archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 06:14:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

Browse source 
Reviewed-by: jnimeh
This commit is contained in:
Sean Mullan 2025-01-09 17:34:20 +00:00
parent 1ef77cdd51
commit 3bfa9521d5
9 changed files with 43 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/java.base/share/classes/java/security/AlgorithmParameters.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -48,12 +48,19 @@ import java.util.Objects;
* obtained via a call to {@code getEncoded}.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code AlgorithmParameters} algorithms:
* following standard {@code AlgorithmParameters} algorithms. For the "EC"
* algorithm, implementations must support the curves in parentheses. For the
* "RSASSA-PSS" algorithm, implementations must support the parameters in
* parentheses.
* <ul>
* <li>{@code AES}</li>
* <li>{@code ChaCha20-Poly1305}</li>
* <li>{@code DESede}</li>
* <li>{@code DiffieHellman}</li>
* <li>{@code DSA}</li>
* <li>{@code EC} (secp256r1, secp384r1)</li>
* <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
* hash algorithms)</li>
* </ul>
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#algorithmparameters-algorithms">

3
src/java.base/share/classes/java/security/KeyFactory.java
View file

@ -72,7 +72,10 @@ import sun.security.jca.GetInstance.Instance;
* <ul>
* <li>{@code DiffieHellman}</li>
* <li>{@code DSA}</li>
* <li>{@code EC}</li>
* <li>{@code RSA}</li>
* <li>{@code RSASSA-PSS}</li>
* <li>{@code X25519}</li>
* </ul>
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms">

12
src/java.base/share/classes/java/security/KeyPairGenerator.java
View file

@ -113,12 +113,16 @@ import sun.security.util.Debug;
* supply their own implementations of key pair generators.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code KeyPairGenerator} algorithms and keysizes in
* parentheses:
* following standard {@code KeyPairGenerator} algorithms. For the "EC"
* algorithm, implementations must support the curves in parentheses. For other
* algorithms, implementations must support the key sizes in parentheses.
* <ul>
* <li>{@code DiffieHellman} (1024, 2048, 4096)</li>
* <li>{@code DiffieHellman} (1024, 2048, 3072, 4096)</li>
* <li>{@code DSA} (1024, 2048)</li>
* <li>{@code RSA} (1024, 2048, 4096)</li>
* <li>{@code EC} (secp256r1, secp384r1)</li>
* <li>{@code RSA} (1024, 2048, 3072, 4096)</li>
* <li>{@code RSASSA-PSS} (2048, 3072, 4096)</li>
* <li>{@code X25519}</li>
* </ul>
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#keypairgenerator-algorithms">

3
src/java.base/share/classes/java/security/MessageDigest.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -87,6 +87,7 @@ import javax.crypto.SecretKey;
* <ul>
* <li>{@code SHA-1}</li>
* <li>{@code SHA-256}</li>
* <li>{@code SHA-384}</li>
* </ul>
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#messagedigest-algorithms">

10
src/java.base/share/classes/java/security/Signature.java
View file

@ -100,12 +100,20 @@ import sun.security.util.KnownOIDs;
* supply their own implementations of digital signature algorithms.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code Signature} algorithms:
* following standard {@code Signature} algorithms. For the "RSASSA-PSS"
* algorithm, implementations must support the parameters in parentheses. For
* the "SHA256withECDSA" and "SHA384withECDSA" algorithms, implementations must
* support the curves in parentheses.
* <ul>
* <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
* hash algorithms)</li>
* <li>{@code SHA1withDSA}</li>
* <li>{@code SHA256withDSA}</li>
* <li>{@code SHA256withECDSA} (secp256r1)</li>
* <li>{@code SHA384withECDSA} (secp384r1)</li>
* <li>{@code SHA1withRSA}</li>
* <li>{@code SHA256withRSA}</li>
* <li>{@code SHA384withRSA}</li>
* </ul>
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#signature-algorithms">

3
src/java.base/share/classes/javax/crypto/Cipher.java
View file

@ -148,7 +148,8 @@ import sun.security.util.KnownOIDs;
* <li>{@code AES/CBC/PKCS5Padding} (128)</li>
* <li>{@code AES/ECB/NoPadding} (128)</li>
* <li>{@code AES/ECB/PKCS5Padding} (128)</li>
* <li>{@code AES/GCM/NoPadding} (128)</li>
* <li>{@code AES/GCM/NoPadding} (128, 256)</li>
* <li>{@code ChaCha20-Poly1305}</li>
* <li>{@code DESede/CBC/NoPadding} (168)</li>
* <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
* <li>{@code DESede/ECB/NoPadding} (168)</li>

7
src/java.base/share/classes/javax/crypto/KeyAgreement.java
View file

@ -57,11 +57,14 @@ import sun.security.jca.GetInstance.Instance;
* specific or as specified by the standard key agreement algorithm.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code KeyAgreement} algorithm:
* following standard {@code KeyAgreement} algorithms. For the "ECDH"
* algorithm, implementations must support the curves in parentheses.
* <ul>
* <li>{@code DiffieHellman}</li>
* <li>{@code ECDH} (secp256r1, secp384r1)</li>
* <li>{@code X25519}</li>
* </ul>
* This algorithm is described in the <a href=
* These algorithms are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#keyagreement-algorithms">
* KeyAgreement section</a> of the
* Java Security Standard Algorithm Names Specification.

3
src/java.base/share/classes/javax/crypto/KeyGenerator.java
View file

@ -96,7 +96,8 @@ import sun.security.util.Debug;
* following standard {@code KeyGenerator} algorithms with the keysizes in
* parentheses:
* <ul>
* <li>{@code AES} (128)</li>
* <li>{@code AES} (128, 256)</li>
* <li>{@code ChaCha20}</li>
* <li>{@code DESede} (168)</li>
* <li>{@code HmacSHA1}</li>
* <li>{@code HmacSHA256}</li>

5
src/java.base/share/classes/javax/net/ssl/SSLContext.java
View file

@ -39,11 +39,12 @@ import sun.security.jca.GetInstance;
* secure random bytes.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code SSLContext} protocol:
* following standard {@code SSLContext} protocols:
* <ul>
* <li>{@code TLSv1.2}</li>
* <li>{@code TLSv1.3}</li>
* </ul>
* This protocol is described in the <a href=
* These protocols are described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#sslcontext-algorithms">
* SSLContext section</a> of the
* Java Security Standard Algorithm Names Specification.