From 3bfa9521d5b7e702e842fe1297dbb2ed643f0b0a Mon Sep 17 00:00:00 2001
From: Sean Mullan <mullan@openjdk.org>
Date: Thu, 9 Jan 2025 17:34:20 +0000
Subject: [PATCH] 8283795: Add TLSv1.3 and CNSA 1.0 algorithms to
 implementation requirements

Reviewed-by: jnimeh
---
 .../classes/java/security/AlgorithmParameters.java   | 11 +++++++++--
 .../share/classes/java/security/KeyFactory.java      |  3 +++
 .../classes/java/security/KeyPairGenerator.java      | 12 ++++++++----
 .../share/classes/java/security/MessageDigest.java   |  3 ++-
 .../share/classes/java/security/Signature.java       | 10 +++++++++-
 src/java.base/share/classes/javax/crypto/Cipher.java |  3 ++-
 .../share/classes/javax/crypto/KeyAgreement.java     |  7 +++++--
 .../share/classes/javax/crypto/KeyGenerator.java     |  3 ++-
 .../share/classes/javax/net/ssl/SSLContext.java      |  5 +++--
 9 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/src/java.base/share/classes/java/security/AlgorithmParameters.java b/src/java.base/share/classes/java/security/AlgorithmParameters.java
index 1fdb47077cf..7747d642c20 100644
--- a/src/java.base/share/classes/java/security/AlgorithmParameters.java
+++ b/src/java.base/share/classes/java/security/AlgorithmParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,12 +48,19 @@ import java.util.Objects;
  * obtained via a call to {@code getEncoded}.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code AlgorithmParameters} algorithms:
+ * following standard {@code AlgorithmParameters} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For the
+ * "RSASSA-PSS" algorithm, implementations must support the parameters in
+ * parentheses.
  * <ul>
  * <li>{@code AES}</li>
+ * <li>{@code ChaCha20-Poly1305}</li>
  * <li>{@code DESede}</li>
  * <li>{@code DiffieHellman}</li>
  * <li>{@code DSA}</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *     hash algorithms)</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#algorithmparameters-algorithms">
diff --git a/src/java.base/share/classes/java/security/KeyFactory.java b/src/java.base/share/classes/java/security/KeyFactory.java
index 5a9394d283b..7c51faf6aa2 100644
--- a/src/java.base/share/classes/java/security/KeyFactory.java
+++ b/src/java.base/share/classes/java/security/KeyFactory.java
@@ -72,7 +72,10 @@ import sun.security.jca.GetInstance.Instance;
  * <ul>
  * <li>{@code DiffieHellman}</li>
  * <li>{@code DSA}</li>
+ * <li>{@code EC}</li>
  * <li>{@code RSA}</li>
+ * <li>{@code RSASSA-PSS}</li>
+ * <li>{@code X25519}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms">
diff --git a/src/java.base/share/classes/java/security/KeyPairGenerator.java b/src/java.base/share/classes/java/security/KeyPairGenerator.java
index 31c3d8d382f..3583248f81e 100644
--- a/src/java.base/share/classes/java/security/KeyPairGenerator.java
+++ b/src/java.base/share/classes/java/security/KeyPairGenerator.java
@@ -113,12 +113,16 @@ import sun.security.util.Debug;
  * supply their own implementations of key pair generators.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code KeyPairGenerator} algorithms and keysizes in
- * parentheses:
+ * following standard {@code KeyPairGenerator} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For other
+ * algorithms, implementations must support the key sizes in parentheses.
  * <ul>
- * <li>{@code DiffieHellman} (1024, 2048, 4096)</li>
+ * <li>{@code DiffieHellman} (1024, 2048, 3072, 4096)</li>
  * <li>{@code DSA} (1024, 2048)</li>
- * <li>{@code RSA} (1024, 2048, 4096)</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSA} (1024, 2048, 3072, 4096)</li>
+ * <li>{@code RSASSA-PSS} (2048, 3072, 4096)</li>
+ * <li>{@code X25519}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keypairgenerator-algorithms">
diff --git a/src/java.base/share/classes/java/security/MessageDigest.java b/src/java.base/share/classes/java/security/MessageDigest.java
index 46455e184b0..f83c4ed6d3b 100644
--- a/src/java.base/share/classes/java/security/MessageDigest.java
+++ b/src/java.base/share/classes/java/security/MessageDigest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,6 +87,7 @@ import javax.crypto.SecretKey;
  * <ul>
  * <li>{@code SHA-1}</li>
  * <li>{@code SHA-256}</li>
+ * <li>{@code SHA-384}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#messagedigest-algorithms">
diff --git a/src/java.base/share/classes/java/security/Signature.java b/src/java.base/share/classes/java/security/Signature.java
index 482db8d4015..006188aac61 100644
--- a/src/java.base/share/classes/java/security/Signature.java
+++ b/src/java.base/share/classes/java/security/Signature.java
@@ -100,12 +100,20 @@ import sun.security.util.KnownOIDs;
  * supply their own implementations of digital signature algorithms.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code Signature} algorithms:
+ * following standard {@code Signature} algorithms. For the "RSASSA-PSS"
+ * algorithm, implementations must support the parameters in parentheses. For
+ * the "SHA256withECDSA" and "SHA384withECDSA" algorithms, implementations must
+ * support the curves in parentheses.
  * <ul>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *      hash algorithms)</li>
  * <li>{@code SHA1withDSA}</li>
  * <li>{@code SHA256withDSA}</li>
+ * <li>{@code SHA256withECDSA} (secp256r1)</li>
+ * <li>{@code SHA384withECDSA} (secp384r1)</li>
  * <li>{@code SHA1withRSA}</li>
  * <li>{@code SHA256withRSA}</li>
+ * <li>{@code SHA384withRSA}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#signature-algorithms">
diff --git a/src/java.base/share/classes/javax/crypto/Cipher.java b/src/java.base/share/classes/javax/crypto/Cipher.java
index 2cfdcf55823..8187f863b5c 100644
--- a/src/java.base/share/classes/javax/crypto/Cipher.java
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java
@@ -148,7 +148,8 @@ import sun.security.util.KnownOIDs;
  * <li>{@code AES/CBC/PKCS5Padding} (128)</li>
  * <li>{@code AES/ECB/NoPadding} (128)</li>
  * <li>{@code AES/ECB/PKCS5Padding} (128)</li>
- * <li>{@code AES/GCM/NoPadding} (128)</li>
+ * <li>{@code AES/GCM/NoPadding} (128, 256)</li>
+ * <li>{@code ChaCha20-Poly1305}</li>
  * <li>{@code DESede/CBC/NoPadding} (168)</li>
  * <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
  * <li>{@code DESede/ECB/NoPadding} (168)</li>
diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreement.java b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
index 8a055b6d809..5e2ceb185aa 100644
--- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
@@ -57,11 +57,14 @@ import sun.security.jca.GetInstance.Instance;
  * specific or as specified by the standard key agreement algorithm.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code KeyAgreement} algorithm:
+ * following standard {@code KeyAgreement} algorithms. For the "ECDH"
+ * algorithm, implementations must support the curves in parentheses.
  * <ul>
  * <li>{@code DiffieHellman}</li>
+ * <li>{@code ECDH} (secp256r1, secp384r1)</li>
+ * <li>{@code X25519}</li>
  * </ul>
- * This algorithm is described in the <a href=
+ * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keyagreement-algorithms">
  * KeyAgreement section</a> of the
  * Java Security Standard Algorithm Names Specification.
diff --git a/src/java.base/share/classes/javax/crypto/KeyGenerator.java b/src/java.base/share/classes/javax/crypto/KeyGenerator.java
index 0826bf2adb5..ad112e6ffeb 100644
--- a/src/java.base/share/classes/javax/crypto/KeyGenerator.java
+++ b/src/java.base/share/classes/javax/crypto/KeyGenerator.java
@@ -96,7 +96,8 @@ import sun.security.util.Debug;
  * following standard {@code KeyGenerator} algorithms with the keysizes in
  * parentheses:
  * <ul>
- * <li>{@code AES} (128)</li>
+ * <li>{@code AES} (128, 256)</li>
+ * <li>{@code ChaCha20}</li>
  * <li>{@code DESede} (168)</li>
  * <li>{@code HmacSHA1}</li>
  * <li>{@code HmacSHA256}</li>
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLContext.java b/src/java.base/share/classes/javax/net/ssl/SSLContext.java
index 0c2087efa88..861c7645b73 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLContext.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLContext.java
@@ -39,11 +39,12 @@ import sun.security.jca.GetInstance;
  * secure random bytes.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code SSLContext} protocol:
+ * following standard {@code SSLContext} protocols:
  * <ul>
  * <li>{@code TLSv1.2}</li>
+ * <li>{@code TLSv1.3}</li>
  * </ul>
- * This protocol is described in the <a href=
+ * These protocols are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#sslcontext-algorithms">
  * SSLContext section</a> of the
  * Java Security Standard Algorithm Names Specification.