null, attrs);
-        ps("Mac", "HmacPBESHA512/224",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
-                null, attrs);
-        ps("Mac", "HmacPBESHA512/256",
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
-                null, attrs);
-
-
-        // PBMAC1
-        ps("Mac", "PBEWithHmacSHA1",
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
-        ps("Mac", "PBEWithHmacSHA224",
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
-        ps("Mac", "PBEWithHmacSHA256",
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
-        ps("Mac", "PBEWithHmacSHA384",
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
-        ps("Mac", "PBEWithHmacSHA512",
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
-        ps("Mac", "SslMacMD5",
-                "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
-        ps("Mac", "SslMacSHA1",
-                "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
-
-        /*
-         * KeyStore
-         */
-        ps("KeyStore", "JCEKS",
-                "com.sun.crypto.provider.JceKeyStore");
-
-        /*
-         * SSL/TLS mechanisms
-         *
-         * These are strictly internal implementations and may
-         * be changed at any time.  These names were chosen
-         * because PKCS11/SunPKCS11 does not yet have TLS1.2
-         * mechanisms, and it will cause calls to come here.
-         */
-        ps("KeyGenerator", "SunTlsPrf",
-                "com.sun.crypto.provider.TlsPrfGenerator$V10");
-        ps("KeyGenerator", "SunTls12Prf",
-                "com.sun.crypto.provider.TlsPrfGenerator$V12");
-
-        ps("KeyGenerator", "SunTlsMasterSecret",
-                "com.sun.crypto.provider.TlsMasterSecretGenerator",
-                List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
-                null);
-
-        ps("KeyGenerator", "SunTlsKeyMaterial",
-                "com.sun.crypto.provider.TlsKeyMaterialGenerator",
-                List.of("SunTls12KeyMaterial"), null);
-
-        ps("KeyGenerator", "SunTlsRsaPremasterSecret",
-                "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
-                List.of("SunTls12RsaPremasterSecret"), null);
+        if (!systemFipsEnabled) {
+            /*
+             * Key factories
+             */
+            psA("KeyFactory", "DiffieHellman",
+                    "com.sun.crypto.provider.DHKeyFactory",
+                    null);
+
+            /*
+             * Secret-key factories
+             */
+            ps("SecretKeyFactory", "DES",
+                    "com.sun.crypto.provider.DESKeyFactory");
+
+            psA("SecretKeyFactory", "DESede",
+                    "com.sun.crypto.provider.DESedeKeyFactory", null);
+
+            psA("SecretKeyFactory", "PBEWithMD5AndDES",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+                    null);
+
+            /*
+             * Internal in-house crypto algorithm used for
+             * the JCEKS keystore type.  Since this was developed
+             * internally, there isn't an OID corresponding to this
+             * algorithm.
+             */
+            ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
+
+            psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+                    null);
+
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+                    null);
+
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+                    null);
+
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+                    null);
+
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+                    null);
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
+
+            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
+
+            // PBKDF2
+            psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+                    null);
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
+            /*
+             * MAC
+             */
+            attrs.clear();
+            attrs.put("SupportedKeyFormats", "RAW");
+            ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+            psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+                    attrs);
+            psA("Mac", "HmacSHA224",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
+            psA("Mac", "HmacSHA256",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
+            psA("Mac", "HmacSHA384",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
+            psA("Mac", "HmacSHA512",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
+            psA("Mac", "HmacSHA512/224",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
+            psA("Mac", "HmacSHA512/256",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
+            psA("Mac", "HmacSHA3-224",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
+            psA("Mac", "HmacSHA3-256",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
+            psA("Mac", "HmacSHA3-384",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
+            psA("Mac", "HmacSHA3-512",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
+
+            ps("Mac", "HmacPBESHA1",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA224",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA256",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA384",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA512",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA512/224",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
+                    null, attrs);
+            ps("Mac", "HmacPBESHA512/256",
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
+                    null, attrs);
+
+
+            // PBMAC1
+            ps("Mac", "PBEWithHmacSHA1",
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+            ps("Mac", "PBEWithHmacSHA224",
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+            ps("Mac", "PBEWithHmacSHA256",
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+            ps("Mac", "PBEWithHmacSHA384",
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+            ps("Mac", "PBEWithHmacSHA512",
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+            ps("Mac", "SslMacMD5",
+                    "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+            ps("Mac", "SslMacSHA1",
+                    "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
+
+            /*
+             * KeyStore
+             */
+            ps("KeyStore", "JCEKS",
+                    "com.sun.crypto.provider.JceKeyStore");
+
+            /*
+             * SSL/TLS mechanisms
+             *
+             * These are strictly internal implementations and may
+             * be changed at any time.  These names were chosen
+             * because PKCS11/SunPKCS11 does not yet have TLS1.2
+             * mechanisms, and it will cause calls to come here.
+             */
+            ps("KeyGenerator", "SunTlsPrf",
+                    "com.sun.crypto.provider.TlsPrfGenerator$V10");
+            ps("KeyGenerator", "SunTls12Prf",
+                    "com.sun.crypto.provider.TlsPrfGenerator$V12");
+
+            ps("KeyGenerator", "SunTlsMasterSecret",
+                    "com.sun.crypto.provider.TlsMasterSecretGenerator",
+                    List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
+                    null);
+
+            ps("KeyGenerator", "SunTlsKeyMaterial",
+                    "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+                    List.of("SunTls12KeyMaterial"), null);
+
+            ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+                    "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+                    List.of("SunTls12RsaPremasterSecret"), null);
+        }
     }
 
     // Return the instance of this class or create one if needed.
diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
index 7cb5ebcde51..709d32912ca 100644
--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
@@ -193,20 +193,22 @@ public final class SunEntries {
             String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
             dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
             addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
+        }
 
-            /*
-             * Algorithm Parameter Generator engines
-             */
-            addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
-                    "sun.security.provider.DSAParameterGenerator", attrs);
-            attrs.remove("KeySize");
+        /*
+         * Algorithm Parameter Generator engines
+         */
+        addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+                "sun.security.provider.DSAParameterGenerator", attrs);
+        attrs.remove("KeySize");
 
-            /*
-             * Algorithm Parameter engines
-             */
-            addWithAlias(p, "AlgorithmParameters", "DSA",
-                    "sun.security.provider.DSAParameters", attrs);
+        /*
+         * Algorithm Parameter engines
+         */
+        addWithAlias(p, "AlgorithmParameters", "DSA",
+                "sun.security.provider.DSAParameters", attrs);
 
+        if (!systemFipsEnabled) {
             /*
              * Key factories
              */
diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
index ca79f25cc44..16c5ad2e227 100644
--- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -27,6 +27,7 @@ package sun.security.rsa;
 
 import java.util.*;
 import java.security.Provider;
+import jdk.internal.access.SharedSecrets;
 import static sun.security.util.SecurityProviderConstants.getAliases;
 
 /**
@@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
  */
 public final class SunRsaSignEntries {
 
+    private static final boolean systemFipsEnabled =
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+            .isSystemFipsEnabled();
+
     private void add(Provider p, String type, String algo, String cn,
              List<String> aliases, HashMap<String, String> attrs) {
          services.add(new Provider.Service(p, type, algo, cn,
@@ -56,49 +61,52 @@ public final class SunRsaSignEntries {
         // start populating content using the specified provider
         // common attribute map
         HashMap<String, String> attrs = new HashMap<>(3);
-        attrs.put("SupportedKeyClasses",
-                "java.security.interfaces.RSAPublicKey" +
-                "|java.security.interfaces.RSAPrivateKey");
+        if (!systemFipsEnabled) {
+            attrs.put("SupportedKeyClasses",
+                    "java.security.interfaces.RSAPublicKey" +
+                    "|java.security.interfaces.RSAPrivateKey");
+
+            add(p, "KeyFactory", "RSA",
+                    "sun.security.rsa.RSAKeyFactory$Legacy",
+                    getAliases("PKCS1"), null);
+            add(p, "KeyPairGenerator", "RSA",
+                    "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+                    getAliases("PKCS1"), null);
+            addA(p, "Signature", "MD2withRSA",
+                    "sun.security.rsa.RSASignature$MD2withRSA", attrs);
+            addA(p, "Signature", "MD5withRSA",
+                    "sun.security.rsa.RSASignature$MD5withRSA", attrs);
+            addA(p, "Signature", "SHA1withRSA",
+                    "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
+            addA(p, "Signature", "SHA224withRSA",
+                    "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
+            addA(p, "Signature", "SHA256withRSA",
+                    "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
+            addA(p, "Signature", "SHA384withRSA",
+                    "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
+            addA(p, "Signature", "SHA512withRSA",
+                    "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
+            addA(p, "Signature", "SHA512/224withRSA",
+                    "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
+            addA(p, "Signature", "SHA512/256withRSA",
+                    "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
+            addA(p, "Signature", "SHA3-224withRSA",
+                    "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
+            addA(p, "Signature", "SHA3-256withRSA",
+                    "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
+            addA(p, "Signature", "SHA3-384withRSA",
+                   "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
+            addA(p, "Signature", "SHA3-512withRSA",
+                    "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
 
-        add(p, "KeyFactory", "RSA",
-                "sun.security.rsa.RSAKeyFactory$Legacy",
-                getAliases("PKCS1"), null);
-        add(p, "KeyPairGenerator", "RSA",
-                "sun.security.rsa.RSAKeyPairGenerator$Legacy",
-                getAliases("PKCS1"), null);
-        addA(p, "Signature", "MD2withRSA",
-                "sun.security.rsa.RSASignature$MD2withRSA", attrs);
-        addA(p, "Signature", "MD5withRSA",
-                "sun.security.rsa.RSASignature$MD5withRSA", attrs);
-        addA(p, "Signature", "SHA1withRSA",
-                "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
-        addA(p, "Signature", "SHA224withRSA",
-                "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
-        addA(p, "Signature", "SHA256withRSA",
-                "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
-        addA(p, "Signature", "SHA384withRSA",
-                "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
-        addA(p, "Signature", "SHA512withRSA",
-                "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
-        addA(p, "Signature", "SHA512/224withRSA",
-                "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
-        addA(p, "Signature", "SHA512/256withRSA",
-                "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
-        addA(p, "Signature", "SHA3-224withRSA",
-                "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
-        addA(p, "Signature", "SHA3-256withRSA",
-                "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
-        addA(p, "Signature", "SHA3-384withRSA",
-               "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
-        addA(p, "Signature", "SHA3-512withRSA",
-                "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
+            addA(p, "KeyFactory", "RSASSA-PSS",
+                    "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+            addA(p, "KeyPairGenerator", "RSASSA-PSS",
+                    "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
+            addA(p, "Signature", "RSASSA-PSS",
+                    "sun.security.rsa.RSAPSSSignature", attrs);
+        }
 
-        addA(p, "KeyFactory", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyFactory$PSS", attrs);
-        addA(p, "KeyPairGenerator", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
-        addA(p, "Signature", "RSASSA-PSS",
-                "sun.security.rsa.RSAPSSSignature", attrs);
         addA(p, "AlgorithmParameters", "RSASSA-PSS",
                 "sun.security.rsa.PSSParameters", null);
     }
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
index 3a322854204..5a355e70cae 100644
--- openjdk.orig/src/java.base/share/conf/security/java.security
+++ openjdk/src/java.base/share/conf/security/java.security
@@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
 fips.provider.2=SUN
 fips.provider.3=SunEC
 fips.provider.4=SunJSSE
+fips.provider.5=SunJCE
+fips.provider.6=SunRsaSign
 
 #
 # A list of preferred providers for specific algorithms. These providers will