diff --git a/make/modules/java.base/Lib.gmk b/make/modules/java.base/Lib.gmk index 5ca120543518b..15946a06e6c9b 100644 --- a/make/modules/java.base/Lib.gmk +++ b/make/modules/java.base/Lib.gmk @@ -175,19 +175,17 @@ ifeq ($(USE_SYSCONF_NSS), true) LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS endif -ifeq ($(OPENJDK_BUILD_OS), linux) - $(eval $(call SetupJdkLibrary, BUILD_LIBSYSTEMCONF, \ - NAME := systemconf, \ - OPTIMIZATION := LOW, \ - CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \ - CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \ - LDFLAGS := $(LDFLAGS_JDKLIB) \ - $(call SET_SHARED_LIBRARY_ORIGIN), \ - LIBS_unix := $(LIBDL) $(NSS_LIBS), \ - )) +$(eval $(call SetupJdkLibrary, BUILD_LIBSYSTEMCONF, \ + NAME := systemconf, \ + OPTIMIZATION := LOW, \ + CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \ + CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LIBS_unix := $(LIBDL) $(NSS_LIBS), \ +)) - TARGETS += $(BUILD_LIBSYSTEMCONF) -endif +TARGETS += $(BUILD_LIBSYSTEMCONF) ################################################################################ # Create the symbols file for static builds. diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java index 324620a8e9bc1..d967010b8488c 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -540,86 +540,86 @@ void putEntries() { psA("AlgorithmParameters", "ChaCha20-Poly1305", "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null); - if (!systemFipsEnabled) { - /* - * Key factories - */ - psA("KeyFactory", "DiffieHellman", - "com.sun.crypto.provider.DHKeyFactory", - null); + /* + * Key factories + */ + psA("KeyFactory", "DiffieHellman", + "com.sun.crypto.provider.DHKeyFactory", + null); - /* - * Secret-key factories - */ - ps("SecretKeyFactory", "DES", - "com.sun.crypto.provider.DESKeyFactory"); + /* + * Secret-key factories + */ + ps("SecretKeyFactory", "DES", + "com.sun.crypto.provider.DESKeyFactory"); - psA("SecretKeyFactory", "DESede", - "com.sun.crypto.provider.DESedeKeyFactory", null); + psA("SecretKeyFactory", "DESede", + "com.sun.crypto.provider.DESedeKeyFactory", null); - psA("SecretKeyFactory", "PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", - null); + psA("SecretKeyFactory", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", + null); - /* - * Internal in-house crypto algorithm used for - * the JCEKS keystore type. Since this was developed - * internally, there isn't an OID corresponding to this - * algorithm. - */ - ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES"); + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES"); - psA("SecretKeyFactory", "PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", - null); + psA("SecretKeyFactory", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", + null); - psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", - null); + psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", + null); - psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", - null); + psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", + null); - psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", - null); + psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", + null); - psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", - null); + psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", + null); - ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128"); + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128"); - ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128"); + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128"); - ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128"); + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128"); - ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128"); + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128"); - ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); - ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); - ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256"); + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256"); - ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256"); + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256"); - ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256"); + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256"); - ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256"); + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256"); + if (!systemFipsEnabled) { // PBKDF2 psA("SecretKeyFactory", "PBKDF2WithHmacSHA1", "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c similarity index 97% rename from src/java.base/linux/native/libsystemconf/systemconf.c rename to src/java.base/share/native/libsystemconf/systemconf.c index 8dcb7d9073f45..ddf9befe5bcce 100644 --- a/src/java.base/linux/native/libsystemconf/systemconf.c +++ b/src/java.base/share/native/libsystemconf/systemconf.c @@ -28,6 +28,8 @@ #include "jvm_md.h" #include +#ifdef LINUX + #ifdef SYSCONF_NSS #include #else @@ -222,3 +224,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE); } } + +#else // !LINUX + +JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled + (JNIEnv *env, jclass cls) +{ + return JNI_FALSE; +} + +#endif diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java index 187be7295f3b2..52a403107c33f 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java @@ -38,7 +38,6 @@ import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.SecretKeySpec; -import javax.crypto.spec.DHPrivateKeySpec; import javax.crypto.spec.IvParameterSpec; import sun.security.jca.JCAUtil; @@ -194,34 +193,6 @@ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attribu attrsMap.put(CKA_NETSCAPE_DB, new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO)); } - } else if (keyType == CKK_DH) { - if (debug != null) { - debug.println("Importing a Diffie-Hellman private key..."); - } - if (DHKF == null) { - DHKFLock.lock(); - try { - if (DHKF == null) { - DHKF = KeyFactory.getInstance( - "DH", P11Util.getSunJceProvider()); - } - } finally { - DHKFLock.unlock(); - } - } - DHPrivateKeySpec spec = new DHPrivateKeySpec - (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null) - ? v : BigInteger.ZERO, - ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null) - ? v : BigInteger.ZERO, - ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null) - ? v : BigInteger.ZERO); - keyBytes = DHKF.generatePrivate(spec).getEncoded(); - if (token.config.getNssNetscapeDbWorkaround() && - attrsMap.get(CKA_NETSCAPE_DB) == null) { - attrsMap.put(CKA_NETSCAPE_DB, - new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO)); - } } else { if (debug != null) { debug.println("Unrecognized private key type."); diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java index 1c5bd3d15ac6a..04bee91ad9e4d 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -401,7 +401,8 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm, new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); - boolean keySensitive = (!plainKeySupportEnabled && + boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH"); + boolean keySensitive = (!exportable && (attrs[0].getBoolean() || attrs[1].getBoolean() || !attrs[2].getBoolean()));