Blame SOURCES/rh1995150-disable_non-fips_crypto.patch

c5ecb0
diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
c5ecb0
index 63bb580eb3a..238735c0c8c 100644
c5ecb0
--- openjdk.orig/src/java.base/share/classes/module-info.java
c0ba06
+++ openjdk/src/java.base/share/classes/module-info.java
c5ecb0
@@ -152,6 +152,7 @@ module java.base {
c0ba06
         java.naming,
c0ba06
         java.rmi,
c5ecb0
         jdk.charsets,
c0ba06
+        jdk.crypto.ec,
c0ba06
         jdk.jartool,
c0ba06
         jdk.jlink,
c0ba06
         jdk.net,
c5ecb0
diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
c5ecb0
index 912cad59714..7cb5ebcde51 100644
c5ecb0
--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
c0ba06
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
c0ba06
@@ -30,6 +30,7 @@ import java.net.*;
c0ba06
 import java.util.*;
c0ba06
 import java.security.*;
c0ba06
 
c0ba06
+import jdk.internal.access.SharedSecrets;
c0ba06
 import jdk.internal.util.StaticProperty;
c0ba06
 import sun.security.action.GetPropertyAction;
c0ba06
 import sun.security.util.SecurityProviderConstants;
c0ba06
@@ -83,6 +84,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
c0ba06
 
c0ba06
 public final class SunEntries {
c0ba06
 
c0ba06
+    private static final boolean systemFipsEnabled =
c0ba06
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
c0ba06
+            .isSystemFipsEnabled();
c0ba06
+
c0ba06
     // the default algo used by SecureRandom class for new SecureRandom() calls
c0ba06
     public static final String DEF_SECURE_RANDOM_ALGO;
c0ba06
 
c0ba06
@@ -94,147 +99,149 @@ public final class SunEntries {
c0ba06
         // common attribute map
c0ba06
         HashMap<String, String> attrs = new HashMap<>(3);
c0ba06
 
c0ba06
-        /*
c0ba06
-         * SecureRandom engines
c0ba06
-         */
c0ba06
-        attrs.put("ThreadSafe", "true");
c0ba06
-        if (NativePRNG.isAvailable()) {
c0ba06
-            add(p, "SecureRandom", "NativePRNG",
c0ba06
-                    "sun.security.provider.NativePRNG", attrs);
c0ba06
-        }
c0ba06
-        if (NativePRNG.Blocking.isAvailable()) {
c0ba06
-            add(p, "SecureRandom", "NativePRNGBlocking",
c0ba06
-                    "sun.security.provider.NativePRNG$Blocking", attrs);
c0ba06
-        }
c0ba06
-        if (NativePRNG.NonBlocking.isAvailable()) {
c0ba06
-            add(p, "SecureRandom", "NativePRNGNonBlocking",
c0ba06
-                    "sun.security.provider.NativePRNG$NonBlocking", attrs);
c5ecb0
-        }
c5ecb0
-        attrs.put("ImplementedIn", "Software");
c5ecb0
-        add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
c5ecb0
-        add(p, "SecureRandom", "SHA1PRNG",
c5ecb0
-                "sun.security.provider.SecureRandom", attrs);
c5ecb0
-
c5ecb0
-        /*
c5ecb0
-         * Signature engines
c5ecb0
-         */
c5ecb0
-        attrs.clear();
c5ecb0
-        String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
c5ecb0
-                "|java.security.interfaces.DSAPrivateKey";
c5ecb0
-        attrs.put("SupportedKeyClasses", dsaKeyClasses);
c5ecb0
-        attrs.put("ImplementedIn", "Software");
c5ecb0
-
c5ecb0
-        attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
c5ecb0
-
c5ecb0
-        addWithAlias(p, "Signature", "SHA1withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA1withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "NONEwithDSA",
c5ecb0
-                "sun.security.provider.DSA$RawDSA", attrs);
c5ecb0
-
c5ecb0
-        // for DSA signatures with 224/256-bit digests
c5ecb0
-        attrs.put("KeySize", "2048");
c5ecb0
-
c5ecb0
-        addWithAlias(p, "Signature", "SHA224withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA224withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "SHA256withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA256withDSA", attrs);
c5ecb0
-
c5ecb0
-        addWithAlias(p, "Signature", "SHA3-224withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA3_224withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "SHA3-256withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA3_256withDSA", attrs);
c5ecb0
-
c5ecb0
-        attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
c5ecb0
-
c5ecb0
-        addWithAlias(p, "Signature", "SHA384withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA384withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "SHA512withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA512withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "SHA3-384withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA3_384withDSA", attrs);
c5ecb0
-        addWithAlias(p, "Signature", "SHA3-512withDSA",
c5ecb0
-                "sun.security.provider.DSA$SHA3_512withDSA", attrs);
c5ecb0
-
c5ecb0
-        attrs.remove("KeySize");
c5ecb0
-
c5ecb0
-        add(p, "Signature", "SHA1withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA1withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "NONEwithDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$RawDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA224withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA224withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA256withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA256withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA384withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA384withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA512withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA512withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA3-224withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA3-256withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA3-384withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
c5ecb0
-        add(p, "Signature", "SHA3-512withDSAinP1363Format",
c5ecb0
-                "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
c5ecb0
-        /*
c5ecb0
-         *  Key Pair Generator engines
c5ecb0
-         */
c5ecb0
-        attrs.clear();
c5ecb0
-        attrs.put("ImplementedIn", "Software");
c5ecb0
-        attrs.put("KeySize", "2048"); // for DSA KPG and APG only
c0ba06
+        if (!systemFipsEnabled) {
c0ba06
+            /*
c0ba06
+             * SecureRandom engines
c0ba06
+             */
c0ba06
+            attrs.put("ThreadSafe", "true");
c0ba06
+            if (NativePRNG.isAvailable()) {
c0ba06
+                add(p, "SecureRandom", "NativePRNG",
c0ba06
+                        "sun.security.provider.NativePRNG", attrs);
c0ba06
+            }
c0ba06
+            if (NativePRNG.Blocking.isAvailable()) {
c0ba06
+                add(p, "SecureRandom", "NativePRNGBlocking",
c0ba06
+                        "sun.security.provider.NativePRNG$Blocking", attrs);
c0ba06
+            }
c0ba06
+            if (NativePRNG.NonBlocking.isAvailable()) {
c0ba06
+                add(p, "SecureRandom", "NativePRNGNonBlocking",
c0ba06
+                        "sun.security.provider.NativePRNG$NonBlocking", attrs);
c0ba06
+            }
c0ba06
+            attrs.put("ImplementedIn", "Software");
c0ba06
+            add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
c0ba06
+            add(p, "SecureRandom", "SHA1PRNG",
c0ba06
+                    "sun.security.provider.SecureRandom", attrs);
c5ecb0
 
c5ecb0
-        String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
c5ecb0
-        dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
c5ecb0
-        addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
c0ba06
+            /*
c0ba06
+             * Signature engines
c0ba06
+             */
c0ba06
+            attrs.clear();
c0ba06
+            String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
c0ba06
+                    "|java.security.interfaces.DSAPrivateKey";
c0ba06
+            attrs.put("SupportedKeyClasses", dsaKeyClasses);
c0ba06
+            attrs.put("ImplementedIn", "Software");
c0ba06
+
c0ba06
+            attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
c0ba06
+
c0ba06
+            addWithAlias(p, "Signature", "SHA1withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA1withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "NONEwithDSA",
c0ba06
+                    "sun.security.provider.DSA$RawDSA", attrs);
c0ba06
+
c0ba06
+            // for DSA signatures with 224/256-bit digests
c0ba06
+            attrs.put("KeySize", "2048");
c0ba06
+
c0ba06
+            addWithAlias(p, "Signature", "SHA224withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA224withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "SHA256withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA256withDSA", attrs);
c0ba06
+
c0ba06
+            addWithAlias(p, "Signature", "SHA3-224withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA3_224withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "SHA3-256withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA3_256withDSA", attrs);
c0ba06
+
c0ba06
+            attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
c0ba06
+
c0ba06
+            addWithAlias(p, "Signature", "SHA384withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA384withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "SHA512withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA512withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "SHA3-384withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA3_384withDSA", attrs);
c0ba06
+            addWithAlias(p, "Signature", "SHA3-512withDSA",
c0ba06
+                    "sun.security.provider.DSA$SHA3_512withDSA", attrs);
c0ba06
+
c0ba06
+            attrs.remove("KeySize");
c0ba06
+
c0ba06
+            add(p, "Signature", "SHA1withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA1withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "NONEwithDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$RawDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA224withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA224withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA256withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA256withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA384withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA384withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA512withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA512withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA3-224withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA3-256withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA3-384withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
c0ba06
+            add(p, "Signature", "SHA3-512withDSAinP1363Format",
c0ba06
+                    "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
c0ba06
+            /*
c0ba06
+             *  Key Pair Generator engines
c0ba06
+             */
c0ba06
+            attrs.clear();
c0ba06
+            attrs.put("ImplementedIn", "Software");
c0ba06
+            attrs.put("KeySize", "2048"); // for DSA KPG and APG only
c5ecb0
 
c5ecb0
-        /*
c5ecb0
-         * Algorithm Parameter Generator engines
c5ecb0
-         */
c5ecb0
-        addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
c5ecb0
-                "sun.security.provider.DSAParameterGenerator", attrs);
c5ecb0
-        attrs.remove("KeySize");
c0ba06
+            String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
c0ba06
+            dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
c0ba06
+            addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
c5ecb0
 
c5ecb0
-        /*
c5ecb0
-         * Algorithm Parameter engines
c5ecb0
-         */
c5ecb0
-        addWithAlias(p, "AlgorithmParameters", "DSA",
c5ecb0
-                "sun.security.provider.DSAParameters", attrs);
c0ba06
+            /*
c0ba06
+             * Algorithm Parameter Generator engines
c0ba06
+             */
c0ba06
+            addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
c0ba06
+                    "sun.security.provider.DSAParameterGenerator", attrs);
c0ba06
+            attrs.remove("KeySize");
c5ecb0
 
c5ecb0
-        /*
c5ecb0
-         * Key factories
c5ecb0
-         */
c5ecb0
-        addWithAlias(p, "KeyFactory", "DSA",
c5ecb0
-                "sun.security.provider.DSAKeyFactory", attrs);
c0ba06
+            /*
c0ba06
+             * Algorithm Parameter engines
c0ba06
+             */
c0ba06
+            addWithAlias(p, "AlgorithmParameters", "DSA",
c0ba06
+                    "sun.security.provider.DSAParameters", attrs);
c5ecb0
 
c5ecb0
-        /*
c5ecb0
-         * Digest engines
c5ecb0
-         */
c5ecb0
-        add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
c5ecb0
-        add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
c5ecb0
-                attrs);
c0ba06
+            /*
c0ba06
+             * Key factories
c0ba06
+             */
c0ba06
+            addWithAlias(p, "KeyFactory", "DSA",
c0ba06
+                    "sun.security.provider.DSAKeyFactory", attrs);
c5ecb0
 
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-224",
c5ecb0
-                "sun.security.provider.SHA2$SHA224", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-256",
c5ecb0
-                "sun.security.provider.SHA2$SHA256", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-384",
c5ecb0
-                "sun.security.provider.SHA5$SHA384", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-512",
c5ecb0
-                "sun.security.provider.SHA5$SHA512", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-512/224",
c5ecb0
-                "sun.security.provider.SHA5$SHA512_224", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA-512/256",
c5ecb0
-                "sun.security.provider.SHA5$SHA512_256", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA3-224",
c5ecb0
-                "sun.security.provider.SHA3$SHA224", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA3-256",
c5ecb0
-                "sun.security.provider.SHA3$SHA256", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA3-384",
c5ecb0
-                "sun.security.provider.SHA3$SHA384", attrs);
c5ecb0
-        addWithAlias(p, "MessageDigest", "SHA3-512",
c5ecb0
-                "sun.security.provider.SHA3$SHA512", attrs);
c0ba06
+            /*
c0ba06
+             * Digest engines
c0ba06
+             */
c0ba06
+            add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
c0ba06
+            add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
c0ba06
+                    attrs);
c0ba06
+
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-224",
c0ba06
+                    "sun.security.provider.SHA2$SHA224", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-256",
c0ba06
+                    "sun.security.provider.SHA2$SHA256", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-384",
c0ba06
+                    "sun.security.provider.SHA5$SHA384", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-512",
c0ba06
+                    "sun.security.provider.SHA5$SHA512", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-512/224",
c0ba06
+                    "sun.security.provider.SHA5$SHA512_224", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA-512/256",
c0ba06
+                    "sun.security.provider.SHA5$SHA512_256", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA3-224",
c0ba06
+                    "sun.security.provider.SHA3$SHA224", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA3-256",
c0ba06
+                    "sun.security.provider.SHA3$SHA256", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA3-384",
c0ba06
+                    "sun.security.provider.SHA3$SHA384", attrs);
c0ba06
+            addWithAlias(p, "MessageDigest", "SHA3-512",
c0ba06
+                    "sun.security.provider.SHA3$SHA512", attrs);
c5ecb0
+        }
c0ba06
 
c0ba06
         /*
c0ba06
          * Certificates
c5ecb0
diff --git openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
c5ecb0
index 8c9e4f9dbe6..883dc04758e 100644
c5ecb0
--- openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
c0ba06
+++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
c0ba06
@@ -38,6 +38,7 @@ import java.util.HashMap;
c0ba06
 import java.util.Iterator;
c0ba06
 import java.util.List;
c0ba06
 
c0ba06
+import jdk.internal.access.SharedSecrets;
c0ba06
 import sun.security.ec.ed.EdDSAAlgorithmParameters;
c0ba06
 import sun.security.ec.ed.EdDSAKeyFactory;
c0ba06
 import sun.security.ec.ed.EdDSAKeyPairGenerator;
c0ba06
@@ -56,6 +57,10 @@ public final class SunEC extends Provider {
c0ba06
 
c0ba06
     private static final long serialVersionUID = -2279741672933606418L;
c0ba06
 
c0ba06
+    private static final boolean systemFipsEnabled =
c0ba06
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
c0ba06
+            .isSystemFipsEnabled();
c0ba06
+
c0ba06
     private static class ProviderServiceA extends ProviderService {
c0ba06
         ProviderServiceA(Provider p, String type, String algo, String cn,
c0ba06
             HashMap<String, String> attrs) {
c0ba06
@@ -249,85 +254,86 @@ public final class SunEC extends Provider {
c0ba06
 
c0ba06
         putXDHEntries();
c0ba06
         putEdDSAEntries();
c0ba06
-
c0ba06
-        /*
c0ba06
-         * Signature engines
c0ba06
-         */
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
c0ba06
-            null, ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
c0ba06
-            ATTRS));
c0ba06
-
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "NONEwithECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$RawinP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "SHA1withECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "SHA224withECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "SHA256withECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "SHA384withECDSAinP1363Format",
c0ba06
-            "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "SHA512withECDSAinP1363Format",
c0ba06
-            "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
c0ba06
-
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "SHA3-224withECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-             "SHA3-256withECDSAinP1363Format",
c0ba06
-             "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "SHA3-384withECDSAinP1363Format",
c0ba06
-            "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "SHA3-512withECDSAinP1363Format",
c0ba06
-            "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
c0ba06
-
c0ba06
-        /*
c0ba06
-         *  Key Pair Generator engine
c0ba06
-         */
c0ba06
-        putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
-            "EC", "sun.security.ec.ECKeyPairGenerator",
c0ba06
-            List.of("EllipticCurve"), ATTRS));
c0ba06
-
c0ba06
-        /*
c0ba06
-         * Key Agreement engine
c0ba06
-         */
c0ba06
-        putService(new ProviderService(this, "KeyAgreement",
c0ba06
-            "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
c0ba06
+        if (!systemFipsEnabled) {
c0ba06
+            /*
c0ba06
+             * Signature engines
c0ba06
+             */
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
c0ba06
+                null, ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
c0ba06
+                ATTRS));
c0ba06
+
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "NONEwithECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$RawinP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "SHA1withECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "SHA224withECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "SHA256withECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "SHA384withECDSAinP1363Format",
c0ba06
+                "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "SHA512withECDSAinP1363Format",
c0ba06
+                "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
c0ba06
+
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "SHA3-224withECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                 "SHA3-256withECDSAinP1363Format",
c0ba06
+                 "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "SHA3-384withECDSAinP1363Format",
c0ba06
+                "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "SHA3-512withECDSAinP1363Format",
c0ba06
+                "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
c0ba06
+
c0ba06
+            /*
c0ba06
+             *  Key Pair Generator engine
c0ba06
+             */
c0ba06
+            putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
+                "EC", "sun.security.ec.ECKeyPairGenerator",
c0ba06
+                List.of("EllipticCurve"), ATTRS));
c0ba06
+
c0ba06
+            /*
c0ba06
+             * Key Agreement engine
c0ba06
+             */
c0ba06
+            putService(new ProviderService(this, "KeyAgreement",
c0ba06
+                "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
c0ba06
+        }
c0ba06
     }
c0ba06
 
c0ba06
     private void putXDHEntries() {
c0ba06
@@ -344,23 +350,25 @@ public final class SunEC extends Provider {
c0ba06
             "X448", "sun.security.ec.XDHKeyFactory.X448",
c0ba06
             ATTRS));
c0ba06
 
c0ba06
-        putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
-            "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
-            "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
-            "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
c0ba06
-            ATTRS));
c0ba06
-
c0ba06
-        putService(new ProviderService(this, "KeyAgreement",
c0ba06
-            "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyAgreement",
c0ba06
-            "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyAgreement",
c0ba06
-            "X448", "sun.security.ec.XDHKeyAgreement.X448",
c0ba06
-            ATTRS));
c0ba06
+        if (!systemFipsEnabled) {
c0ba06
+            putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
+                "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
+                "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
+                "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
c0ba06
+                ATTRS));
c0ba06
+
c0ba06
+            putService(new ProviderService(this, "KeyAgreement",
c0ba06
+                "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyAgreement",
c0ba06
+                "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyAgreement",
c0ba06
+                "X448", "sun.security.ec.XDHKeyAgreement.X448",
c0ba06
+                ATTRS));
c0ba06
+        }
c0ba06
     }
c0ba06
 
c0ba06
     private void putEdDSAEntries() {
c0ba06
@@ -375,21 +383,23 @@ public final class SunEC extends Provider {
c0ba06
         putService(new ProviderServiceA(this, "KeyFactory",
c0ba06
             "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
c0ba06
 
c0ba06
-        putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
-            "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
-            "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
c0ba06
-            ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
-            "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
c0ba06
-            ATTRS));
c0ba06
-
c0ba06
-        putService(new ProviderService(this, "Signature",
c0ba06
-            "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
c0ba06
-        putService(new ProviderServiceA(this, "Signature",
c0ba06
-            "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
c0ba06
+        if (!systemFipsEnabled) {
c0ba06
+            putService(new ProviderService(this, "KeyPairGenerator",
c0ba06
+                "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
+                "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
c0ba06
+                ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "KeyPairGenerator",
c0ba06
+                "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
c0ba06
+                ATTRS));
c0ba06
+
c0ba06
+            putService(new ProviderService(this, "Signature",
c0ba06
+                "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
c0ba06
+            putService(new ProviderServiceA(this, "Signature",
c0ba06
+                "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
c0ba06
+        }
c0ba06
 
c0ba06
     }
c0ba06
 }