diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java index 63bb580eb3a..238735c0c8c 100644 --- openjdk.orig/src/java.base/share/classes/module-info.java +++ openjdk/src/java.base/share/classes/module-info.java @@ -152,6 +152,7 @@ module java.base { java.naming, java.rmi, jdk.charsets, + jdk.crypto.ec, jdk.jartool, jdk.jlink, jdk.net, diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java index 912cad59714..7cb5ebcde51 100644 --- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -30,6 +30,7 @@ import java.net.*; import java.util.*; import java.security.*; +import jdk.internal.access.SharedSecrets; import jdk.internal.util.StaticProperty; import sun.security.action.GetPropertyAction; import sun.security.util.SecurityProviderConstants; @@ -83,6 +84,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases; public final class SunEntries { + private static final boolean systemFipsEnabled = + SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + .isSystemFipsEnabled(); + // the default algo used by SecureRandom class for new SecureRandom() calls public static final String DEF_SECURE_RANDOM_ALGO; @@ -94,147 +99,149 @@ public final class SunEntries { // common attribute map HashMap attrs = new HashMap<>(3); - /* - * SecureRandom engines - */ - attrs.put("ThreadSafe", "true"); - if (NativePRNG.isAvailable()) { - add(p, "SecureRandom", "NativePRNG", - "sun.security.provider.NativePRNG", attrs); - } - if (NativePRNG.Blocking.isAvailable()) { - add(p, "SecureRandom", "NativePRNGBlocking", - "sun.security.provider.NativePRNG$Blocking", attrs); - } - if (NativePRNG.NonBlocking.isAvailable()) { - add(p, "SecureRandom", "NativePRNGNonBlocking", - "sun.security.provider.NativePRNG$NonBlocking", attrs); - } - attrs.put("ImplementedIn", "Software"); - add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); - add(p, "SecureRandom", "SHA1PRNG", - "sun.security.provider.SecureRandom", attrs); - - /* - * Signature engines - */ - attrs.clear(); - String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + - "|java.security.interfaces.DSAPrivateKey"; - attrs.put("SupportedKeyClasses", dsaKeyClasses); - attrs.put("ImplementedIn", "Software"); - - attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures - - addWithAlias(p, "Signature", "SHA1withDSA", - "sun.security.provider.DSA$SHA1withDSA", attrs); - addWithAlias(p, "Signature", "NONEwithDSA", - "sun.security.provider.DSA$RawDSA", attrs); - - // for DSA signatures with 224/256-bit digests - attrs.put("KeySize", "2048"); - - addWithAlias(p, "Signature", "SHA224withDSA", - "sun.security.provider.DSA$SHA224withDSA", attrs); - addWithAlias(p, "Signature", "SHA256withDSA", - "sun.security.provider.DSA$SHA256withDSA", attrs); - - addWithAlias(p, "Signature", "SHA3-224withDSA", - "sun.security.provider.DSA$SHA3_224withDSA", attrs); - addWithAlias(p, "Signature", "SHA3-256withDSA", - "sun.security.provider.DSA$SHA3_256withDSA", attrs); - - attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests - - addWithAlias(p, "Signature", "SHA384withDSA", - "sun.security.provider.DSA$SHA384withDSA", attrs); - addWithAlias(p, "Signature", "SHA512withDSA", - "sun.security.provider.DSA$SHA512withDSA", attrs); - addWithAlias(p, "Signature", "SHA3-384withDSA", - "sun.security.provider.DSA$SHA3_384withDSA", attrs); - addWithAlias(p, "Signature", "SHA3-512withDSA", - "sun.security.provider.DSA$SHA3_512withDSA", attrs); - - attrs.remove("KeySize"); - - add(p, "Signature", "SHA1withDSAinP1363Format", - "sun.security.provider.DSA$SHA1withDSAinP1363Format"); - add(p, "Signature", "NONEwithDSAinP1363Format", - "sun.security.provider.DSA$RawDSAinP1363Format"); - add(p, "Signature", "SHA224withDSAinP1363Format", - "sun.security.provider.DSA$SHA224withDSAinP1363Format"); - add(p, "Signature", "SHA256withDSAinP1363Format", - "sun.security.provider.DSA$SHA256withDSAinP1363Format"); - add(p, "Signature", "SHA384withDSAinP1363Format", - "sun.security.provider.DSA$SHA384withDSAinP1363Format"); - add(p, "Signature", "SHA512withDSAinP1363Format", - "sun.security.provider.DSA$SHA512withDSAinP1363Format"); - add(p, "Signature", "SHA3-224withDSAinP1363Format", - "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); - add(p, "Signature", "SHA3-256withDSAinP1363Format", - "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); - add(p, "Signature", "SHA3-384withDSAinP1363Format", - "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); - add(p, "Signature", "SHA3-512withDSAinP1363Format", - "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); - /* - * Key Pair Generator engines - */ - attrs.clear(); - attrs.put("ImplementedIn", "Software"); - attrs.put("KeySize", "2048"); // for DSA KPG and APG only + if (!systemFipsEnabled) { + /* + * SecureRandom engines + */ + attrs.put("ThreadSafe", "true"); + if (NativePRNG.isAvailable()) { + add(p, "SecureRandom", "NativePRNG", + "sun.security.provider.NativePRNG", attrs); + } + if (NativePRNG.Blocking.isAvailable()) { + add(p, "SecureRandom", "NativePRNGBlocking", + "sun.security.provider.NativePRNG$Blocking", attrs); + } + if (NativePRNG.NonBlocking.isAvailable()) { + add(p, "SecureRandom", "NativePRNGNonBlocking", + "sun.security.provider.NativePRNG$NonBlocking", attrs); + } + attrs.put("ImplementedIn", "Software"); + add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); + add(p, "SecureRandom", "SHA1PRNG", + "sun.security.provider.SecureRandom", attrs); - String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; - dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); - addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); + /* + * Signature engines + */ + attrs.clear(); + String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + + "|java.security.interfaces.DSAPrivateKey"; + attrs.put("SupportedKeyClasses", dsaKeyClasses); + attrs.put("ImplementedIn", "Software"); + + attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures + + addWithAlias(p, "Signature", "SHA1withDSA", + "sun.security.provider.DSA$SHA1withDSA", attrs); + addWithAlias(p, "Signature", "NONEwithDSA", + "sun.security.provider.DSA$RawDSA", attrs); + + // for DSA signatures with 224/256-bit digests + attrs.put("KeySize", "2048"); + + addWithAlias(p, "Signature", "SHA224withDSA", + "sun.security.provider.DSA$SHA224withDSA", attrs); + addWithAlias(p, "Signature", "SHA256withDSA", + "sun.security.provider.DSA$SHA256withDSA", attrs); + + addWithAlias(p, "Signature", "SHA3-224withDSA", + "sun.security.provider.DSA$SHA3_224withDSA", attrs); + addWithAlias(p, "Signature", "SHA3-256withDSA", + "sun.security.provider.DSA$SHA3_256withDSA", attrs); + + attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests + + addWithAlias(p, "Signature", "SHA384withDSA", + "sun.security.provider.DSA$SHA384withDSA", attrs); + addWithAlias(p, "Signature", "SHA512withDSA", + "sun.security.provider.DSA$SHA512withDSA", attrs); + addWithAlias(p, "Signature", "SHA3-384withDSA", + "sun.security.provider.DSA$SHA3_384withDSA", attrs); + addWithAlias(p, "Signature", "SHA3-512withDSA", + "sun.security.provider.DSA$SHA3_512withDSA", attrs); + + attrs.remove("KeySize"); + + add(p, "Signature", "SHA1withDSAinP1363Format", + "sun.security.provider.DSA$SHA1withDSAinP1363Format"); + add(p, "Signature", "NONEwithDSAinP1363Format", + "sun.security.provider.DSA$RawDSAinP1363Format"); + add(p, "Signature", "SHA224withDSAinP1363Format", + "sun.security.provider.DSA$SHA224withDSAinP1363Format"); + add(p, "Signature", "SHA256withDSAinP1363Format", + "sun.security.provider.DSA$SHA256withDSAinP1363Format"); + add(p, "Signature", "SHA384withDSAinP1363Format", + "sun.security.provider.DSA$SHA384withDSAinP1363Format"); + add(p, "Signature", "SHA512withDSAinP1363Format", + "sun.security.provider.DSA$SHA512withDSAinP1363Format"); + add(p, "Signature", "SHA3-224withDSAinP1363Format", + "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); + add(p, "Signature", "SHA3-256withDSAinP1363Format", + "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); + add(p, "Signature", "SHA3-384withDSAinP1363Format", + "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); + add(p, "Signature", "SHA3-512withDSAinP1363Format", + "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); + /* + * Key Pair Generator engines + */ + attrs.clear(); + attrs.put("ImplementedIn", "Software"); + attrs.put("KeySize", "2048"); // for DSA KPG and APG only - /* - * Algorithm Parameter Generator engines - */ - addWithAlias(p, "AlgorithmParameterGenerator", "DSA", - "sun.security.provider.DSAParameterGenerator", attrs); - attrs.remove("KeySize"); + String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; + dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); + addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); - /* - * Algorithm Parameter engines - */ - addWithAlias(p, "AlgorithmParameters", "DSA", - "sun.security.provider.DSAParameters", attrs); + /* + * Algorithm Parameter Generator engines + */ + addWithAlias(p, "AlgorithmParameterGenerator", "DSA", + "sun.security.provider.DSAParameterGenerator", attrs); + attrs.remove("KeySize"); - /* - * Key factories - */ - addWithAlias(p, "KeyFactory", "DSA", - "sun.security.provider.DSAKeyFactory", attrs); + /* + * Algorithm Parameter engines + */ + addWithAlias(p, "AlgorithmParameters", "DSA", + "sun.security.provider.DSAParameters", attrs); - /* - * Digest engines - */ - add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs); - add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); - addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", - attrs); + /* + * Key factories + */ + addWithAlias(p, "KeyFactory", "DSA", + "sun.security.provider.DSAKeyFactory", attrs); - addWithAlias(p, "MessageDigest", "SHA-224", - "sun.security.provider.SHA2$SHA224", attrs); - addWithAlias(p, "MessageDigest", "SHA-256", - "sun.security.provider.SHA2$SHA256", attrs); - addWithAlias(p, "MessageDigest", "SHA-384", - "sun.security.provider.SHA5$SHA384", attrs); - addWithAlias(p, "MessageDigest", "SHA-512", - "sun.security.provider.SHA5$SHA512", attrs); - addWithAlias(p, "MessageDigest", "SHA-512/224", - "sun.security.provider.SHA5$SHA512_224", attrs); - addWithAlias(p, "MessageDigest", "SHA-512/256", - "sun.security.provider.SHA5$SHA512_256", attrs); - addWithAlias(p, "MessageDigest", "SHA3-224", - "sun.security.provider.SHA3$SHA224", attrs); - addWithAlias(p, "MessageDigest", "SHA3-256", - "sun.security.provider.SHA3$SHA256", attrs); - addWithAlias(p, "MessageDigest", "SHA3-384", - "sun.security.provider.SHA3$SHA384", attrs); - addWithAlias(p, "MessageDigest", "SHA3-512", - "sun.security.provider.SHA3$SHA512", attrs); + /* + * Digest engines + */ + add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs); + add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); + addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", + attrs); + + addWithAlias(p, "MessageDigest", "SHA-224", + "sun.security.provider.SHA2$SHA224", attrs); + addWithAlias(p, "MessageDigest", "SHA-256", + "sun.security.provider.SHA2$SHA256", attrs); + addWithAlias(p, "MessageDigest", "SHA-384", + "sun.security.provider.SHA5$SHA384", attrs); + addWithAlias(p, "MessageDigest", "SHA-512", + "sun.security.provider.SHA5$SHA512", attrs); + addWithAlias(p, "MessageDigest", "SHA-512/224", + "sun.security.provider.SHA5$SHA512_224", attrs); + addWithAlias(p, "MessageDigest", "SHA-512/256", + "sun.security.provider.SHA5$SHA512_256", attrs); + addWithAlias(p, "MessageDigest", "SHA3-224", + "sun.security.provider.SHA3$SHA224", attrs); + addWithAlias(p, "MessageDigest", "SHA3-256", + "sun.security.provider.SHA3$SHA256", attrs); + addWithAlias(p, "MessageDigest", "SHA3-384", + "sun.security.provider.SHA3$SHA384", attrs); + addWithAlias(p, "MessageDigest", "SHA3-512", + "sun.security.provider.SHA3$SHA512", attrs); + } /* * Certificates diff --git openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java index 8c9e4f9dbe6..883dc04758e 100644 --- openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java @@ -38,6 +38,7 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; +import jdk.internal.access.SharedSecrets; import sun.security.ec.ed.EdDSAAlgorithmParameters; import sun.security.ec.ed.EdDSAKeyFactory; import sun.security.ec.ed.EdDSAKeyPairGenerator; @@ -56,6 +57,10 @@ public final class SunEC extends Provider { private static final long serialVersionUID = -2279741672933606418L; + private static final boolean systemFipsEnabled = + SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + .isSystemFipsEnabled(); + private static class ProviderServiceA extends ProviderService { ProviderServiceA(Provider p, String type, String algo, String cn, HashMap attrs) { @@ -249,85 +254,86 @@ public final class SunEC extends Provider { putXDHEntries(); putEdDSAEntries(); - - /* - * Signature engines - */ - putService(new ProviderService(this, "Signature", - "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw", - null, ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384", - ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512", - ATTRS)); - - putService(new ProviderService(this, "Signature", - "NONEwithECDSAinP1363Format", - "sun.security.ec.ECDSASignature$RawinP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA1withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA1inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA224withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA224inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA256withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA256inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA384withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA384inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA512withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA512inP1363Format")); - - putService(new ProviderService(this, "Signature", - "SHA3-224withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA3_224inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA3-256withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA3_256inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA3-384withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA3_384inP1363Format")); - putService(new ProviderService(this, "Signature", - "SHA3-512withECDSAinP1363Format", - "sun.security.ec.ECDSASignature$SHA3_512inP1363Format")); - - /* - * Key Pair Generator engine - */ - putService(new ProviderService(this, "KeyPairGenerator", - "EC", "sun.security.ec.ECKeyPairGenerator", - List.of("EllipticCurve"), ATTRS)); - - /* - * Key Agreement engine - */ - putService(new ProviderService(this, "KeyAgreement", - "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS)); + if (!systemFipsEnabled) { + /* + * Signature engines + */ + putService(new ProviderService(this, "Signature", + "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw", + null, ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384", + ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512", + ATTRS)); + + putService(new ProviderService(this, "Signature", + "NONEwithECDSAinP1363Format", + "sun.security.ec.ECDSASignature$RawinP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA1withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA1inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA224withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA224inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA256withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA256inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA384withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA384inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA512withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA512inP1363Format")); + + putService(new ProviderService(this, "Signature", + "SHA3-224withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA3_224inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA3-256withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA3_256inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA3-384withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA3_384inP1363Format")); + putService(new ProviderService(this, "Signature", + "SHA3-512withECDSAinP1363Format", + "sun.security.ec.ECDSASignature$SHA3_512inP1363Format")); + + /* + * Key Pair Generator engine + */ + putService(new ProviderService(this, "KeyPairGenerator", + "EC", "sun.security.ec.ECKeyPairGenerator", + List.of("EllipticCurve"), ATTRS)); + + /* + * Key Agreement engine + */ + putService(new ProviderService(this, "KeyAgreement", + "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS)); + } } private void putXDHEntries() { @@ -344,23 +350,25 @@ public final class SunEC extends Provider { "X448", "sun.security.ec.XDHKeyFactory.X448", ATTRS)); - putService(new ProviderService(this, "KeyPairGenerator", - "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS)); - putService(new ProviderServiceA(this, "KeyPairGenerator", - "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519", - ATTRS)); - putService(new ProviderServiceA(this, "KeyPairGenerator", - "X448", "sun.security.ec.XDHKeyPairGenerator.X448", - ATTRS)); - - putService(new ProviderService(this, "KeyAgreement", - "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS)); - putService(new ProviderServiceA(this, "KeyAgreement", - "X25519", "sun.security.ec.XDHKeyAgreement.X25519", - ATTRS)); - putService(new ProviderServiceA(this, "KeyAgreement", - "X448", "sun.security.ec.XDHKeyAgreement.X448", - ATTRS)); + if (!systemFipsEnabled) { + putService(new ProviderService(this, "KeyPairGenerator", + "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS)); + putService(new ProviderServiceA(this, "KeyPairGenerator", + "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519", + ATTRS)); + putService(new ProviderServiceA(this, "KeyPairGenerator", + "X448", "sun.security.ec.XDHKeyPairGenerator.X448", + ATTRS)); + + putService(new ProviderService(this, "KeyAgreement", + "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS)); + putService(new ProviderServiceA(this, "KeyAgreement", + "X25519", "sun.security.ec.XDHKeyAgreement.X25519", + ATTRS)); + putService(new ProviderServiceA(this, "KeyAgreement", + "X448", "sun.security.ec.XDHKeyAgreement.X448", + ATTRS)); + } } private void putEdDSAEntries() { @@ -375,21 +383,23 @@ public final class SunEC extends Provider { putService(new ProviderServiceA(this, "KeyFactory", "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS)); - putService(new ProviderService(this, "KeyPairGenerator", - "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS)); - putService(new ProviderServiceA(this, "KeyPairGenerator", - "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519", - ATTRS)); - putService(new ProviderServiceA(this, "KeyPairGenerator", - "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448", - ATTRS)); - - putService(new ProviderService(this, "Signature", - "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS)); - putService(new ProviderServiceA(this, "Signature", - "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS)); + if (!systemFipsEnabled) { + putService(new ProviderService(this, "KeyPairGenerator", + "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS)); + putService(new ProviderServiceA(this, "KeyPairGenerator", + "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519", + ATTRS)); + putService(new ProviderServiceA(this, "KeyPairGenerator", + "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448", + ATTRS)); + + putService(new ProviderService(this, "Signature", + "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS)); + putService(new ProviderServiceA(this, "Signature", + "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS)); + } } }