Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the OpenJDK exclude tests list for FIPS #611

Open
WilburZjh opened this issue Sep 21, 2022 · 7 comments
Open

Update the OpenJDK exclude tests list for FIPS #611

WilburZjh opened this issue Sep 21, 2022 · 7 comments

Comments

@WilburZjh
Copy link
Contributor

The FIPS mode has restrictive security configurations, so update the OpenJDK exclude tests list “ProblemList-fips.txt” for the FIPS testing.
@WilburZjh
Copy link
Contributor Author

Exclude tests list from sanity.openjdk

java.security.NoSuchProviderException: no such provider: SunRsaSign

  • java/math/BigInteger/ModPow65537.java.ModPow65537

Existing Jars sign related

  • java/util/jar/JarFile/ScanSignedJar.java.ScanSignedJar
  • java/util/jar/JarFile/TurkCert.java.TurkCert
  • java/util/jar/JarInputStream/ScanSignedJar.java.ScanSignedJar
  • java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java.TestIndexedJarWithBadSignature

-keystore ks -storepass changeit -keypass changeit -keyalg rsa -alias a -dname CN=A -genkeypair
keytool error: java.security.KeyStoreException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID

  • java/util/jar/JarInputStream/ExtraFileInMetaInf.java.ExtraFileInMetaInf

@WilburZjh
Copy link
Contributor Author

WilburZjh commented Sep 21, 2022
edited
Loading

Exclude tests list from extended.openjdk

java.security.KeyStoreException: JCEKS not found

  • sun/security/tools/jarsigner/TsacertOptionTest.java.TsacertOptionTest

java.security.KeyStoreException: JKS not found
java.security.NoSuchAlgorithmException: JKS KeyStore not available

  • java/security/KeyStore/CheckInputStream.java.CheckInputStream
  • java/security/KeyStore/KeyStoreBuilder.java.KeyStoreBuilder
  • java/security/KeyStore/PBETest.java.PBETest
  • java/security/KeyStore/PKCS12/CheckDefaults.java.CheckDefaults
  • java/security/KeyStore/PKCS12/WriteP12Test.java.WriteP12Test
  • java/security/KeyStore/TestKeyStoreBasic.java.TestKeyStoreBasic
  • java/security/KeyStore/TestKeystoreCompat.java.TestKeystoreCompat
  • java/security/Policy/SignedJar/SignedJarTest.java.SignedJarTest
  • javax/net/ssl/ALPN/SSLEngineAlpnTest.java.SSLEngineAlpnTest
  • javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java.SSLServerSocketAlpnTest
  • javax/net/ssl/ALPN/SSLSocketAlpnTest.java.SSLSocketAlpnTest
  • javax/net/ssl/ciphersuites/ECCurvesconstraints.java.ECCurvesconstraints
  • javax/net/ssl/compatibility/ClientHelloProcessing.java.ClientHelloProcessing
  • javax/net/ssl/FixingJavadocs/KMTMGetNothing.java.KMTMGetNothing
  • javax/net/ssl/FixingJavadocs/SSLSessionNulls.java.SSLSessionNulls
  • javax/net/ssl/interop/ClientHelloBufferUnderflowException.java.ClientHelloBufferUnderflowException
  • javax/net/ssl/interop/ClientHelloChromeInterOp.java.ClientHelloChromeInterOp
  • javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java.SystemPropCipherSuitesOrder
  • javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java.TLSCipherSuitesOrder
  • javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java.ClientJSSEServerJSSE
  • javax/net/ssl/ServerName/SSLEngineExplorer.java.SSLEngineExplorer
  • javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java.SSLEngineExplorerMatchedSNI
  • javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java.SSLEngineExplorerUnmatchedSNI
  • javax/net/ssl/ServerName/SSLEngineExplorerWithCli.java.SSLEngineExplorerWithCli
  • javax/net/ssl/ServerName/SSLEngineExplorerWithSrv.java.SSLEngineExplorerWithSrv
  • javax/net/ssl/ServerName/SSLSocketSNISensitive.java.SSLSocketSNISensitive
  • javax/net/ssl/SSLEngine/ArgCheck.java.ArgCheck
  • javax/net/ssl/SSLEngine/Arrays.java.Arrays
  • javax/net/ssl/SSLEngine/ExtendedKeyEngine.java.ExtendedKeyEngine
  • javax/net/ssl/SSLEngine/ExtendedKeySocket.java.ExtendedKeySocket
  • javax/net/ssl/SSLEngine/LargeBufs.java.LargeBufs
  • javax/net/ssl/SSLEngine/LargePacket.java.LargePacket
  • javax/net/ssl/SSLEngine/NoAuthClientAuth.java.NoAuthClientAuth
  • javax/net/ssl/SSLSession/RenegotiateTLS13.java.RenegotiateTLS13
  • javax/net/ssl/SSLSession/ResumeTLS13withSNI.java.ResumeTLS13withSNI
  • javax/net/ssl/SSLSession/SessionCacheSizeTests.java.SessionCacheSizeTests
  • javax/net/ssl/SSLSession/SessionTimeOutTests.java.SessionTimeOutTests
  • javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java.SSLCtxAccessToSessCtx
  • javax/net/ssl/SSLSession/TestEnabledProtocols.java.TestEnabledProtocols
  • javax/net/ssl/SSLSocket/InputStreamClosure.java.InputStreamClosure
  • javax/net/ssl/SSLSocket/OutputStreamClosure.java.OutputStreamClosure
  • javax/net/ssl/SSLSocket/Tls13PacketSize.java.Tls13PacketSize
  • javax/net/ssl/templates/SSLEngineTemplate.java.SSLEngineTemplate
  • javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java.SSLSocketSSLEngineTemplate
  • javax/net/ssl/templates/SSLSocketTemplate.java.SSLSocketTemplate
  • javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java.TestJSSEClientDefaultProtocol
  • javax/net/ssl/TLS/TestJSSEClientProtocol.java.TestJSSEClientProtocol
  • javax/net/ssl/TLS/TestJSSENoCommonProtocols.java.TestJSSENoCommonProtocols
  • javax/net/ssl/TLS/TestJSSEServerProtocol.java.TestJSSEServerProtocol
  • javax/net/ssl/TLS/TLSDataExchangeTest.java.TLSDataExchangeTest
  • javax/net/ssl/TLS/TLSEnginesClosureTest.java.TLSEnginesClosureTest
  • javax/net/ssl/TLS/TLSHandshakeTest.java.TLSHandshakeTest
  • javax/net/ssl/TLS/TLSMFLNTest.java.TLSMFLNTest
  • javax/net/ssl/TLS/TLSNotEnabledRC4Test.java.TLSNotEnabledRC4Test
  • javax/net/ssl/TLS/TLSRehandshakeTest.java.TLSRehandshakeTest
  • javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java.TLSRehandshakeWithCipherChangeTest
  • javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java.TLSRehandshakeWithDataExTest
  • javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java.TLSUnsupportedCiphersTest
  • javax/net/ssl/TLSv1/TLSDataExchangeTest.java.TLSDataExchangeTest
  • javax/net/ssl/TLSv1/TLSEnginesClosureTest.java.TLSEnginesClosureTest
  • javax/net/ssl/TLSv1/TLSHandshakeTest.java.TLSHandshakeTest
  • javax/net/ssl/TLSv1/TLSMFLNTest.java.TLSMFLNTest
  • javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java.TLSNotEnabledRC4Test
  • javax/net/ssl/TLSv1/TLSRehandshakeTest.java.TLSRehandshakeTest
  • javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java.TLSRehandshakeWithCipherChangeTest
  • javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java.TLSRehandshakeWithDataExTest
  • javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java.TLSUnsupportedCiphersTest
  • javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java.EmptyCertificateAuthorities
  • javax/net/ssl/TLSv11/TLSDataExchangeTest.java.TLSDataExchangeTest
  • javax/net/ssl/TLSv11/TLSEnginesClosureTest.java.TLSEnginesClosureTest
  • javax/net/ssl/TLSv11/TLSHandshakeTest.java.TLSHandshakeTest
  • javax/net/ssl/TLSv11/TLSMFLNTest.java.TLSMFLNTest
  • javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java.TLSNotEnabledRC4Test
  • javax/net/ssl/TLSv11/TLSRehandshakeTest.java.TLSRehandshakeTest
  • javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java.TLSRehandshakeWithCipherChangeTest
  • javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java.TLSRehandshakeWithDataExTest
  • javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java.TLSUnsupportedCiphersTest
  • javax/net/ssl/TLSv12/DisabledShortDSAKeys.java.DisabledShortDSAKeys
  • javax/net/ssl/TLSv12/DisabledShortRSAKeys.java.DisabledShortRSAKeys
  • javax/net/ssl/TLSv12/ShortRSAKey512.java.ShortRSAKey512
  • javax/net/ssl/TLSv12/ShortRSAKeyGCM.java.ShortRSAKeyGCM
  • javax/net/ssl/TLSv12/SignatureAlgorithms.java.SignatureAlgorithms
  • javax/net/ssl/TLSv12/TLSEnginesClosureTest.java.TLSEnginesClosureTest
  • sun/security/pkcs11/rsa/TestKeyFactory.java.TestKeyFactory
  • sun/security/pkcs11/rsa/TestSignatures.java.TestSignatures
  • sun/security/provider/KeyStore/CaseSensitiveAliases.java.CaseSensitiveAliases
  • sun/security/provider/KeyStore/TestJKSWithSecretKey.java.TestJKSWithSecretKey
  • sun/security/provider/KeyStore/WrongPassword.java.WrongPassword
  • sun/security/provider/X509Factory/BadPem.java.BadPem
  • sun/security/provider/X509Factory/BigCRL.java.BigCRL
  • sun/security/rsa/TestKeyFactory.java.TestKeyFactory
  • sun/security/rsa/TestSignatures.java.TestSignatures
  • sun/security/ssl/ALPN/AlpnGreaseTest.java.AlpnGreaseTest
  • sun/security/ssl/CertPathRestrictions/TLSRestrictions.java.TLSRestrictions
  • sun/security/ssl/ClientHandshaker/LengthCheckTest.java.LengthCheckTest
  • sun/security/ssl/ClientHandshaker/RSAExport.java.RSAExport
  • sun/security/ssl/DHKeyExchange/DHEKeySizing.java.DHEKeySizing
  • sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java.UseStrongDHSizes
  • sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java.DebugReportsOneExtraByte
  • sun/security/ssl/GenSSLConfigs/main.java.main
  • sun/security/ssl/HandshakeOutStream/NullCerts.java.NullCerts
  • sun/security/ssl/InputRecord/ClientHelloRead.java.ClientHelloRead
  • sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java.AnonCipherWithWantClientAuth
  • sun/security/ssl/ServerHandshaker/GetPeerHost.java.GetPeerHost
  • sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java.HelloExtensionsTest
  • sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java.CustomizedClientSchemes
  • sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java.CustomizedServerSchemes
  • sun/security/ssl/SignatureScheme/Tls13NamedGroups.java.Tls13NamedGroups
  • sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java.MD2InTrustAnchor
  • sun/security/ssl/SSLContextImpl/TrustTrustedCert.java.TrustTrustedCert
  • sun/security/ssl/SSLEngineImpl/CloseEngineException.java.CloseEngineException
  • sun/security/ssl/SSLEngineImpl/CloseStart.java.CloseStart
  • sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java.DelegatedTaskWrongException
  • sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java.EmptyExtensionData
  • sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java.EngineEnforceUseClientMode
  • sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java.RehandshakeFinished
  • sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java.SSLEngineBadBufferArrayAccess
  • sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java.SSLEngineDeadlock
  • sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java.SSLEngineFailedALPN
  • sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java.SSLEngineKeyLimit
  • sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java.TLS13BeginHandshake
  • sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java.ClientSocketCloseHang
  • sun/security/ssl/SSLSocketImpl/SSLExceptionForIOIssue.java.SSLExceptionForIOIssue
  • sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java.SSLSocketBruceForceClose
  • sun/security/ssl/SSLSocketImpl/SSLSocketClose.java.SSLSocketClose
  • sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java.SSLSocketKeyLimit
  • sun/security/ssl/X509KeyManager/CertificateAuthorities.java.CertificateAuthorities
  • sun/security/ssl/X509KeyManager/PreferredKey.java.PreferredKey
  • sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java.SelectOneKeyOutOfMany
  • sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java.BasicConstraints
  • sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java.CertRequestOverflow
  • sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java.CheckNullEntity
  • sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java.ComodoHacker
  • sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java.PKIXExtendedTM
  • sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java.SelfIssuedCert
  • sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java.SunX509ExtendedTM
  • sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java.TooManyCAs
  • sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java.X509ExtendedTMEnabled
  • sun/security/tools/keytool/StartDateTest.java.StartDateTest

no such algorithm: DSA for provider SUN

  • java/security/KeyRep/Serial.java.Serial
  • java/security/KeyRep/SerialDSAPubKey.java.SerialDSAPubKey
  • java/security/Signature/ByteBuffers.java.ByteBuffers
  • java/security/Signature/TestInitSignWithMyOwnRandom.java.TestInitSignWithMyOwnRandom
  • java/security/SignedObject/Copy.java.Copy
  • sun/security/pkcs/pkcs8/TestLeadingZeros.java.TestLeadingZeros
  • sun/security/provider/DSA/SupportedDSAParamGen.java.SupportedDSAParamGen
  • sun/security/provider/DSA/TestAlgParameterGenerator.java.TestAlgParameterGenerator
  • sun/security/provider/DSA/TestDSA.java.TestDSA
  • sun/security/provider/DSA/TestDSA2.java.TestDSA2
  • sun/security/provider/DSA/TestKeyPairGenerator.java.TestKeyPairGenerator
  • sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java.TestLegacyDSAKeyPairGenerator
  • sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java.TestDSAGenParameterSpec
  • sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java.TestSHAwithDSASignatureOids

Hard code provider SunJCE

  • com/sun/crypto/provider/CICO/CICODESFuncTest.java.CICODESFuncTest
  • com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java.CICOPBEFuncTest
  • com/sun/crypto/provider/Cipher/AEAD/Encrypt.java.Encrypt
  • com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java.SameBuffer
  • com/sun/crypto/provider/Cipher/AES/TestCopySafe.java.TestCopySafe
  • com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java.PBESameBuffer
  • com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java.PBESealedObject
  • com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java.PKCS12Cipher
  • com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java.PKCS12CipherKAT
  • com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java.TestCipherKeyWrapperPBEKey
  • com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java.TestCipherPBECons
  • com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java.CipherKAT
  • com/sun/crypto/provider/Cipher/RSA/TestOAEP.java.TestOAEP
  • com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java.TestOAEP_KAT
  • com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java.TestOAEPPadding
  • com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java.TestOAEPParameterSpec
  • com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java.TestOAEPWithParams
  • com/sun/crypto/provider/Cipher/RSA/TestRSA.java.TestRSA
  • com/sun/crypto/provider/Mac/HmacSaltLengths.java.HmacSaltLengths
  • com/sun/crypto/provider/Mac/MacKAT.java.MacKAT
  • com/sun/crypto/provider/TLS/TestKeyMaterial.java.TestKeyMaterial
  • com/sun/crypto/provider/TLS/TestMasterSecret.java.TestMasterSecret
  • com/sun/crypto/provider/TLS/TestPremaster.java.TestPremaster
  • com/sun/crypto/provider/TLS/TestPRF.java.TestPRF
  • com/sun/crypto/provider/TLS/TestPRF12.java.TestPRF12
  • java/security/Security/removing/RemoveStaticProvider.java.RemoveStaticProvider
  • javax/crypto/CryptoPermission/AllPermCheck.java.AllPermCheck
  • javax/crypto/CryptoPermission/LowercasePermCheck.java.LowercasePermCheck
  • javax/crypto/CryptoPermission/RC2PermCheck.java.RC2PermCheck
  • javax/crypto/CryptoPermission/RC4AliasPermCheck.java.RC4AliasPermCheck
  • javax/crypto/CryptoPermission/RSANoLimit.java.RSANoLimit
  • javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java.GetKeySpec
  • javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java.GetKeySpecException
  • javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java.GetKeySpecInvalidEncoding

no such provider: SunJCE

  • com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java.GCMLargeDataKAT
  • com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java.GCMParameterSpecTest
  • com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java.KeyWrapper
  • com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java.ReadWriteSkip
  • com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java.SealedObjectTest
  • com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java.WrongAAD
  • com/sun/crypto/provider/Cipher/AES/CICO.java.CICO
  • com/sun/crypto/provider/Cipher/AES/CTR.java.CTR
  • com/sun/crypto/provider/Cipher/AES/Padding.java.Padding
  • com/sun/crypto/provider/Cipher/AES/TestAESCipher.java.TestAESCipher
  • com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java.TestAESWithDefaultProvider
  • com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java.TestCICOWithGCM
  • com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java.TestCICOWithGCMAndAAD
  • com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java.TestGCMKeyAndIvCheck
  • com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java.TestISO10126Padding
  • com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java.TestKATForGCM
  • com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java.TestNonexpanding
  • com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java.TestSameBuffer
  • com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java.TestShortBuffer
  • com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java.TestCipherBlowfish
  • com/sun/crypto/provider/Cipher/CTR/CounterMode.java.CounterMode
  • com/sun/crypto/provider/Cipher/CTS/CTSMode.java.CTSMode
  • com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java.DESSecretKeySpec
  • com/sun/crypto/provider/Cipher/DES/KeyWrapping.java.KeyWrapping
  • com/sun/crypto/provider/Cipher/DES/PaddingTest.java.PaddingTest
  • com/sun/crypto/provider/Cipher/DES/TestCipherDES.java.TestCipherDES
  • com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java.TestCipherDESede
  • com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java.TextPKCS5PaddingTest
  • com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java.NISTWrapKAT
  • com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java.XMLEncKAT
  • com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java.DecryptWithoutParameters
  • com/sun/crypto/provider/Cipher/PBE/NegativeLength.java.NegativeLength
  • com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java.PBEKeysAlgorithmNames
  • com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java.PKCS12Oid
  • com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java.StrongOrUnlimited
  • com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java.DHGenSecretKey
  • com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java.DHKeyAgreement2
  • com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java.SameDHKeyStressTest
  • com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java.SupportedDHKeys
  • com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java.SupportedDHParamGens
  • com/sun/crypto/provider/KeyAgreement/TestExponentSize.java.TestExponentSize
  • com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java.UnsupportedDHKeys
  • com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java.PBKDF2HmacSHA1FactoryTest
  • com/sun/crypto/provider/KeyFactory/TestProviderLeak.java.TestProviderLeak
  • com/sun/crypto/provider/Mac/EmptyByteBufferTest.java.EmptyByteBufferTest
  • com/sun/crypto/provider/Mac/HmacPBESHA1.java.HmacPBESHA1
  • com/sun/crypto/provider/Mac/LargeByteBufferTest.java.LargeByteBufferTest
  • com/sun/crypto/provider/Mac/MacClone.java.MacClone
  • com/sun/crypto/provider/Mac/MacSameTest.java.MacSameTest
  • com/sun/crypto/provider/Mac/NullByteBufferTest.java.NullByteBufferTest
  • com/sun/crypto/provider/NSASuiteB/TestAESOids.java.TestAESOids
  • com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java.TestAESWrapOids
  • com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java.TestHmacSHAOids
  • java/security/KeyStore/PKCS12/ConvertP12Test.java.ConvertP12Test
  • java/security/KeyStore/TestKeyStoreEntry.java.TestKeyStoreEntry
  • java/security/Signature/NONEwithRSA.java.NONEwithRSA
  • javax/crypto/Cipher/CipherInputStreamExceptions.java.CipherInputStreamExceptions
  • javax/crypto/Cipher/GetMaxAllowed.java.GetMaxAllowed
  • javax/crypto/Cipher/TestCipherMode.java.TestCipherMode
  • javax/crypto/CipherSpi/DirectBBRemaining.java.DirectBBRemaining
  • javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java.GetAlgName
  • javax/crypto/KeyGenerator/TestGetInstance.java.TestGetInstance
  • javax/crypto/Mac/TestGetInstance.java.TestGetInstance
  • javax/crypto/SecretKeyFactory/SecKFTranslateTest.java.SecKFTranslateTest
  • javax/crypto/spec/DESKeySpec/CheckParity.java.CheckParity
  • javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java.RC2AlgorithmParameters
  • sun/security/pkcs11/Cipher/EncryptionPadding.java.EncryptionPadding
  • sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java.TestPKCS5PaddingError
  • sun/security/pkcs11/Cipher/TestRawRSACipher.java.TestRawRSACipher
  • sun/security/pkcs11/Cipher/TestRSACipher.java.TestRSACipher
  • sun/security/pkcs11/Cipher/TestRSACipherWrap.java.TestRSACipherWrap
  • sun/security/pkcs11/Cipher/TestSymmCiphers.java.TestSymmCiphers
  • sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java.TestSymmCiphersNoPad
  • sun/security/pkcs11/KeyAgreement/TestInterop.java.TestInterop

no such provider: SunRsaSign

  • java/security/KeyFactory/GenerateRSAPrivateCrtKey.java.GenerateRSAPrivateCrtKey
  • java/security/KeyPairGenerator/GenerateRSAKeyPair.java.GenerateRSAKeyPair
  • java/security/Policy/GetInstance/GetInstance.java.GetInstance
  • javax/security/auth/login/Configuration/GetInstance.java.GetInstance
  • sun/security/pkcs11/Signature/SigInteropPSS.java.SigInteropPSS
  • sun/security/rsa/KeySizeTest.java.KeySizeTest
  • sun/security/rsa/PrivateKeyEqualityTest.java.PrivateKeyEqualityTest
  • sun/security/rsa/pss/PSSKeyCompatibility.java.PSSKeyCompatibility
  • sun/security/rsa/pss/PSSParametersTest.java.PSSParametersTest
  • sun/security/rsa/pss/SerializedPSSKey.java.SerializedPSSKey
  • sun/security/rsa/pss/TestPSSKeySupport.java.TestPSSKeySupport
  • sun/security/rsa/SignatureTest.java.SignatureTest
  • sun/security/rsa/SignedObjectChain.java.SignedObjectChain
  • sun/security/rsa/SpecTest.java.SpecTest
  • sun/security/rsa/TestKeyPairGeneratorInit.java.TestKeyPairGeneratorInit
  • sun/security/rsa/TestKeyPairGeneratorLength.java.TestKeyPairGeneratorLength

java.lang.RuntimeException: Provider SunRsaSign not found.

  • sun/security/x509/X509CRLImpl/Verify.java.Verify
  • sun/security/x509/X509CertImpl/Verify.java.Verify

Hard code provider SunRsaSign

  • java/security/Signature/SignatureGetInstance.java.SignatureGetInstance
  • sun/security/rsa/TestKeyPairGenerator.java.TestKeyPairGenerator
  • sun/security/rsa/TestSigGen15.java.TestSigGen15
  • sun/security/rsa/pss/TestSigGenPSS.java.TestSigGenPSS

SunJGSS provider & krb5 related

  • sun/security/jgss/GssMemoryIssues.java.GssMemoryIssues
  • sun/security/jgss/spnego/MSOID.java.MSOID
  • sun/security/jgss/spnego/NotPreferredMech.java.NotPreferredMech
  • sun/security/krb5/KrbCredSubKey.java.KrbCredSubKey
  • sun/security/krb5/RFC396xTest.java.RFC396xTest
  • sun/security/krb5/ServiceCredsCombination.java.ServiceCredsCombination
  • sun/security/krb5/auto/AcceptPermissions.java.AcceptPermissions
  • sun/security/krb5/auto/AcceptorSubKey.java.AcceptorSubKey
  • sun/security/krb5/auto/Addresses.java.Addresses
  • sun/security/krb5/auto/AddressesAndNameType.java.AddressesAndNameType
  • sun/security/krb5/auto/AlwaysEncPaReq.java.AlwaysEncPaReq
  • sun/security/krb5/auto/Basic.java.Basic
  • sun/security/krb5/auto/BasicKrb5Test.java.BasicKrb5Test
  • sun/security/krb5/auto/BasicProc.java.BasicProc
  • sun/security/krb5/auto/BogusKDC.java.BogusKDC
  • sun/security/krb5/auto/CleanState.java.CleanState
  • sun/security/krb5/auto/CrossRealm.java.CrossRealm
  • sun/security/krb5/auto/DiffNameSameKey.java.DiffNameSameKey
  • sun/security/krb5/auto/DiffSaltParams.java.DiffSaltParams
  • sun/security/krb5/auto/DupEtypes.java.DupEtypes
  • sun/security/krb5/auto/DynamicKeytab.java.DynamicKeytab
  • sun/security/krb5/auto/EmptyPassword.java.EmptyPassword
  • sun/security/krb5/auto/FileKeyTab.java.FileKeyTab
  • sun/security/krb5/auto/ForwardableCheck.java.ForwardableCheck
  • sun/security/krb5/auto/Forwarded.java.Forwarded
  • sun/security/krb5/auto/GSS.java.GSS
  • sun/security/krb5/auto/GSSUnbound.java.GSSUnbound
  • sun/security/krb5/auto/HttpNegotiateServer.java.HttpNegotiateServer
  • sun/security/krb5/auto/IgnoreChannelBinding.java.IgnoreChannelBinding
  • sun/security/krb5/auto/KPEquals.java.KPEquals
  • sun/security/krb5/auto/KdcPolicy.java.KdcPolicy
  • sun/security/krb5/auto/KerberosHashEqualsTest.java.KerberosHashEqualsTest
  • sun/security/krb5/auto/KeyPermissions.java.KeyPermissions
  • sun/security/krb5/auto/KeyTabCompat.java.KeyTabCompat
  • sun/security/krb5/auto/KrbTicket.java.KrbTicket
  • sun/security/krb5/auto/KvnoNA.java.KvnoNA
  • sun/security/krb5/auto/LifeTimeInSeconds.java.LifeTimeInSeconds
  • sun/security/krb5/auto/LoginModuleOptions.java.LoginModuleOptions
  • sun/security/krb5/auto/LoginNoPass.java.LoginNoPass
  • sun/security/krb5/auto/LongLife.java.LongLife
  • sun/security/krb5/auto/MSOID2.java.MSOID2
  • sun/security/krb5/auto/MoreKvno.java.MoreKvno
  • sun/security/krb5/auto/NewSalt.java.NewSalt
  • sun/security/krb5/auto/NoAddresses.java.NoAddresses
  • sun/security/krb5/auto/NoInitNoKeytab.java.NoInitNoKeytab
  • sun/security/krb5/auto/NonMutualSpnego.java.NonMutualSpnego
  • sun/security/krb5/auto/NoneReplayCacheTest.java.NoneReplayCacheTest
  • sun/security/krb5/auto/NullRenewUntil.java.NullRenewUntil
  • sun/security/krb5/auto/OkAsDelegate.java.OkAsDelegate
  • sun/security/krb5/auto/OkAsDelegateXRealm.java.OkAsDelegateXRealm
  • sun/security/krb5/auto/OnlyDesLogin.java.OnlyDesLogin
  • sun/security/krb5/auto/PrincipalNameEquals.java.PrincipalNameEquals
  • sun/security/krb5/auto/RRC.java.RRC
  • sun/security/krb5/auto/ReferralsTest.java.ReferralsTest
  • sun/security/krb5/auto/RefreshKrb5Config.java.RefreshKrb5Config
  • sun/security/krb5/auto/Renew.java.Renew
  • sun/security/krb5/auto/Renewal.java.Renewal
  • sun/security/krb5/auto/ReplayCacheTest.java.ReplayCacheTest
  • sun/security/krb5/auto/S4U2proxy.java.S4U2proxy
  • sun/security/krb5/auto/S4U2proxyGSS.java.S4U2proxyGSS
  • sun/security/krb5/auto/S4U2self.java.S4U2self
  • sun/security/krb5/auto/S4U2selfAsServer.java.S4U2selfAsServer
  • sun/security/krb5/auto/S4U2selfAsServerGSS.java.S4U2selfAsServerGSS
  • sun/security/krb5/auto/S4U2selfGSS.java.S4U2selfGSS
  • sun/security/krb5/auto/SPNEGO.java.SPNEGO
  • sun/security/krb5/auto/SSL.java.SSL
  • sun/security/krb5/auto/SaslBasic.java.SaslBasic
  • sun/security/krb5/auto/SaslUnbound.java.SaslUnbound
  • sun/security/krb5/auto/SpnegoLifeTime.java.SpnegoLifeTime
  • sun/security/krb5/auto/SpnegoReqFlags.java.SpnegoReqFlags
  • sun/security/krb5/auto/Test5653.java.Test5653
  • sun/security/krb5/auto/TicketSName.java.TicketSName
  • sun/security/krb5/auto/TwoOrThree.java.TwoOrThree
  • sun/security/krb5/auto/TwoPrinces.java.TwoPrinces
  • sun/security/krb5/auto/TwoTab.java.TwoTab
  • sun/security/krb5/auto/UnboundSSL.java.UnboundSSL
  • sun/security/krb5/auto/UnboundSSLMultipleKeys.java.UnboundSSLMultipleKeys
  • sun/security/krb5/auto/UnboundSSLPrincipalProperty.java.UnboundSSLPrincipalProperty
  • sun/security/krb5/auto/UnboundService.java.UnboundService
  • sun/security/krb5/auto/UseCacheAndStoreKey.java.UseCacheAndStoreKey
  • sun/security/krb5/auto/W83.java.W83
  • sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java.PrincipalSystemPropTest
  • sun/security/krb5/ktab/FileKeyTab.java.FileKeyTab
  • sun/security/krb5/ktab/KeyTabIndex.java.KeyTabIndex
  • sun/security/krb5/runNameEquals.sh.runNameEquals

XMLDSig related
DOM XMLSignatureFactory not available
DOM mechanism not available
DOM KeyInfoFactory not available

  • javax/xml/crypto/dsig/ErrorHandlerPermissions.java.ErrorHandlerPermissions
  • javax/xml/crypto/dsig/GenerationTests.java.GenerationTests
  • javax/xml/crypto/dsig/LineFeedOnlyTest.java.LineFeedOnlyTest
  • javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java.XMLDSigWithSecMgr
  • javax/xml/crypto/dsig/TransformService/NullParent.java.NullParent
  • javax/xml/crypto/dsig/ValidationTests.java.ValidationTests
  • javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java.Marshal

failed to load PKCS12 keystore related
java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:828)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2047)
at java.security.KeyStore.load(KeyStore.java:1445)
at Utils.loadKeyStore(Utils.java:125)
Caused by: java.security.NoSuchAlgorithmException: PBE AlgorithmParameters not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:714)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:146)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:822)

  • java/security/KeyStore/PKCS12/EntryProtectionTest.java.EntryProtectionTest
  • java/security/KeyStore/PKCS12/MetadataEmptyTest.java.MetadataEmptyTest
  • java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java.MetadataStoreLoadTest
  • java/security/KeyStore/PKCS12/ReadP12Test.java.ReadP12Test
  • sun/security/ec/TestEC.java.TestEC
  • sun/security/pkcs11/ec/ReadPKCS12.java.ReadPKCS12
  • sun/security/pkcs12/Bug6415637.java.Bug6415637
  • sun/security/pkcs12/WrongPBES2.java.WrongPBES2

Caused by: java.security.NoSuchAlgorithmException: PBES2 AlgorithmParameters not available

  • sun/security/pkcs12/PBES2Encoding.java.PBES2Encoding

FIPS doesnt support DES secret key

  • com/sun/crypto/provider/Cipher/DES/FlushBug.java.FlushBug
  • com/sun/crypto/provider/Cipher/DES/Sealtest.java.Sealtest

check if a provider exactly equals to Sun

  • java/security/SecureRandom/DefaultProvider.java.DefaultProvider

no such algorithm: MD2 for provider SUN

  • sun/security/provider/MessageDigest/DigestKAT.java.DigestKAT
  • sun/security/provider/MessageDigest/Offsets.java.Offsets

no such algorithm: MD5 for provider SUN

  • java/security/MessageDigest/ByteBuffers.java.ByteBuffers
  • sun/security/pkcs11/MessageDigest/ReinitDigest.java.ReinitDigest

no such algorithm: NONEwithDSA for provider SUN

  • java/security/Signature/Offsets.java.Offsets

no such algorithm: PKCS11 for provider SUN

  • sun/security/ssl/SSLContextImpl/BadKSProvider.java.BadKSProvider
  • sun/security/ssl/SSLContextImpl/GoodProvider.java.GoodProvider

no such algorithm: SHA for provider SUN

  • java/security/MessageDigest/TestSameValue.java.TestSameValue
  • java/security/Security/CaseInsensitiveAlgNames.java.CaseInsensitiveAlgNames
  • sun/security/provider/MessageDigest/TestSHAClone.java.TestSHAClone

no such algorithm: SHA-256 for provider SUN

  • sun/security/provider/NSASuiteB/TestSHAOids.java.TestSHAOids

NativePRNG SecureRandom not available

  • sun/security/provider/SecureRandom/StrongSeedReader.java.StrongSeedReader

SHA1PRNG SecureRandom not available

  • java/security/SecureRandom/GetAlgorithm.java.GetAlgorithm
  • java/security/Security/ClassLoaderDeadlock/Deadlock.sh.Deadlock
  • sun/security/provider/SecureRandom/SelfSeed.java.SelfSeed
  • sun/security/provider/SecureRandom/StrongSecureRandom.java.StrongSecureRandom
  • sun/security/provider/SeedGenerator/SeedGeneratorChoice.java.SeedGeneratorChoice

SHA-512/224 MessageDigest not available

  • sun/security/provider/MessageDigest/SHA512.java.SHA512

SHA-512/256 MessageDigest not available

  • java/security/SignedObject/Chain.java.Chain

DSS Signature not available

  • java/security/Signature/SignWithOutputBuffer.java.SignWithOutputBuffer

SunPKCS11-Solaris provider related

  • sun/security/pkcs11/Cipher/JNICheck.java.JNICheck

unrecognized algorithm name: PBKDF2WITHHMACSHA1

  • sun/security/x509/AlgorithmId/OidTableInit.java.OidTableInit

unrecognized algorithm name: PBEWITHMD5ANDDES

  • sun/security/x509/AlgorithmId/TurkishRegion.java.TurkishRegion

RSASSA-PSS AlgorithmParameters not available

  • sun/security/x509/AlgorithmId/AlgorithmIdEqualsHashCode.java.AlgorithmIdEqualsHashCode

failed to save PKCS12 keystore related. PBEWithSHA1AndRC2_40 AlgorithmParameters not available

  • java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java.StoreTrustedCertAPITest

load PBE SecretKeyFactory not available

  • sun/security/pkcs12/StorePasswordTest.java.StorePasswordTest
  • sun/security/tools/keytool/StorePasswords.java.StorePasswords

RSASSA-PSS KeyPairGenerator not available

  • java/security/cert/X509Certificate/GetSigAlgParams.java.GetSigAlgParams
  • sun/security/rsa/pss/SignatureTest2.java.SignatureTest2
  • sun/security/rsa/pss/SignatureTestPSS.java.SignatureTestPSS
  • sun/security/tools/keytool/PSS.java.PSS

failed to translate a DSA public key from P11DSAKeyFactory
java.lang.NullPointerException
at sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey(P11DSAKeyFactory.java:57)
at sun.security.pkcs11.P11DSAKeyFactory.engineGeneratePublic(P11DSAKeyFactory.java:109)
at java.security.KeyFactory.generatePublic(KeyFactory.java:334)

  • java/security/cert/CertificateFactory/openssl/OpenSSLCert.java.OpenSSLCert
  • java/security/cert/CertificateFactory/ReturnStream.java.ReturnStream
  • java/security/cert/CertificateFactory/slowstream.sh.slowstream
  • java/security/cert/CertPath/Serialize.java.Serialize
  • java/security/cert/CertPathEncodingTest.java.CertPathEncodingTest
  • java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java.ValidateCertPath
  • java/security/cert/CertPathValidatorException/Serial.java.Serial
  • java/security/cert/PolicyNode/GetPolicyQualifiers.java.GetPolicyQualifiers
  • java/security/cert/X509CertSelectorTest.java.X509CertSelectorTest
  • java/security/CodeSigner/Serialize.java.Serialize
  • java/security/KeyStore/EntryMethods.java.EntryMethods
  • java/security/UnresolvedPermission/AccessorMethods.java.AccessorMethods
  • sun/security/pkcs/pkcs7/PKCS7VerifyTest.java.PKCS7VerifyTest
  • sun/security/provider/certpath/SunCertPathBuilderExceptionTest.java.SunCertPathBuilderExceptionTest
  • sun/security/validator/EndEntityExtensionCheck.java.EndEntityExtensionCheck

failed to translate a DSA private key from P11DSAKeyFactory
java.lang.NullPointerException
at sun.security.pkcs11.P11DSAKeyFactory.implTranslatePrivateKey(P11DSAKeyFactory.java:83)
at sun.security.pkcs11.P11DSAKeyFactory.engineGeneratePrivate(P11DSAKeyFactory.java:141)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)

  • java/security/KeyRep/SerialOld.java.SerialOld
  • sun/security/pkcs/pkcs8/PKCS8Test.java.PKCS8Test
  • sun/security/pkcs11/Signature/TestDSA.java.TestDSA

Failed to translate a DSA private key get from KeyPairGenerator

  • java/security/KeyPairGenerator/Failover.java.Failover

Could not create RSA private key due to the CKA_CLASS is CKO_PRIVATE_KEY
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11$InnerPKCS11.C_CreateObject(PKCS11.java:183)
at sun.security.pkcs11.P11RSAKeyFactory.generatePrivate(P11RSAKeyFactory.java:250)
at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:80)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11$InnerPKCS11.C_CreateObject(PKCS11.java:183)
at sun.security.pkcs11.P11RSAKeyFactory.generatePrivate(P11RSAKeyFactory.java:250)
at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:80)

  • sun/security/ssl/rsa/SignatureOffsets.java.SignatureOffsets
  • sun/security/ssl/rsa/SignedObjectChain.java.SignedObjectChain

sun.security.pkcs11.P11Key$P11PrivateKey incompatible with sun.security.provider.DSAPrivateKey

  • java/security/KeyPairGenerator/SolarisShortDSA.java.SolarisShortDSA

Cant create a PKCS12 keystore related

  • java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java.StoreTrustedCertKeytool
  • sun/security/pkcs12/ParamsTest.java.ParamsTest
  • sun/security/pkcs12/PKCS12SameKeyId.java.PKCS12SameKeyId

Cannot find any provider supporting AESWrap

  • com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java.TestCipherKeyWrapperTest

DES/DESede SecretKey algorithms is not supported

  • sun/security/pkcs12/StoreSecretKeyTest.java.StoreSecretKeyTest

PBEWithSHA1AndRC2_40 AlgorithmParameters not available

  • sun/security/pkcs12/StoreTrustedCertTest.java.StoreTrustedCertTest

PBEWithMD5AndDES SecretKeyFactory not available

  • com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java.PBEInvalidParamsTest
  • com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java.PBEKeyTest
  • com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java.PBEParametersTest

PBEWithHmacSHA1AndAES_128 SecretKeyFactory not available

  • com/sun/crypto/provider/Cipher/PBE/PBES2Test.java.PBES2Test

PBKDF2WithHmacSHA1/PBKDF2WithHmacSHA224/PBKDF2WithHmacSHA256/PBKDF2WithHmacSHA384/PBKDF2WithHmacSHA512 SecretKeyFactory not available

  • com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java.PBMacBuffer
  • com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java.PBMacDoFinalVsUpdate
  • com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java.PBKDF2Translate
  • javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java.PBKDF2TranslateTest

pbeWithMD5ANDdes SecretKeyFactory not available

  • com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java.TestCipherPBE

PBEWithSHA1AndDESede AlgorithmParameters not available

  • javax/net/ssl/Stapling/HttpsUrlConnClient.java.HttpsUrlConnClient
  • javax/net/ssl/Stapling/SSLEngineWithStapling.java.SSLEngineWithStapling
  • javax/net/ssl/Stapling/StapleEnableProps.java.StapleEnableProps
  • javax/net/ssl/TLSCommon/TLSTest.java.TLSTest
  • javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java.TestSessionLocalPrincipal
  • sun/security/pkcs12/EmptyPassword.java.EmptyPassword

FIPS does not support DES/ECB/PKCS5Padding

  • com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java.TestCipherTextLength

Cannot find any provider supporting PBEWithMD5AndTripleDES

  • javax/crypto/Cipher/TestGetInstance.java.TestGetInstance

Cannot find any provider supporting Blowfish

  • javax/crypto/Cipher/Turkish.java.Turkish

unrecognized algorithm name: PBEWithMD5AndDES

  • javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java.GetKeySpecException2

P11KeyPairGenerator doesnt support DesEDE

  • javax/crypto/KeyGenerator/TestKGParity.java.TestKGParity

Could not create DH private key

  • sun/security/pkcs11/tls/TestLeadingZeroesP11.java.TestLeadingZeroesP11

sun.security.pkcs11.P11Key$P11DSAPublicKey incompatible with sun.security.x509.X509Key

  • sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java.PKCS10AttrEncoding
  • sun/security/pkcs/pkcs7/SignerOrder.java.SignerOrder

XMLSignature provider is disabled in FIPS mode

  • com/sun/org/apache/xml/internal/security/TruncateHMAC.java.TruncateHMAC

Module java.security.sasl related.
Unable to find client impl for CRAM-MD5 or DIGEST-MD5.
NTLM should not support auth-conf

  • com/sun/security/sasl/Cram.java.Cram
  • com/sun/security/sasl/digest/AuthNoUtf8.java.AuthNoUtf8
  • com/sun/security/sasl/digest/AuthOnly.java.AuthOnly
  • com/sun/security/sasl/digest/AuthRealmChoices.java.AuthRealmChoices
  • com/sun/security/sasl/digest/AuthRealms.java.AuthRealms
  • com/sun/security/sasl/digest/CheckNegotiatedQOPs.java.CheckNegotiatedQOPs
  • com/sun/security/sasl/digest/Integrity.java.Integrity
  • com/sun/security/sasl/digest/NoQuoteParams.java.NoQuoteParams
  • com/sun/security/sasl/digest/Privacy.java.Privacy
  • com/sun/security/sasl/digest/PrivacyRc4.java.PrivacyRc4
  • com/sun/security/sasl/digest/Unbound.java.Unbound
  • com/sun/security/sasl/ntlm/Conformance.java.Conformance
  • com/sun/security/sasl/ntlm/NTLMTest.java.NTLMTest
  • javax/security/sasl/Sasl/ClientServerTest.java.ClientServerTest
  • javax/security/sasl/Sasl/DisabledMechanisms.java.DisabledMechanisms

java.security.ProviderException: Could not derive key
at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:145)
at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

  • sun/security/pkcs11/ec/TestCurves.java.TestCurves

java.security.spec.InvalidKeySpecException: Could not create EC private key
at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePrivate(P11ECKeyFactory.java:218)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:366)
at TestECDH2.genECKeyPair(TestECDH2.java:98)

  • sun/security/pkcs11/ec/TestECDH2.java.TestECDH2
  • sun/security/pkcs11/ec/TestECDSA2.java.TestECDSA2

java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:687)
at sun.security.pkcs12.PKCS12KeyStore.engineSetEntry(PKCS12KeyStore.java:1408)
at java.security.KeyStore.setEntry(KeyStore.java:1557)

  • sun/security/pkcs12/P12SecretKey.java.P12SecretKey

java.security.spec.InvalidKeySpecException: Could not create DH private key
at sun.security.pkcs11.P11DHKeyFactory.engineGeneratePrivate(P11DHKeyFactory.java:166)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:366)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.wrapper.PKCS11$InnerPKCS11.C_CreateObject(PKCS11.java:183)
at sun.security.pkcs11.P11DHKeyFactory.generatePrivate(P11DHKeyFactory.java:207)
at sun.security.pkcs11.P11DHKeyFactory.engineGeneratePrivate(P11DHKeyFactory.java:160)

  • sun/security/pkcs11/KeyAgreement/TestShort.java.TestShort

Caused by: java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:421)
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:125)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:387)
Initialization failed PKCS11Exception: CKR_SLOT_ID_INVALID.
All the below tests will call PKCS11Test.getSunPKCS11(PKCS11Test.java:105) to get the SunPKCS11 provider.
When testing in the FIPS mode, the SunPKCS11 will first be initialized as a FIPS provider SunPKCS11-NSS-FIPS.
And then in the test code PKCS11Test, line 480 and 486. It will try to configure the SunPKCS11 using the p11-nss.txt to the NSS mode.
But in the FIPS mode, there can only be a single PKCS11 provider. So configure the SunPKCS11 to the NSS mode will failed.

  • sun/security/pkcs11/Cipher/ReinitCipher.java.ReinitCipher
  • sun/security/pkcs11/Cipher/Test4512704.java.Test4512704
  • sun/security/pkcs11/Cipher/TestCICOWithGCM.java.TestCICOWithGCM
  • sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java.TestCICOWithGCMAndAAD
  • sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java.TestGCMKeyAndIvCheck
  • sun/security/pkcs11/Cipher/TestKATForGCM.java.TestKATForGCM
  • sun/security/pkcs11/ec/ReadCertificates.java.ReadCertificates
  • sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java.UnsupportedDHKeys
  • sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java.TestKeyGenerator
  • sun/security/pkcs11/MessageDigest/ByteBuffers.java.ByteBuffers
  • sun/security/pkcs11/MessageDigest/DigestKAT.java.DigestKAT
  • sun/security/pkcs11/MessageDigest/TestCloning.java.TestCloning
  • sun/security/pkcs11/Provider/ConfigQuotedString.sh.ConfigQuotedString
  • sun/security/pkcs11/Provider/Login.sh.Login
  • sun/security/pkcs11/rsa/KeyWrap.java.KeyWrap
  • sun/security/pkcs11/SampleTest.java.SampleTest
  • sun/security/pkcs11/SecureRandom/Basic.java.Basic
  • sun/security/pkcs11/SecureRandom/TestDeserialization.java.TestDeserialization
  • sun/security/pkcs11/Serialize/SerializeProvider.java.SerializeProvider
  • sun/security/pkcs11/Signature/ByteBuffers.java.ByteBuffers
  • sun/security/pkcs11/Signature/InitAgainPSS.java.InitAgainPSS
  • sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java.KeyAndParamCheckForPSS
  • sun/security/pkcs11/Signature/ReinitSignature.java.ReinitSignature
  • sun/security/pkcs11/Signature/SignatureTestPSS.java.SignatureTestPSS
  • sun/security/pkcs11/Signature/TestDSA2.java.TestDSA2
  • sun/security/pkcs11/Signature/TestRSAKeyLength.java.TestRSAKeyLength
  • sun/security/pkcs11/tls/TestPremaster.java.TestPremaster

java.lang.IllegalArgumentException: if keyStoreType is PKCS11, then keyStore must be NONE

  • javax/net/ssl/SSLSession/JSSERenegotiate.java.JSSERenegotiate
  • javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java.CriticalSubjectAltName
  • javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java.UseCipherSuitesOrder
  • javax/net/ssl/TLSv11/GenericBlockCipher.java.GenericBlockCipher
  • javax/net/ssl/TLSv11/GenericStreamCipher.java.GenericStreamCipher
  • sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java.CipherSuiteOrder
  • sun/security/ssl/ProtocolVersion/HttpsProtocols.java.HttpsProtocols
  • sun/security/tools/jarsigner/JarSigningNonAscii.java.JarSigningNonAscii
  • sun/security/tools/jarsigner/LargeJarEntry.java.LargeJarEntry

javax.security.auth.login.LoginException: if keyStoreType is PKCS11 then keyStoreURL must be NONE

  • com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java.OptionTest
  • com/sun/security/auth/module/KeyStoreLoginModule/ReadOnly.java.ReadOnly

Could not generate keyPair for DH
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:424)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:697)

  • sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java.SupportedDHKeys
  • sun/security/pkcs11/KeyAgreement/TestDH.java.TestDH
  • sun/security/pkcs11/KeyPairGenerator/TestDH2048.java.TestDH2048

All the below hard coded static String keyStoreFile = "keystore", and set the system property;
However, in the test codes. In FIPS mode, keystore must be NONE.
javax.net.ssl.SSLHandshakeException: no cipher suites in common

  • javax/net/ssl/ciphersuites/DisabledAlgorithms.java.DisabledAlgorithms
  • javax/net/ssl/FixingJavadocs/ImplicitHandshake.java.ImplicitHandshake
  • javax/net/ssl/HttpsURLConnection/GetResponseCode.java.GetResponseCode
  • javax/net/ssl/ServerName/BestEffortOnLazyConnected.java.BestEffortOnLazyConnected
  • javax/net/ssl/ServerName/SSLSocketConsistentSNI.java.SSLSocketConsistentSNI
  • javax/net/ssl/ServerName/SSLSocketExplorer.java.SSLSocketExplorer
  • javax/net/ssl/ServerName/SSLSocketExplorerFailure.java.SSLSocketExplorerFailure
  • javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java.SSLSocketExplorerMatchedSNI
  • javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java.SSLSocketExplorerWithCliSNI
  • javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java.SSLSocketExplorerWithSrvSNI
  • javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java.HttpsURLConnectionLocalCertificateChain
  • javax/net/ssl/Stapling/SSLSocketWithStapling.java.SSLSocketWithStapling
  • javax/net/ssl/TLSv12/ProtocolFilter.java.ProtocolFilter
  • sun/security/ssl/AppInputStream/ReadZeroBytes.java.ReadZeroBytes
  • sun/security/ssl/AppInputStream/RemoveMarkReset.java.RemoveMarkReset
  • sun/security/ssl/AppOutputStream/NoExceptionOnClose.java.NoExceptionOnClose
  • sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java.SSLSocketTimeoutNulls
  • sun/security/ssl/SocketCreation/SocketCreation.java.SocketCreation
  • sun/security/ssl/spi/ProviderInit.java.ProviderInit
  • sun/security/ssl/SSLSessionImpl/HashCodeMissing.java.HashCodeMissing
  • sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java.ResumeChecksClient
  • sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java.ResumeChecksServer
  • sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java.AsyncSSLSocketClose
  • sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java.ClientModeClientAuth
  • sun/security/ssl/SSLSocketImpl/CloseSocketException.java.CloseSocketException
  • sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java.InvalidateServerSessionRenegotiate
  • sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java.LargePacketAfterHandshakeTest
  • sun/security/ssl/SSLSocketImpl/NewSocketMethods.java.NewSocketMethods
  • sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java.NoImpactServerRenego
  • sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh.NotifyHandshakeTest
  • sun/security/ssl/SSLSocketImpl/RejectClientRenego.java.RejectClientRenego
  • sun/security/ssl/SSLSocketImpl/ReuseAddr.java.ReuseAddr
  • sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java.ReverseNameLookup
  • sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java.ServerRenegoWithTwoVersions
  • sun/security/ssl/SSLSocketImpl/ServerTimeout.java.ServerTimeout
  • sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java.UnconnectedSocketWrongExceptions
  • sun/security/ssl/Stapling/StatusResponseManager.sh.StatusResponseManager
  • sun/security/tools/keytool/printssl.sh.printssl
  • sun/security/util/HostnameMatcher/NullHostnameCheck.java.NullHostnameCheck

NSS module initial failures.
It using "nss.cfg"/"nsstrust.cfg"/"nsscrypto.cfg" as the configure file and in the FIPS mode, there can only be a single PKCS11 provider.
java.security.ProviderException: NSS library directory /usr/lib64 invalid, NSS already initialized with /usr/lib64/

  • sun/security/pkcs11/Secmod/AddPrivateKey.java.AddPrivateKey
  • sun/security/pkcs11/Secmod/Crypto.java.Crypto
  • sun/security/pkcs11/Secmod/LoadKeystore.java.LoadKeystore
  • sun/security/pkcs11/Secmod/TrustAnchors.java.TrustAnchors

FIPS doesnt support ECB mode in AES/ECB/PKCS5Padding cipher
java.security.InvalidKeyException: Could not create key
at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:274)
at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:179)
at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:111)

  • sun/security/pkcs11/Cipher/CancelMultipart.java.CancelMultipart

com.sun.exp.provider.EXP related

  • java/security/Security/signedfirst/Dyn.sh.Dyn
  • java/security/Security/signedfirst/Static.sh.Static

FIPS doesnt support DES secret key

  • javax/crypto/Cipher/ByteBuffers.java.ByteBuffers

Failed to create a PKCS12 keystore

  • javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java.ConcurrentClientAccessTest

FIPS doesnt support DESede algorithms

  • com/sun/crypto/provider/CICO/CICOSkipTest.java.CICOSkipTest

Cipher suites mismatch

  • javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java.CheckCipherSuites

FIPS doesnt support DKS keystore

  • sun/security/provider/KeyStore/DKSTest.sh.DKSTest

Policy file related. Failed due to related to the keystore files.

  • sun/security/provider/PolicyFile/Alias.java.Alias
  • sun/security/provider/PolicyFile/AliasExpansion.java.AliasExpansion
  • sun/security/provider/PolicyFile/TokenStore.java.TokenStore
  • sun/security/provider/PolicyFile/TrustedCert.java.TrustedCert

Hard code checking if the provider is "MyProvider()"

  • sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java.HandshakeHashCloneExhaustion

keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID

  • sun/security/tools/keytool/CloseFile.java.CloseFile
  • sun/security/tools/keytool/NewSize7.java.NewSize7
  • sun/security/tools/keytool/UnknownAndUnparseable.java.UnknownAndUnparseable

Cant create a keystore in FIPS by
sun.security.tools.keytool.Main.main(
("-keystore jks -storepass changeit -keypass changeit " +
"-dname CN=A -alias " + keyalg + " -genkeypair " +
"-keyalg " + keyalg).split(" "));
or -keystore ks -storepass changeit -keypass changeit

  • sun/security/tools/jarsigner/certpolicy.sh.certpolicy
  • sun/security/tools/jarsigner/concise_jarsigner.sh.concise_jarsigner
  • sun/security/tools/jarsigner/DefaultSigalg.java.DefaultSigalg
  • sun/security/tools/jarsigner/EntriesOrder.java.EntriesOrder
  • sun/security/tools/jarsigner/Test4431684.java.Test4431684
  • sun/security/tools/jarsigner/TimestampCheck.java.TimestampCheck
  • sun/security/tools/jarsigner/weaksize.sh
  • sun/security/tools/keytool/keyalg.sh.keyalg
  • sun/security/tools/keytool/standard.sh.standard
  • sun/security/tools/keytool/WeakAlg.java.WeakAlg
  • sun/security/validator/certreplace.sh.certreplace
  • sun/security/validator/samedn.sh.samedn

We can generate different such as SslMacMD5/SslMacSHA1/HmacMD5/HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512 secret keys
but we only support to import AES secret key for now.
java.security.InvalidKeyException: init() failed
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT
at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)

  • javax/crypto/Mac/ByteBuffers.java.ByteBuffers
  • sun/security/pkcs11/Mac/MacKAT.java.MacKAT
  • sun/security/pkcs11/Mac/MacSameTest.java.MacSameTest
  • sun/security/pkcs11/Mac/ReinitMac.java

Could not import DSA private key when invoke kpg.initialize(1024) after
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");

  • java/security/Provider/SupportsParameter.java.SupportsParameter

We can generate DES secret keys but cant import it

  • sun/security/pkcs11/KeyGenerator/DESParity.java.DESParity

testMDChange failed at:MD2/2500
This is failed because the BUFFER_SIZE is defined as 96 in P11Digest engine class for FIPS.
The length (2500) of the data which is over the buffer size.

  • java/security/MessageDigest/TestDigestIOStream.java.TestDigestIOStream

Exception in thread "main" java.security.ProviderException: Unknown mechanism: 20
mechanism 20 is: SHA256withDSA, its alias is CKM_DSA_SHA256. It is defined in SunPKCS11 when fips mode is enabled.
When getInstance("SHA256withDSA") in invoked from Signature class, it will eventually invoke the P11Signature(token, algorithm, mechanism).
However, in the P11Signature constructor, there is no CKM_DSA_SHA256 defined in the switch-case statement.
Not only CKM_DSA_SHA256, but also CKM_DSA_SHA224/CKM_DSA_SHA384/CKM_DSA_SHA512, etc.
Thereofore, SHA256withDSA is an Unknown mechanism.

  • java/security/Signature/SignatureLength.java.SignatureLength
  • sun/security/provider/DSA/TestMaxLengthDER.java.TestMaxLengthDER
  • sun/security/x509/X509CertImpl/V3Certificate.java.V3Certificate

Can generate a TlsMasterSecret key via (TlsMasterSecret)kg.generateKey()
but the result of key.getEncoded() is null;
It seems that cant import a TlsMasterSecret key;

  • sun/security/pkcs11/tls/TestMasterSecret.java.TestMasterSecret

When FIPS mode is disabled, cacerts in ${JAVA_HOME}/jre/lib/security/cacerts is not empty.
Therefore, X509Certificate[] acceptedIssuers = trustManager.getAcceptedIssuers();
The length of acceptedIssuers is not 0.
But when FIPS mode is enabled, cacerts in ${JAVA_HOME}/jre/lib/security/cacerts is empty.
While executing this statement X509Certificate[] acceptedIssuers = trustManager.getAcceptedIssuers();
The length of acceptedIssuers is 0.

  • javax/net/ssl/sanity/CacertsExplorer.java.CacertsExplorer

@WilburZjh
Copy link
Contributor Author

WilburZjh commented Sep 21, 2022
edited
Loading

detail explanation for #612

@alon-sh alon-sh mentioned this issue Sep 24, 2022
Merged
@sshuklao
Copy link

sshuklao commented Sep 24, 2022
edited
Loading

I am getting same CKR_KEY_TYPE_INCONSISTENT error when running Apache Spark 3.3.0 on IBM-Semeru-Runtime 11.0.16.1 on FIPS enabled cluster.

Caused by: java.security.InvalidKeyException: init() failed
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
	at java.base/javax.crypto.Mac.chooseProvider(Mac.java:366)
	at java.base/javax.crypto.Mac.init(Mac.java:435)
	at com.ibm.stocator.thirdparty.cos.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:127)
	... 34 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT
	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)
	... 37 more
	```

@WilburZjh
Copy link
Contributor Author

The traceStack for javax/crypto/CipherSpi/TestGCMWithByteBuffer.java is

javax.crypto.BadPaddingException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ENCRYPTED_DATA_INVALID
	at sun.security.pkcs11.P11AEADCipher.handleException(P11AEADCipher.java:749)
	at sun.security.pkcs11.P11AEADCipher.implDoFinal(P11AEADCipher.java:722)
	at sun.security.pkcs11.P11AEADCipher.engineDoFinal(P11AEADCipher.java:548)
	at javax.crypto.Cipher.doFinal(Cipher.java:2463)
	at TestGCMWithByteBuffer.decrypt(TestGCMWithByteBuffer.java:157)
	at TestGCMWithByteBuffer.test(TestGCMWithByteBuffer.java:86)
	at TestGCMWithByteBuffer.main(TestGCMWithByteBuffer.java:52)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:298)
	at java.lang.Thread.run(Thread.java:826)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ENCRYPTED_DATA_INVALID
	at sun.security.pkcs11.wrapper.PKCS11.C_Decrypt(Native Method)
	at sun.security.pkcs11.P11AEADCipher.implDoFinal(P11AEADCipher.java:708)

In NSS docs version 3.15, it is mentioned that for Cipher mode AES-GCM.

PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

@WilburZjh
Copy link
Contributor Author

WilburZjh commented Sep 29, 2022
edited
Loading

The traceStack for sun/rmi/rmic/manifestClassPath/run.sh is

Exception in thread "main" java.lang.ExceptionInInitializerError
	at java.lang.J9VMInternals.ensureError(J9VMInternals.java:158)
    at java.lang.J9VMInternals.recordInitializationFailure(J9VMInternals.java:147)
    at sun.rmi.transport.LiveRef.<init>(LiveRef.java:74)
    at sun.rmi.server.UnicastServerRef.<init>(UnicastServerRef.java:168)
    at sun.rmi.server.UnicastServerRef.<init>(UnicastServerRef.java:186)
    at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:301)
    at Main.main(Main.java:10)
Caused by: java.lang.RuntimeException: could not find SunPKCS11-NSS-FIPS provider for FIPS mode
    at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:209)
    at java.security.SecureRandom.<init>(SecureRandom.java:170)
    at java.rmi.server.UID.<init>(UID.java:112)
    at java.rmi.server.ObjID.<clinit>(ObjID.java:88)
    ... 5 more

If we assign a directory to -Djava.ext.dirs jvm options, the ExtClassLoader will not load the jar file under ${JAVA_HOME}/jre/lib/ext.

One solution that fix this issue is expanding -Djava.ext.dirs with {JAVA_HOME}/jre/lib/ext. A passed version can be seen from this <<grinder>>

@WilburZjh WilburZjh mentioned this issue Sep 29, 2022
Merged
@WilburZjh
Copy link
Contributor Author

WilburZjh commented Oct 15, 2022
edited
Loading

The exception is : sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE. The minimum length for an MD5 HMAC key is 16 bytes. However, this test uses a 4 bytes length key for HmacMD5.

  • com/sun/crypto/provider/Mac/HmacMD5.java.HmacMD5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WilburZjh @sshuklao