From 3db22173debcd9ae6bbb4c2c6d517fba359357bb Mon Sep 17 00:00:00 2001
From: Francisco Ferrari Bihurriet <fferrari@redhat.com>
Date: Thu, 4 Aug 2022 19:13:38 -0300
Subject: [PATCH] RH2092507: P11Key.getEncoded does not work for DH keys in
 FIPS mode

---
 .../com/sun/crypto/provider/SunJCE.java       | 120 +++++++++---------
 1 file changed, 60 insertions(+), 60 deletions(-)

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
index 6d459fdec01dc..3c064965e82e8 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -540,86 +540,86 @@ void putEntries() {
         psA("AlgorithmParameters", "ChaCha20-Poly1305",
                 "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
 
-        if (!systemFipsEnabled) {
-            /*
-             * Key factories
-             */
-            psA("KeyFactory", "DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyFactory",
-                    null);
+        /*
+         * Key factories
+         */
+        psA("KeyFactory", "DiffieHellman",
+                "com.sun.crypto.provider.DHKeyFactory",
+                null);
 
-            /*
-             * Secret-key factories
-             */
-            ps("SecretKeyFactory", "DES",
-                    "com.sun.crypto.provider.DESKeyFactory");
+        /*
+         * Secret-key factories
+         */
+        ps("SecretKeyFactory", "DES",
+                "com.sun.crypto.provider.DESKeyFactory");
 
-            psA("SecretKeyFactory", "DESede",
-                    "com.sun.crypto.provider.DESedeKeyFactory", null);
+        psA("SecretKeyFactory", "DESede",
+                "com.sun.crypto.provider.DESedeKeyFactory", null);
 
-            psA("SecretKeyFactory", "PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
-                    null);
+        psA("SecretKeyFactory", "PBEWithMD5AndDES",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+                null);
 
-            /*
-             * Internal in-house crypto algorithm used for
-             * the JCEKS keystore type.  Since this was developed
-             * internally, there isn't an OID corresponding to this
-             * algorithm.
-             */
-            ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
+        /*
+         * Internal in-house crypto algorithm used for
+         * the JCEKS keystore type.  Since this was developed
+         * internally, there isn't an OID corresponding to this
+         * algorithm.
+         */
+        ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
 
-            psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
-                    null);
+        psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+                null);
 
-            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
-                    null);
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+                null);
 
-            psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
-                    null);
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+                null);
 
-            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
-                    null);
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+                null);
 
-            psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
-                    null);
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+                null);
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
 
-            ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
 
+        if (!systemFipsEnabled) {
             // PBKDF2
             psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
                     "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",