Blame SOURCES/rh2052070-enable_algorithmparameters_in_fips_mode.patch

dee830
commit 6e74f283739af0d867df01d20f82865f559a45ea
dee830
Author: Martin Balao <mbalao@redhat.com>
dee830
Date:   Mon Feb 28 04:58:05 2022 +0000
dee830
dee830
    RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
dee830
dee830
diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
dee830
index a020e1c15d8..6d459fdec01 100644
dee830
--- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
dee830
+++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
dee830
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
dee830
 import java.security.PrivilegedAction;
dee830
 import java.util.HashMap;
dee830
 import java.util.List;
dee830
+import jdk.internal.access.SharedSecrets;
dee830
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
dee830
 import static sun.security.util.SecurityProviderConstants.*;
dee830
 
dee830
@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*;
dee830
 
dee830
 public final class SunJCE extends Provider {
dee830
 
dee830
+    private static final boolean systemFipsEnabled =
dee830
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
dee830
+            .isSystemFipsEnabled();
dee830
+
dee830
     @java.io.Serial
dee830
     private static final long serialVersionUID = 6812507587804302833L;
dee830
 
dee830
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
dee830
     void putEntries() {
dee830
         // reuse attribute map and reset before each reuse
dee830
         HashMap<String, String> attrs = new HashMap<>(3);
dee830
-        attrs.put("SupportedModes", "ECB");
dee830
-        attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
dee830
-                + "|OAEPWITHMD5ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA1ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-1ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-224ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-256ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-384ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-512ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
dee830
-                + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
dee830
-        attrs.put("SupportedKeyClasses",
dee830
-                "java.security.interfaces.RSAPublicKey" +
dee830
-                "|java.security.interfaces.RSAPrivateKey");
dee830
-        ps("Cipher", "RSA",
dee830
-                "com.sun.crypto.provider.RSACipher", null, attrs);
dee830
-
dee830
-        // common block cipher modes, pads
dee830
-        final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
dee830
-            "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
dee830
-            "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
dee830
-        final String BLOCK_MODES128 = BLOCK_MODES +
dee830
-            "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
dee830
-            "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
dee830
-        final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedModes", BLOCK_MODES);
dee830
-        attrs.put("SupportedPaddings", BLOCK_PADS);
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        ps("Cipher", "DES",
dee830
-                "com.sun.crypto.provider.DESCipher", null, attrs);
dee830
-        psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
dee830
-                attrs);
dee830
-        ps("Cipher", "Blowfish",
dee830
-                "com.sun.crypto.provider.BlowfishCipher", null, attrs);
dee830
-
dee830
-        ps("Cipher", "RC2",
dee830
-                "com.sun.crypto.provider.RC2Cipher", null, attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedModes", BLOCK_MODES128);
dee830
-        attrs.put("SupportedPaddings", BLOCK_PADS);
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        psA("Cipher", "AES",
dee830
-                "com.sun.crypto.provider.AESCipher$General", attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        psA("Cipher", "AES/KW/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
dee830
-                attrs);
dee830
-        ps("Cipher", "AES/KW/PKCS5Padding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
dee830
-                null, attrs);
dee830
-        psA("Cipher", "AES/KWP/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
dee830
-                attrs);
dee830
-
dee830
-        psA("Cipher", "AES_128/ECB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_128/CBC/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_128/OFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_128/CFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_128/KW/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
dee830
-                attrs);
dee830
-        ps("Cipher", "AES_128/KW/PKCS5Padding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
dee830
-                null, attrs);
dee830
-        psA("Cipher", "AES_128/KWP/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
dee830
-                attrs);
dee830
-
dee830
-        psA("Cipher", "AES_192/ECB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_192/CBC/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_192/OFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_192/CFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_192/KW/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
dee830
-                attrs);
dee830
-        ps("Cipher", "AES_192/KW/PKCS5Padding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
dee830
-                null, attrs);
dee830
-        psA("Cipher", "AES_192/KWP/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
dee830
-                attrs);
dee830
-
dee830
-        psA("Cipher", "AES_256/ECB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_256/CBC/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_256/OFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_256/CFB/NoPadding",
dee830
-                "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_256/KW/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
dee830
-                attrs);
dee830
-        ps("Cipher", "AES_256/KW/PKCS5Padding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
dee830
-                null, attrs);
dee830
-        psA("Cipher", "AES_256/KWP/NoPadding",
dee830
-                "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
dee830
-                attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedModes", "GCM");
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-
dee830
-        ps("Cipher", "AES/GCM/NoPadding",
dee830
-                "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_128/GCM/NoPadding",
dee830
-                "com.sun.crypto.provider.GaloisCounterMode$AES128",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_192/GCM/NoPadding",
dee830
-                "com.sun.crypto.provider.GaloisCounterMode$AES192",
dee830
-                attrs);
dee830
-        psA("Cipher", "AES_256/GCM/NoPadding",
dee830
-                "com.sun.crypto.provider.GaloisCounterMode$AES256",
dee830
-                attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedModes", "CBC");
dee830
-        attrs.put("SupportedPaddings", "NOPADDING");
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        ps("Cipher", "DESedeWrap",
dee830
-                "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedModes", "ECB");
dee830
-        attrs.put("SupportedPaddings", "NOPADDING");
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        psA("Cipher", "ARCFOUR",
dee830
-                "com.sun.crypto.provider.ARCFOURCipher", attrs);
dee830
-
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        ps("Cipher",  "ChaCha20",
dee830
-                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
dee830
-                null, attrs);
dee830
-        psA("Cipher",  "ChaCha20-Poly1305",
dee830
-                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
dee830
-                attrs);
dee830
-
dee830
-        // PBES1
dee830
-        psA("Cipher", "PBEWithMD5AndDES",
dee830
-                "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
dee830
-                null);
dee830
-        ps("Cipher", "PBEWithMD5AndTripleDES",
dee830
-                "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
dee830
-        psA("Cipher", "PBEWithSHA1AndDESede",
dee830
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
dee830
-                null);
dee830
-        psA("Cipher", "PBEWithSHA1AndRC2_40",
dee830
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
dee830
-                null);
dee830
-        psA("Cipher", "PBEWithSHA1AndRC2_128",
dee830
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
dee830
-                null);
dee830
-        psA("Cipher", "PBEWithSHA1AndRC4_40",
dee830
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
dee830
-                null);
dee830
-
dee830
-        psA("Cipher", "PBEWithSHA1AndRC4_128",
dee830
-                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
dee830
-                null);
dee830
-
dee830
-        // PBES2
dee830
-        ps("Cipher", "PBEWithHmacSHA1AndAES_128",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA224AndAES_128",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA256AndAES_128",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA384AndAES_128",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA512AndAES_128",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA1AndAES_256",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA224AndAES_256",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA256AndAES_256",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA384AndAES_256",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
dee830
-
dee830
-        ps("Cipher", "PBEWithHmacSHA512AndAES_256",
dee830
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
dee830
-
dee830
-        /*
dee830
-         * Key(pair) Generator engines
dee830
-         */
dee830
-        ps("KeyGenerator", "DES",
dee830
-                "com.sun.crypto.provider.DESKeyGenerator");
dee830
-        psA("KeyGenerator", "DESede",
dee830
-                "com.sun.crypto.provider.DESedeKeyGenerator",
dee830
-                null);
dee830
-        ps("KeyGenerator", "Blowfish",
dee830
-                "com.sun.crypto.provider.BlowfishKeyGenerator");
dee830
-        psA("KeyGenerator", "AES",
dee830
-                "com.sun.crypto.provider.AESKeyGenerator",
dee830
-                null);
dee830
-        ps("KeyGenerator", "RC2",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
dee830
-        psA("KeyGenerator", "ARCFOUR",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
dee830
-                null);
dee830
-        ps("KeyGenerator", "ChaCha20",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
dee830
-        ps("KeyGenerator", "HmacMD5",
dee830
-                "com.sun.crypto.provider.HmacMD5KeyGenerator");
dee830
-
dee830
-        psA("KeyGenerator", "HmacSHA1",
dee830
-                "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
dee830
-        psA("KeyGenerator", "HmacSHA224",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA256",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA384",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA512",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA512/224",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA512/256",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
dee830
-                null);
dee830
-
dee830
-        psA("KeyGenerator", "HmacSHA3-224",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA3-256",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA3-384",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
dee830
-                null);
dee830
-        psA("KeyGenerator", "HmacSHA3-512",
dee830
-                "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
dee830
-                null);
dee830
-
dee830
-        psA("KeyPairGenerator", "DiffieHellman",
dee830
-                "com.sun.crypto.provider.DHKeyPairGenerator",
dee830
-                null);
dee830
+        if (!systemFipsEnabled) {
dee830
+            attrs.put("SupportedModes", "ECB");
dee830
+            attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
dee830
+                    + "|OAEPWITHMD5ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA1ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-1ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-224ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-256ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-384ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-512ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
dee830
+                    + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
dee830
+            attrs.put("SupportedKeyClasses",
dee830
+                    "java.security.interfaces.RSAPublicKey" +
dee830
+                    "|java.security.interfaces.RSAPrivateKey");
dee830
+            ps("Cipher", "RSA",
dee830
+                    "com.sun.crypto.provider.RSACipher", null, attrs);
dee830
+
dee830
+            // common block cipher modes, pads
dee830
+            final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
dee830
+                "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
dee830
+                "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
dee830
+            final String BLOCK_MODES128 = BLOCK_MODES +
dee830
+                "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
dee830
+                "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
dee830
+            final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedModes", BLOCK_MODES);
dee830
+            attrs.put("SupportedPaddings", BLOCK_PADS);
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            ps("Cipher", "DES",
dee830
+                    "com.sun.crypto.provider.DESCipher", null, attrs);
dee830
+            psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
dee830
+                    attrs);
dee830
+            ps("Cipher", "Blowfish",
dee830
+                    "com.sun.crypto.provider.BlowfishCipher", null, attrs);
dee830
+
dee830
+            ps("Cipher", "RC2",
dee830
+                    "com.sun.crypto.provider.RC2Cipher", null, attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedModes", BLOCK_MODES128);
dee830
+            attrs.put("SupportedPaddings", BLOCK_PADS);
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            psA("Cipher", "AES",
dee830
+                    "com.sun.crypto.provider.AESCipher$General", attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            psA("Cipher", "AES/KW/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
dee830
+                    attrs);
dee830
+            ps("Cipher", "AES/KW/PKCS5Padding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
dee830
+                    null, attrs);
dee830
+            psA("Cipher", "AES/KWP/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
dee830
+                    attrs);
dee830
+
dee830
+            psA("Cipher", "AES_128/ECB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_128/CBC/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_128/OFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_128/CFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_128/KW/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
dee830
+                    attrs);
dee830
+            ps("Cipher", "AES_128/KW/PKCS5Padding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
dee830
+                    null, attrs);
dee830
+            psA("Cipher", "AES_128/KWP/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
dee830
+                    attrs);
dee830
+
dee830
+            psA("Cipher", "AES_192/ECB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_192/CBC/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_192/OFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_192/CFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_192/KW/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
dee830
+                    attrs);
dee830
+            ps("Cipher", "AES_192/KW/PKCS5Padding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
dee830
+                    null, attrs);
dee830
+            psA("Cipher", "AES_192/KWP/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
dee830
+                    attrs);
dee830
+
dee830
+            psA("Cipher", "AES_256/ECB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_256/CBC/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_256/OFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_256/CFB/NoPadding",
dee830
+                    "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_256/KW/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
dee830
+                    attrs);
dee830
+            ps("Cipher", "AES_256/KW/PKCS5Padding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
dee830
+                    null, attrs);
dee830
+            psA("Cipher", "AES_256/KWP/NoPadding",
dee830
+                    "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
dee830
+                    attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedModes", "GCM");
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+
dee830
+            ps("Cipher", "AES/GCM/NoPadding",
dee830
+                    "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_128/GCM/NoPadding",
dee830
+                    "com.sun.crypto.provider.GaloisCounterMode$AES128",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_192/GCM/NoPadding",
dee830
+                    "com.sun.crypto.provider.GaloisCounterMode$AES192",
dee830
+                    attrs);
dee830
+            psA("Cipher", "AES_256/GCM/NoPadding",
dee830
+                    "com.sun.crypto.provider.GaloisCounterMode$AES256",
dee830
+                    attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedModes", "CBC");
dee830
+            attrs.put("SupportedPaddings", "NOPADDING");
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            ps("Cipher", "DESedeWrap",
dee830
+                    "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedModes", "ECB");
dee830
+            attrs.put("SupportedPaddings", "NOPADDING");
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            psA("Cipher", "ARCFOUR",
dee830
+                    "com.sun.crypto.provider.ARCFOURCipher", attrs);
dee830
+
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            ps("Cipher",  "ChaCha20",
dee830
+                    "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
dee830
+                    null, attrs);
dee830
+            psA("Cipher",  "ChaCha20-Poly1305",
dee830
+                    "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
dee830
+                    attrs);
dee830
+
dee830
+            // PBES1
dee830
+            psA("Cipher", "PBEWithMD5AndDES",
dee830
+                    "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
dee830
+                    null);
dee830
+            ps("Cipher", "PBEWithMD5AndTripleDES",
dee830
+                    "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
dee830
+            psA("Cipher", "PBEWithSHA1AndDESede",
dee830
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
dee830
+                    null);
dee830
+            psA("Cipher", "PBEWithSHA1AndRC2_40",
dee830
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
dee830
+                    null);
dee830
+            psA("Cipher", "PBEWithSHA1AndRC2_128",
dee830
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
dee830
+                    null);
dee830
+            psA("Cipher", "PBEWithSHA1AndRC4_40",
dee830
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
dee830
+                    null);
dee830
+
dee830
+            psA("Cipher", "PBEWithSHA1AndRC4_128",
dee830
+                    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
dee830
+                    null);
dee830
+
dee830
+            // PBES2
dee830
+            ps("Cipher", "PBEWithHmacSHA1AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA224AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA256AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA384AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA512AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA1AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA224AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA256AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA384AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
dee830
+
dee830
+            ps("Cipher", "PBEWithHmacSHA512AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
dee830
+
dee830
+            /*
dee830
+             * Key(pair) Generator engines
dee830
+             */
dee830
+            ps("KeyGenerator", "DES",
dee830
+                    "com.sun.crypto.provider.DESKeyGenerator");
dee830
+            psA("KeyGenerator", "DESede",
dee830
+                    "com.sun.crypto.provider.DESedeKeyGenerator",
dee830
+                    null);
dee830
+            ps("KeyGenerator", "Blowfish",
dee830
+                    "com.sun.crypto.provider.BlowfishKeyGenerator");
dee830
+            psA("KeyGenerator", "AES",
dee830
+                    "com.sun.crypto.provider.AESKeyGenerator",
dee830
+                    null);
dee830
+            ps("KeyGenerator", "RC2",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
dee830
+            psA("KeyGenerator", "ARCFOUR",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
dee830
+                    null);
dee830
+            ps("KeyGenerator", "ChaCha20",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
dee830
+            ps("KeyGenerator", "HmacMD5",
dee830
+                    "com.sun.crypto.provider.HmacMD5KeyGenerator");
dee830
+
dee830
+            psA("KeyGenerator", "HmacSHA1",
dee830
+                    "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
dee830
+            psA("KeyGenerator", "HmacSHA224",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA256",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA384",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA512",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA512/224",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA512/256",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
dee830
+                    null);
dee830
+
dee830
+            psA("KeyGenerator", "HmacSHA3-224",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA3-256",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA3-384",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
dee830
+                    null);
dee830
+            psA("KeyGenerator", "HmacSHA3-512",
dee830
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
dee830
+                    null);
dee830
+
dee830
+            psA("KeyPairGenerator", "DiffieHellman",
dee830
+                    "com.sun.crypto.provider.DHKeyPairGenerator",
dee830
+                    null);
dee830
+        }
dee830
 
dee830
         /*
dee830
          * Algorithm parameter generation engines
dee830
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
dee830
                 "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
dee830
                 null);
dee830
 
dee830
-        /*
dee830
-         * Key Agreement engines
dee830
-         */
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
dee830
-                        "|javax.crypto.interfaces.DHPrivateKey");
dee830
-        psA("KeyAgreement", "DiffieHellman",
dee830
-                "com.sun.crypto.provider.DHKeyAgreement",
dee830
-                attrs);
dee830
+        if (!systemFipsEnabled) {
dee830
+            /*
dee830
+             * Key Agreement engines
dee830
+             */
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
dee830
+                            "|javax.crypto.interfaces.DHPrivateKey");
dee830
+            psA("KeyAgreement", "DiffieHellman",
dee830
+                    "com.sun.crypto.provider.DHKeyAgreement",
dee830
+                    attrs);
dee830
+        }
dee830
 
dee830
         /*
dee830
          * Algorithm Parameter engines
dee830
@@ -531,197 +540,199 @@ public final class SunJCE extends Provider {
dee830
         psA("AlgorithmParameters", "ChaCha20-Poly1305",
dee830
                 "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
dee830
 
dee830
-        /*
dee830
-         * Key factories
dee830
-         */
dee830
-        psA("KeyFactory", "DiffieHellman",
dee830
-                "com.sun.crypto.provider.DHKeyFactory",
dee830
-                null);
dee830
-
dee830
-        /*
dee830
-         * Secret-key factories
dee830
-         */
dee830
-        ps("SecretKeyFactory", "DES",
dee830
-                "com.sun.crypto.provider.DESKeyFactory");
dee830
-
dee830
-        psA("SecretKeyFactory", "DESede",
dee830
-                "com.sun.crypto.provider.DESedeKeyFactory", null);
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithMD5AndDES",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
dee830
-                null);
dee830
-
dee830
-        /*
dee830
-         * Internal in-house crypto algorithm used for
dee830
-         * the JCEKS keystore type.  Since this was developed
dee830
-         * internally, there isn't an OID corresponding to this
dee830
-         * algorithm.
dee830
-         */
dee830
-        ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
dee830
-                null);
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
dee830
-                null);
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
dee830
-                null);
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
dee830
-                null);
dee830
-
dee830
-        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
dee830
-                null);
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
dee830
-
dee830
-        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
dee830
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
dee830
-
dee830
-        // PBKDF2
dee830
-        psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
dee830
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
dee830
-                null);
dee830
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
dee830
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
dee830
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
dee830
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
dee830
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
dee830
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
dee830
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
dee830
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
dee830
-
dee830
-        /*
dee830
-         * MAC
dee830
-         */
dee830
-        attrs.clear();
dee830
-        attrs.put("SupportedKeyFormats", "RAW");
dee830
-        ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
dee830
-        psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
dee830
-                attrs);
dee830
-        psA("Mac", "HmacSHA224",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
dee830
-        psA("Mac", "HmacSHA256",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
dee830
-        psA("Mac", "HmacSHA384",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
dee830
-        psA("Mac", "HmacSHA512",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
dee830
-        psA("Mac", "HmacSHA512/224",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
dee830
-        psA("Mac", "HmacSHA512/256",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
dee830
-        psA("Mac", "HmacSHA3-224",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
dee830
-        psA("Mac", "HmacSHA3-256",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
dee830
-        psA("Mac", "HmacSHA3-384",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
dee830
-        psA("Mac", "HmacSHA3-512",
dee830
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
dee830
-
dee830
-        ps("Mac", "HmacPBESHA1",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA224",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA256",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA384",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA512",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA512/224",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
dee830
-                null, attrs);
dee830
-        ps("Mac", "HmacPBESHA512/256",
dee830
-                "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
dee830
-                null, attrs);
dee830
-
dee830
-
dee830
-        // PBMAC1
dee830
-        ps("Mac", "PBEWithHmacSHA1",
dee830
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
dee830
-        ps("Mac", "PBEWithHmacSHA224",
dee830
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
dee830
-        ps("Mac", "PBEWithHmacSHA256",
dee830
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
dee830
-        ps("Mac", "PBEWithHmacSHA384",
dee830
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
dee830
-        ps("Mac", "PBEWithHmacSHA512",
dee830
-                "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
dee830
-        ps("Mac", "SslMacMD5",
dee830
-                "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
dee830
-        ps("Mac", "SslMacSHA1",
dee830
-                "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
dee830
-
dee830
-        /*
dee830
-         * KeyStore
dee830
-         */
dee830
-        ps("KeyStore", "JCEKS",
dee830
-                "com.sun.crypto.provider.JceKeyStore");
dee830
-
dee830
-        /*
dee830
-         * SSL/TLS mechanisms
dee830
-         *
dee830
-         * These are strictly internal implementations and may
dee830
-         * be changed at any time.  These names were chosen
dee830
-         * because PKCS11/SunPKCS11 does not yet have TLS1.2
dee830
-         * mechanisms, and it will cause calls to come here.
dee830
-         */
dee830
-        ps("KeyGenerator", "SunTlsPrf",
dee830
-                "com.sun.crypto.provider.TlsPrfGenerator$V10");
dee830
-        ps("KeyGenerator", "SunTls12Prf",
dee830
-                "com.sun.crypto.provider.TlsPrfGenerator$V12");
dee830
-
dee830
-        ps("KeyGenerator", "SunTlsMasterSecret",
dee830
-                "com.sun.crypto.provider.TlsMasterSecretGenerator",
dee830
-                List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
dee830
-                null);
dee830
-
dee830
-        ps("KeyGenerator", "SunTlsKeyMaterial",
dee830
-                "com.sun.crypto.provider.TlsKeyMaterialGenerator",
dee830
-                List.of("SunTls12KeyMaterial"), null);
dee830
-
dee830
-        ps("KeyGenerator", "SunTlsRsaPremasterSecret",
dee830
-                "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
dee830
-                List.of("SunTls12RsaPremasterSecret"), null);
dee830
+        if (!systemFipsEnabled) {
dee830
+            /*
dee830
+             * Key factories
dee830
+             */
dee830
+            psA("KeyFactory", "DiffieHellman",
dee830
+                    "com.sun.crypto.provider.DHKeyFactory",
dee830
+                    null);
dee830
+
dee830
+            /*
dee830
+             * Secret-key factories
dee830
+             */
dee830
+            ps("SecretKeyFactory", "DES",
dee830
+                    "com.sun.crypto.provider.DESKeyFactory");
dee830
+
dee830
+            psA("SecretKeyFactory", "DESede",
dee830
+                    "com.sun.crypto.provider.DESedeKeyFactory", null);
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithMD5AndDES",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
dee830
+                    null);
dee830
+
dee830
+            /*
dee830
+             * Internal in-house crypto algorithm used for
dee830
+             * the JCEKS keystore type.  Since this was developed
dee830
+             * internally, there isn't an OID corresponding to this
dee830
+             * algorithm.
dee830
+             */
dee830
+            ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
dee830
+                    null);
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
dee830
+                    null);
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
dee830
+                    null);
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
dee830
+                    null);
dee830
+
dee830
+            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
dee830
+                    null);
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
dee830
+
dee830
+            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
dee830
+                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
dee830
+
dee830
+            // PBKDF2
dee830
+            psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
dee830
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
dee830
+                    null);
dee830
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
dee830
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
dee830
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
dee830
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
dee830
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
dee830
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
dee830
+            ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
dee830
+                    "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
dee830
+
dee830
+            /*
dee830
+             * MAC
dee830
+             */
dee830
+            attrs.clear();
dee830
+            attrs.put("SupportedKeyFormats", "RAW");
dee830
+            ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
dee830
+            psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
dee830
+                    attrs);
dee830
+            psA("Mac", "HmacSHA224",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
dee830
+            psA("Mac", "HmacSHA256",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
dee830
+            psA("Mac", "HmacSHA384",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
dee830
+            psA("Mac", "HmacSHA512",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
dee830
+            psA("Mac", "HmacSHA512/224",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
dee830
+            psA("Mac", "HmacSHA512/256",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
dee830
+            psA("Mac", "HmacSHA3-224",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
dee830
+            psA("Mac", "HmacSHA3-256",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
dee830
+            psA("Mac", "HmacSHA3-384",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
dee830
+            psA("Mac", "HmacSHA3-512",
dee830
+                    "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
dee830
+
dee830
+            ps("Mac", "HmacPBESHA1",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA224",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA256",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA384",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA512",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA512/224",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
dee830
+                    null, attrs);
dee830
+            ps("Mac", "HmacPBESHA512/256",
dee830
+                    "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
dee830
+                    null, attrs);
dee830
+
dee830
+
dee830
+            // PBMAC1
dee830
+            ps("Mac", "PBEWithHmacSHA1",
dee830
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
dee830
+            ps("Mac", "PBEWithHmacSHA224",
dee830
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
dee830
+            ps("Mac", "PBEWithHmacSHA256",
dee830
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
dee830
+            ps("Mac", "PBEWithHmacSHA384",
dee830
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
dee830
+            ps("Mac", "PBEWithHmacSHA512",
dee830
+                    "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
dee830
+            ps("Mac", "SslMacMD5",
dee830
+                    "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
dee830
+            ps("Mac", "SslMacSHA1",
dee830
+                    "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
dee830
+
dee830
+            /*
dee830
+             * KeyStore
dee830
+             */
dee830
+            ps("KeyStore", "JCEKS",
dee830
+                    "com.sun.crypto.provider.JceKeyStore");
dee830
+
dee830
+            /*
dee830
+             * SSL/TLS mechanisms
dee830
+             *
dee830
+             * These are strictly internal implementations and may
dee830
+             * be changed at any time.  These names were chosen
dee830
+             * because PKCS11/SunPKCS11 does not yet have TLS1.2
dee830
+             * mechanisms, and it will cause calls to come here.
dee830
+             */
dee830
+            ps("KeyGenerator", "SunTlsPrf",
dee830
+                    "com.sun.crypto.provider.TlsPrfGenerator$V10");
dee830
+            ps("KeyGenerator", "SunTls12Prf",
dee830
+                    "com.sun.crypto.provider.TlsPrfGenerator$V12");
dee830
+
dee830
+            ps("KeyGenerator", "SunTlsMasterSecret",
dee830
+                    "com.sun.crypto.provider.TlsMasterSecretGenerator",
dee830
+                    List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
dee830
+                    null);
dee830
+
dee830
+            ps("KeyGenerator", "SunTlsKeyMaterial",
dee830
+                    "com.sun.crypto.provider.TlsKeyMaterialGenerator",
dee830
+                    List.of("SunTls12KeyMaterial"), null);
dee830
+
dee830
+            ps("KeyGenerator", "SunTlsRsaPremasterSecret",
dee830
+                    "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
dee830
+                    List.of("SunTls12RsaPremasterSecret"), null);
dee830
+        }
dee830
     }
dee830
 
dee830
     // Return the instance of this class or create one if needed.
dee830
diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
dee830
index 7cb5ebcde51..709d32912ca 100644
dee830
--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
dee830
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
dee830
@@ -193,20 +193,22 @@ public final class SunEntries {
dee830
             String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
dee830
             dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
dee830
             addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
dee830
+        }
dee830
 
dee830
-            /*
dee830
-             * Algorithm Parameter Generator engines
dee830
-             */
dee830
-            addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
dee830
-                    "sun.security.provider.DSAParameterGenerator", attrs);
dee830
-            attrs.remove("KeySize");
dee830
+        /*
dee830
+         * Algorithm Parameter Generator engines
dee830
+         */
dee830
+        addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
dee830
+                "sun.security.provider.DSAParameterGenerator", attrs);
dee830
+        attrs.remove("KeySize");
dee830
 
dee830
-            /*
dee830
-             * Algorithm Parameter engines
dee830
-             */
dee830
-            addWithAlias(p, "AlgorithmParameters", "DSA",
dee830
-                    "sun.security.provider.DSAParameters", attrs);
dee830
+        /*
dee830
+         * Algorithm Parameter engines
dee830
+         */
dee830
+        addWithAlias(p, "AlgorithmParameters", "DSA",
dee830
+                "sun.security.provider.DSAParameters", attrs);
dee830
 
dee830
+        if (!systemFipsEnabled) {
dee830
             /*
dee830
              * Key factories
dee830
              */
dee830
diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
dee830
index ca79f25cc44..16c5ad2e227 100644
dee830
--- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
dee830
+++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
dee830
@@ -27,6 +27,7 @@ package sun.security.rsa;
dee830
 
dee830
 import java.util.*;
dee830
 import java.security.Provider;
dee830
+import jdk.internal.access.SharedSecrets;
dee830
 import static sun.security.util.SecurityProviderConstants.getAliases;
dee830
 
dee830
 /**
dee830
@@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
dee830
  */
dee830
 public final class SunRsaSignEntries {
dee830
 
dee830
+    private static final boolean systemFipsEnabled =
dee830
+            SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
dee830
+            .isSystemFipsEnabled();
dee830
+
dee830
     private void add(Provider p, String type, String algo, String cn,
dee830
              List<String> aliases, HashMap<String, String> attrs) {
dee830
          services.add(new Provider.Service(p, type, algo, cn,
dee830
@@ -56,49 +61,52 @@ public final class SunRsaSignEntries {
dee830
         // start populating content using the specified provider
dee830
         // common attribute map
dee830
         HashMap<String, String> attrs = new HashMap<>(3);
dee830
-        attrs.put("SupportedKeyClasses",
dee830
-                "java.security.interfaces.RSAPublicKey" +
dee830
-                "|java.security.interfaces.RSAPrivateKey");
dee830
+        if (!systemFipsEnabled) {
dee830
+            attrs.put("SupportedKeyClasses",
dee830
+                    "java.security.interfaces.RSAPublicKey" +
dee830
+                    "|java.security.interfaces.RSAPrivateKey");
dee830
+
dee830
+            add(p, "KeyFactory", "RSA",
dee830
+                    "sun.security.rsa.RSAKeyFactory$Legacy",
dee830
+                    getAliases("PKCS1"), null);
dee830
+            add(p, "KeyPairGenerator", "RSA",
dee830
+                    "sun.security.rsa.RSAKeyPairGenerator$Legacy",
dee830
+                    getAliases("PKCS1"), null);
dee830
+            addA(p, "Signature", "MD2withRSA",
dee830
+                    "sun.security.rsa.RSASignature$MD2withRSA", attrs);
dee830
+            addA(p, "Signature", "MD5withRSA",
dee830
+                    "sun.security.rsa.RSASignature$MD5withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA1withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA224withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA256withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA384withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA512withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA512/224withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA512/256withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA3-224withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA3-256withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA3-384withRSA",
dee830
+                   "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
dee830
+            addA(p, "Signature", "SHA3-512withRSA",
dee830
+                    "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
dee830
 
dee830
-        add(p, "KeyFactory", "RSA",
dee830
-                "sun.security.rsa.RSAKeyFactory$Legacy",
dee830
-                getAliases("PKCS1"), null);
dee830
-        add(p, "KeyPairGenerator", "RSA",
dee830
-                "sun.security.rsa.RSAKeyPairGenerator$Legacy",
dee830
-                getAliases("PKCS1"), null);
dee830
-        addA(p, "Signature", "MD2withRSA",
dee830
-                "sun.security.rsa.RSASignature$MD2withRSA", attrs);
dee830
-        addA(p, "Signature", "MD5withRSA",
dee830
-                "sun.security.rsa.RSASignature$MD5withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA1withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA224withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA256withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA384withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA512withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA512/224withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA512/256withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA3-224withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA3-256withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA3-384withRSA",
dee830
-               "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
dee830
-        addA(p, "Signature", "SHA3-512withRSA",
dee830
-                "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
dee830
+            addA(p, "KeyFactory", "RSASSA-PSS",
dee830
+                    "sun.security.rsa.RSAKeyFactory$PSS", attrs);
dee830
+            addA(p, "KeyPairGenerator", "RSASSA-PSS",
dee830
+                    "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
dee830
+            addA(p, "Signature", "RSASSA-PSS",
dee830
+                    "sun.security.rsa.RSAPSSSignature", attrs);
dee830
+        }
dee830
 
dee830
-        addA(p, "KeyFactory", "RSASSA-PSS",
dee830
-                "sun.security.rsa.RSAKeyFactory$PSS", attrs);
dee830
-        addA(p, "KeyPairGenerator", "RSASSA-PSS",
dee830
-                "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
dee830
-        addA(p, "Signature", "RSASSA-PSS",
dee830
-                "sun.security.rsa.RSAPSSSignature", attrs);
dee830
         addA(p, "AlgorithmParameters", "RSASSA-PSS",
dee830
                 "sun.security.rsa.PSSParameters", null);
dee830
     }
dee830
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
dee830
index 3a322854204..5a355e70cae 100644
dee830
--- openjdk.orig/src/java.base/share/conf/security/java.security
dee830
+++ openjdk/src/java.base/share/conf/security/java.security
dee830
@@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
dee830
 fips.provider.2=SUN
dee830
 fips.provider.3=SunEC
dee830
 fips.provider.4=SunJSSE
dee830
+fips.provider.5=SunJCE
dee830
+fips.provider.6=SunRsaSign
dee830
 
dee830
 #
dee830
 # A list of preferred providers for specific algorithms. These providers will