8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

Reviewed-by: jnimeh
2025-08-26 14:24:46 +02:00 · 2025-01-09 17:34:20 +00:00 · 2025-01-09 17:34:20 +00:00 · 3bfa9521d5
commit 3bfa9521d5
parent 1ef77cdd51
9 changed files with 43 additions and 14 deletions
--- a/src/java.base/share/classes/java/security/AlgorithmParameters.java
+++ b/src/java.base/share/classes/java/security/AlgorithmParameters.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -48,12 +48,19 @@ import java.util.Objects;
 * obtained via a call to {@code getEncoded}.
 *
 * <p> Every implementation of the Java platform is required to support the
- * following standard {@code AlgorithmParameters} algorithms:
+ * following standard {@code AlgorithmParameters} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For the
+ * "RSASSA-PSS" algorithm, implementations must support the parameters in
+ * parentheses.
 * <ul>
 * <li>{@code AES}</li>
+ * <li>{@code ChaCha20-Poly1305}</li>
 * <li>{@code DESede}</li>
 * <li>{@code DiffieHellman}</li>
 * <li>{@code DSA}</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *     hash algorithms)</li>
 * </ul>
 * These algorithms are described in the <a href=
 * "{@docRoot}/../specs/security/standard-names.html#algorithmparameters-algorithms">
--- a/src/java.base/share/classes/java/security/KeyFactory.java
+++ b/src/java.base/share/classes/java/security/KeyFactory.java
@ -72,7 +72,10 @@ import sun.security.jca.GetInstance.Instance;
 * <ul>
 * <li>{@code DiffieHellman}</li>
 * <li>{@code DSA}</li>
+ * <li>{@code EC}</li>
 * <li>{@code RSA}</li>
+ * <li>{@code RSASSA-PSS}</li>
+ * <li>{@code X25519}</li>
 * </ul>
 * These algorithms are described in the <a href=
 * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms">
--- a/src/java.base/share/classes/java/security/KeyPairGenerator.java
+++ b/src/java.base/share/classes/java/security/KeyPairGenerator.java
@ -113,12 +113,16 @@ import sun.security.util.Debug;
 * supply their own implementations of key pair generators.
 *
 * <p> Every implementation of the Java platform is required to support the
- * following standard {@code KeyPairGenerator} algorithms and keysizes in
- * parentheses:
+ * following standard {@code KeyPairGenerator} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For other
+ * algorithms, implementations must support the key sizes in parentheses.
 * <ul>
- * <li>{@code DiffieHellman} (1024, 2048, 4096)</li>
+ * <li>{@code DiffieHellman} (1024, 2048, 3072, 4096)</li>
 * <li>{@code DSA} (1024, 2048)</li>
- * <li>{@code RSA} (1024, 2048, 4096)</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSA} (1024, 2048, 3072, 4096)</li>
+ * <li>{@code RSASSA-PSS} (2048, 3072, 4096)</li>
+ * <li>{@code X25519}</li>
 * </ul>
 * These algorithms are described in the <a href=
 * "{@docRoot}/../specs/security/standard-names.html#keypairgenerator-algorithms">
--- a/src/java.base/share/classes/java/security/MessageDigest.java
+++ b/src/java.base/share/classes/java/security/MessageDigest.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -87,6 +87,7 @@ import javax.crypto.SecretKey;
 * <ul>
 * <li>{@code SHA-1}</li>
 * <li>{@code SHA-256}</li>
+ * <li>{@code SHA-384}</li>
 * </ul>
 * These algorithms are described in the <a href=
 * "{@docRoot}/../specs/security/standard-names.html#messagedigest-algorithms">
--- a/src/java.base/share/classes/java/security/Signature.java
+++ b/src/java.base/share/classes/java/security/Signature.java
@ -100,12 +100,20 @@ import sun.security.util.KnownOIDs;
 * supply their own implementations of digital signature algorithms.
 *
 * <p> Every implementation of the Java platform is required to support the
- * following standard {@code Signature} algorithms:
+ * following standard {@code Signature} algorithms. For the "RSASSA-PSS"
+ * algorithm, implementations must support the parameters in parentheses. For
+ * the "SHA256withECDSA" and "SHA384withECDSA" algorithms, implementations must
+ * support the curves in parentheses.
 * <ul>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *      hash algorithms)</li>
 * <li>{@code SHA1withDSA}</li>
 * <li>{@code SHA256withDSA}</li>
+ * <li>{@code SHA256withECDSA} (secp256r1)</li>
+ * <li>{@code SHA384withECDSA} (secp384r1)</li>
 * <li>{@code SHA1withRSA}</li>
 * <li>{@code SHA256withRSA}</li>
+ * <li>{@code SHA384withRSA}</li>
 * </ul>
 * These algorithms are described in the <a href=
 * "{@docRoot}/../specs/security/standard-names.html#signature-algorithms">