diff --git a/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java b/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java index 57aed3d0b0c..bc865c63f47 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,16 +38,16 @@ import java.security.spec.*; * This class constitutes the core of HMAC- algorithms, where * can be SHA1 or MD5, etc. See RFC 2104 for spec. * - * It also contains the implementation classes for the SHA-256, + * It also contains the implementation classes for SHA-224, SHA-256, * SHA-384, and SHA-512 HMACs. * * @author Jan Luehe */ -final class HmacCore implements Cloneable { +abstract class HmacCore extends MacSpi implements Cloneable { - private final MessageDigest md; - private final byte[] k_ipad; // inner padding - key XORd with ipad - private final byte[] k_opad; // outer padding - key XORd with opad + private MessageDigest md; + private byte[] k_ipad; // inner padding - key XORd with ipad + private byte[] k_opad; // outer padding - key XORd with opad private boolean first; // Is this the first data to be processed? private final int blockLen; @@ -72,23 +72,12 @@ final class HmacCore implements Cloneable { this(MessageDigest.getInstance(digestAlgorithm), bl); } - /** - * Constructor used for cloning. - */ - private HmacCore(HmacCore other) throws CloneNotSupportedException { - this.md = (MessageDigest)other.md.clone(); - this.blockLen = other.blockLen; - this.k_ipad = other.k_ipad.clone(); - this.k_opad = other.k_opad.clone(); - this.first = other.first; - } - /** * Returns the length of the HMAC in bytes. * * @return the HMAC length in bytes. */ - int getDigestLength() { + protected int engineGetMacLength() { return this.md.getDigestLength(); } @@ -103,9 +92,8 @@ final class HmacCore implements Cloneable { * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this MAC. */ - void init(Key key, AlgorithmParameterSpec params) + protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (params != null) { throw new InvalidAlgorithmParameterException ("HMAC does not use parameters"); @@ -140,7 +128,7 @@ final class HmacCore implements Cloneable { Arrays.fill(secret, (byte)0); secret = null; - reset(); + engineReset(); } /** @@ -148,7 +136,7 @@ final class HmacCore implements Cloneable { * * @param input the input byte to be processed. */ - void update(byte input) { + protected void engineUpdate(byte input) { if (first == true) { // compute digest for 1st pass; start with inner pad md.update(k_ipad); @@ -167,7 +155,7 @@ final class HmacCore implements Cloneable { * @param offset the offset in input where the input starts. * @param len the number of bytes to process. */ - void update(byte input[], int offset, int len) { + protected void engineUpdate(byte input[], int offset, int len) { if (first == true) { // compute digest for 1st pass; start with inner pad md.update(k_ipad); @@ -178,7 +166,13 @@ final class HmacCore implements Cloneable { md.update(input, offset, len); } - void update(ByteBuffer input) { + /** + * Processes the input.remaining() bytes in the ByteBuffer + * input. + * + * @param input the input byte buffer. + */ + protected void engineUpdate(ByteBuffer input) { if (first == true) { // compute digest for 1st pass; start with inner pad md.update(k_ipad); @@ -194,7 +188,7 @@ final class HmacCore implements Cloneable { * * @return the HMAC result. */ - byte[] doFinal() { + protected byte[] engineDoFinal() { if (first == true) { // compute digest for 1st pass; start with inner pad md.update(k_ipad); @@ -223,7 +217,7 @@ final class HmacCore implements Cloneable { * Resets the HMAC for further use, maintaining the secret key that the * HMAC was initialized with. */ - void reset() { + protected void engineReset() { if (first == false) { md.reset(); first = true; @@ -234,115 +228,38 @@ final class HmacCore implements Cloneable { * Clones this object. */ public Object clone() throws CloneNotSupportedException { - return new HmacCore(this); + HmacCore copy = (HmacCore) super.clone(); + copy.md = (MessageDigest) md.clone(); + copy.k_ipad = k_ipad.clone(); + copy.k_opad = k_opad.clone(); + return copy; + } + + // nested static class for the HmacSHA224 implementation + public static final class HmacSHA224 extends HmacCore { + public HmacSHA224() throws NoSuchAlgorithmException { + super("SHA-224", 64); + } } // nested static class for the HmacSHA256 implementation - public static final class HmacSHA256 extends MacSpi implements Cloneable { - private final HmacCore core; + public static final class HmacSHA256 extends HmacCore { public HmacSHA256() throws NoSuchAlgorithmException { - core = new HmacCore("SHA-256", 64); - } - private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException { - core = (HmacCore)base.core.clone(); - } - protected int engineGetMacLength() { - return core.getDigestLength(); - } - protected void engineInit(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - core.init(key, params); - } - protected void engineUpdate(byte input) { - core.update(input); - } - protected void engineUpdate(byte input[], int offset, int len) { - core.update(input, offset, len); - } - protected void engineUpdate(ByteBuffer input) { - core.update(input); - } - protected byte[] engineDoFinal() { - return core.doFinal(); - } - protected void engineReset() { - core.reset(); - } - public Object clone() throws CloneNotSupportedException { - return new HmacSHA256(this); + super("SHA-256", 64); } } // nested static class for the HmacSHA384 implementation - public static final class HmacSHA384 extends MacSpi implements Cloneable { - private final HmacCore core; + public static final class HmacSHA384 extends HmacCore { public HmacSHA384() throws NoSuchAlgorithmException { - core = new HmacCore("SHA-384", 128); - } - private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException { - core = (HmacCore)base.core.clone(); - } - protected int engineGetMacLength() { - return core.getDigestLength(); - } - protected void engineInit(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - core.init(key, params); - } - protected void engineUpdate(byte input) { - core.update(input); - } - protected void engineUpdate(byte input[], int offset, int len) { - core.update(input, offset, len); - } - protected void engineUpdate(ByteBuffer input) { - core.update(input); - } - protected byte[] engineDoFinal() { - return core.doFinal(); - } - protected void engineReset() { - core.reset(); - } - public Object clone() throws CloneNotSupportedException { - return new HmacSHA384(this); + super("SHA-384", 128); } } // nested static class for the HmacSHA512 implementation - public static final class HmacSHA512 extends MacSpi implements Cloneable { - private final HmacCore core; + public static final class HmacSHA512 extends HmacCore { public HmacSHA512() throws NoSuchAlgorithmException { - core = new HmacCore("SHA-512", 128); - } - private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException { - core = (HmacCore)base.core.clone(); - } - protected int engineGetMacLength() { - return core.getDigestLength(); - } - protected void engineInit(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - core.init(key, params); - } - protected void engineUpdate(byte input) { - core.update(input); - } - protected void engineUpdate(byte input[], int offset, int len) { - core.update(input, offset, len); - } - protected void engineUpdate(ByteBuffer input) { - core.update(input); - } - protected byte[] engineDoFinal() { - return core.doFinal(); - } - protected void engineReset() { - core.reset(); - } - public Object clone() throws CloneNotSupportedException { - return new HmacSHA512(this); + super("SHA-512", 128); } } - } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java index a4d9f4d46f4..ccf85561db9 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,97 +37,11 @@ import java.security.spec.*; * * @author Jan Luehe */ -public final class HmacMD5 extends MacSpi implements Cloneable { - - private HmacCore hmac; - private static final int MD5_BLOCK_LENGTH = 64; - +public final class HmacMD5 extends HmacCore { /** * Standard constructor, creates a new HmacMD5 instance. */ public HmacMD5() throws NoSuchAlgorithmException { - hmac = new HmacCore(MessageDigest.getInstance("MD5"), - MD5_BLOCK_LENGTH); - } - - /** - * Returns the length of the HMAC in bytes. - * - * @return the HMAC length in bytes. - */ - protected int engineGetMacLength() { - return hmac.getDigestLength(); - } - - /** - * Initializes the HMAC with the given secret key and algorithm parameters. - * - * @param key the secret key. - * @param params the algorithm parameters. - * - * @exception InvalidKeyException if the given key is inappropriate for - * initializing this MAC. - * @exception InvalidAlgorithmParameterException if the given algorithm - * parameters are inappropriate for this MAC. - */ - protected void engineInit(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - hmac.init(key, params); - } - - /** - * Processes the given byte. - * - * @param input the input byte to be processed. - */ - protected void engineUpdate(byte input) { - hmac.update(input); - } - - /** - * Processes the first len bytes in input, - * starting at offset. - * - * @param input the input buffer. - * @param offset the offset in input where the input starts. - * @param len the number of bytes to process. - */ - protected void engineUpdate(byte input[], int offset, int len) { - hmac.update(input, offset, len); - } - - protected void engineUpdate(ByteBuffer input) { - hmac.update(input); - } - - /** - * Completes the HMAC computation and resets the HMAC for further use, - * maintaining the secret key that the HMAC was initialized with. - * - * @return the HMAC result. - */ - protected byte[] engineDoFinal() { - return hmac.doFinal(); - } - - /** - * Resets the HMAC for further use, maintaining the secret key that the - * HMAC was initialized with. - */ - protected void engineReset() { - hmac.reset(); - } - - /* - * Clones this object. - */ - public Object clone() { - HmacMD5 that = null; - try { - that = (HmacMD5) super.clone(); - that.hmac = (HmacCore) this.hmac.clone(); - } catch (CloneNotSupportedException e) { - } - return that; + super("MD5", 64); } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java index 9b3413c2416..ef0ef58ee45 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,26 +41,13 @@ import java.security.spec.*; * * @author Valerie Peng */ -public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable { - - private HmacCore hmac = null; - private static final int SHA1_BLOCK_LENGTH = 64; +public final class HmacPKCS12PBESHA1 extends HmacCore { /** * Standard constructor, creates a new HmacSHA1 instance. */ public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException { - this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"), - SHA1_BLOCK_LENGTH); - } - - /** - * Returns the length of the HMAC in bytes. - * - * @return the HMAC length in bytes. - */ - protected int engineGetMacLength() { - return hmac.getDigestLength(); + super("SHA1", 64); } /** @@ -71,7 +58,7 @@ public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable { * * @exception InvalidKeyException if the given key is inappropriate for * initializing this MAC. - u* @exception InvalidAlgorithmParameterException if the given algorithm + * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this MAC. */ protected void engineInit(Key key, AlgorithmParameterSpec params) @@ -140,64 +127,8 @@ public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable { ("IterationCount must be a positive number"); } byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt, - iCount, hmac.getDigestLength(), PKCS12PBECipherCore.MAC_KEY); + iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY); SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1"); - hmac.init(cipherKey, null); - } - - /** - * Processes the given byte. - * - * @param input the input byte to be processed. - */ - protected void engineUpdate(byte input) { - hmac.update(input); - } - - /** - * Processes the first len bytes in input, - * starting at offset. - * - * @param input the input buffer. - * @param offset the offset in input where the input starts. - * @param len the number of bytes to process. - */ - protected void engineUpdate(byte input[], int offset, int len) { - hmac.update(input, offset, len); - } - - protected void engineUpdate(ByteBuffer input) { - hmac.update(input); - } - - /** - * Completes the HMAC computation and resets the HMAC for further use, - * maintaining the secret key that the HMAC was initialized with. - * - * @return the HMAC result. - */ - protected byte[] engineDoFinal() { - return hmac.doFinal(); - } - - /** - * Resets the HMAC for further use, maintaining the secret key that the - * HMAC was initialized with. - */ - protected void engineReset() { - hmac.reset(); - } - - /* - * Clones this object. - */ - public Object clone() { - HmacPKCS12PBESHA1 that = null; - try { - that = (HmacPKCS12PBESHA1)super.clone(); - that.hmac = (HmacCore)this.hmac.clone(); - } catch (CloneNotSupportedException e) { - } - return that; + super.engineInit(cipherKey, null); } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java index a9a9f6c423d..b79dc9d9658 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,97 +37,11 @@ import java.security.spec.*; * * @author Jan Luehe */ -public final class HmacSHA1 extends MacSpi implements Cloneable { - - private HmacCore hmac = null; - private static final int SHA1_BLOCK_LENGTH = 64; - +public final class HmacSHA1 extends HmacCore { /** * Standard constructor, creates a new HmacSHA1 instance. */ public HmacSHA1() throws NoSuchAlgorithmException { - this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"), - SHA1_BLOCK_LENGTH); - } - - /** - * Returns the length of the HMAC in bytes. - * - * @return the HMAC length in bytes. - */ - protected int engineGetMacLength() { - return hmac.getDigestLength(); - } - - /** - * Initializes the HMAC with the given secret key and algorithm parameters. - * - * @param key the secret key. - * @param params the algorithm parameters. - * - * @exception InvalidKeyException if the given key is inappropriate for - * initializing this MAC. - * @exception InvalidAlgorithmParameterException if the given algorithm - * parameters are inappropriate for this MAC. - */ - protected void engineInit(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - hmac.init(key, params); - } - - /** - * Processes the given byte. - * - * @param input the input byte to be processed. - */ - protected void engineUpdate(byte input) { - hmac.update(input); - } - - /** - * Processes the first len bytes in input, - * starting at offset. - * - * @param input the input buffer. - * @param offset the offset in input where the input starts. - * @param len the number of bytes to process. - */ - protected void engineUpdate(byte input[], int offset, int len) { - hmac.update(input, offset, len); - } - - protected void engineUpdate(ByteBuffer input) { - hmac.update(input); - } - - /** - * Completes the HMAC computation and resets the HMAC for further use, - * maintaining the secret key that the HMAC was initialized with. - * - * @return the HMAC result. - */ - protected byte[] engineDoFinal() { - return hmac.doFinal(); - } - - /** - * Resets the HMAC for further use, maintaining the secret key that the - * HMAC was initialized with. - */ - protected void engineReset() { - hmac.reset(); - } - - /* - * Clones this object. - */ - public Object clone() { - HmacSHA1 that = null; - try { - that = (HmacSHA1)super.clone(); - that.hmac = (HmacCore)this.hmac.clone(); - } catch (CloneNotSupportedException e) { - } - return that; + super("SHA1", 64); } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java b/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java index 708d80ba7db..9593bbfe0b0 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -105,11 +105,11 @@ final class KeyGeneratorCore { return new SecretKeySpec(b, name); } - // nested static class for the HmacSHA256 key generator - public static final class HmacSHA256KG extends KeyGeneratorSpi { + // nested static classes for the HmacSHA-2 family of key generator + abstract static class HmacSHA2KG extends KeyGeneratorSpi { private final KeyGeneratorCore core; - public HmacSHA256KG() { - core = new KeyGeneratorCore("HmacSHA256", 256); + protected HmacSHA2KG(String algoName, int len) { + core = new KeyGeneratorCore(algoName, len); } protected void engineInit(SecureRandom random) { core.implInit(random); @@ -124,47 +124,26 @@ final class KeyGeneratorCore { protected SecretKey engineGenerateKey() { return core.implGenerateKey(); } - } - // nested static class for the HmacSHA384 key generator - public static final class HmacSHA384KG extends KeyGeneratorSpi { - private final KeyGeneratorCore core; - public HmacSHA384KG() { - core = new KeyGeneratorCore("HmacSHA384", 384); + public static final class SHA224 extends HmacSHA2KG { + public SHA224() { + super("HmacSHA224", 224); + } } - protected void engineInit(SecureRandom random) { - core.implInit(random); + public static final class SHA256 extends HmacSHA2KG { + public SHA256() { + super("HmacSHA256", 256); + } } - protected void engineInit(AlgorithmParameterSpec params, - SecureRandom random) throws InvalidAlgorithmParameterException { - core.implInit(params, random); + public static final class SHA384 extends HmacSHA2KG { + public SHA384() { + super("HmacSHA384", 384); + } } - protected void engineInit(int keySize, SecureRandom random) { - core.implInit(keySize, random); - } - protected SecretKey engineGenerateKey() { - return core.implGenerateKey(); - } - } - - // nested static class for the HmacSHA384 key generator - public static final class HmacSHA512KG extends KeyGeneratorSpi { - private final KeyGeneratorCore core; - public HmacSHA512KG() { - core = new KeyGeneratorCore("HmacSHA512", 512); - } - protected void engineInit(SecureRandom random) { - core.implInit(random); - } - protected void engineInit(AlgorithmParameterSpec params, - SecureRandom random) throws InvalidAlgorithmParameterException { - core.implInit(params, random); - } - protected void engineInit(int keySize, SecureRandom random) { - core.implInit(keySize, random); - } - protected SecretKey engineGenerateKey() { - return core.implGenerateKey(); + public static final class SHA512 extends HmacSHA2KG { + public SHA512() { + super("HmacSHA512", 512); + } } } diff --git a/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java b/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java index 61423f0d4e6..9b3cbc27449 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -108,6 +108,8 @@ public final class OAEPParameters extends AlgorithmParametersSpi { private static String convertToStandardName(String internalName) { if (internalName.equals("SHA")) { return "SHA-1"; + } else if (internalName.equals("SHA224")) { + return "SHA-224"; } else if (internalName.equals("SHA256")) { return "SHA-256"; } else if (internalName.equals("SHA384")) { @@ -143,6 +145,8 @@ public final class OAEPParameters extends AlgorithmParametersSpi { String mgfDigestName = convertToStandardName(params.getName()); if (mgfDigestName.equals("SHA-1")) { mgfSpec = MGF1ParameterSpec.SHA1; + } else if (mgfDigestName.equals("SHA-224")) { + mgfSpec = MGF1ParameterSpec.SHA224; } else if (mgfDigestName.equals("SHA-256")) { mgfSpec = MGF1ParameterSpec.SHA256; } else if (mgfDigestName.equals("SHA-384")) { diff --git a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java index c58236ba3e6..e7a815283b5 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,7 @@ import java.security.SecureRandom; * * - Diffie-Hellman Key Agreement * - * - HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 + * - HMAC-MD5, HMAC-SHA1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 * */ @@ -113,6 +113,7 @@ public final class SunJCE extends Provider { "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING" + "|OAEPWITHSHA1ANDMGF1PADDING" + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + "|OAEPWITHSHA-256ANDMGF1PADDING" + "|OAEPWITHSHA-384ANDMGF1PADDING" + "|OAEPWITHSHA-512ANDMGF1PADDING"); @@ -221,12 +222,25 @@ public final class SunJCE extends Provider { put("KeyGenerator.HmacSHA1", "com.sun.crypto.provider.HmacSHA1KeyGenerator"); + put("KeyGenerator.HmacSHA224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); + put("KeyGenerator.HmacSHA256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA256KG"); + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); + put("KeyGenerator.HmacSHA384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA384KG"); + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); + put("KeyGenerator.HmacSHA512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG"); + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); + put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); + put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); put("KeyPairGenerator.DiffieHellman", "com.sun.crypto.provider.DHKeyPairGenerator"); @@ -389,12 +403,23 @@ public final class SunJCE extends Provider { */ put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); + put("Mac.HmacSHA224", + "com.sun.crypto.provider.HmacCore$HmacSHA224"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); + put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); put("Mac.HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); + put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); put("Mac.HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); + put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); put("Mac.HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512"); + put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); + put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); + put("Mac.HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1"); @@ -405,6 +430,7 @@ public final class SunJCE extends Provider { put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); + put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); diff --git a/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java b/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java index a9c68b83c00..c1f1de37130 100644 --- a/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java +++ b/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,6 +42,7 @@ import java.security.spec.AlgorithmParameterSpec; * 
  * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
  *   { OID id-sha1 PARAMETERS NULL   }|
+ *   { OID id-sha224 PARAMETERS NULL   }|
  *   { OID id-sha256 PARAMETERS NULL }|
  *   { OID id-sha384 PARAMETERS NULL }|
  *   { OID id-sha512 PARAMETERS NULL },
@@ -62,6 +63,11 @@ public class MGF1ParameterSpec implements AlgorithmParameterSpec {
      */
     public static final MGF1ParameterSpec SHA1 =
         new MGF1ParameterSpec("SHA-1");
+    /**
+     * The MGF1ParameterSpec which uses "SHA-224" message digest.
+     */
+    public static final MGF1ParameterSpec SHA224 =
+        new MGF1ParameterSpec("SHA-224");
     /**
      * The MGF1ParameterSpec which uses "SHA-256" message digest.
      */
diff --git a/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java b/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java
index e9f29b553a6..37a2eeb2625 100644
--- a/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java
+++ b/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,7 @@ import java.security.spec.MGF1ParameterSpec;
  * 
  * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
  *   { OID id-sha1 PARAMETERS NULL   }|
+ *   { OID id-sha224 PARAMETERS NULL   }|
  *   { OID id-sha256 PARAMETERS NULL }|
  *   { OID id-sha384 PARAMETERS NULL }|
  *   { OID id-sha512 PARAMETERS NULL },
diff --git a/jdk/src/share/classes/sun/security/ec/ECDSASignature.java b/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
index 0d68225c9b0..64a36b1c894 100644
--- a/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
+++ b/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@ import sun.security.util.*;
  *
  *   . "NONEwithECDSA"
  *   . "SHA1withECDSA"
+ *   . "SHA224withECDSA"
  *   . "SHA256withECDSA"
  *   . "SHA384withECDSA"
  *   . "SHA512withECDSA"
@@ -162,6 +163,13 @@ abstract class ECDSASignature extends SignatureSpi {
         }
     }
 
+    // Nested class for SHA224withECDSA signatures
+    public static final class SHA224 extends ECDSASignature {
+        public SHA224() {
+           super("SHA-224");
+        }
+    }
+
     // Nested class for SHA256withECDSA signatures
     public static final class SHA256 extends ECDSASignature {
         public SHA256() {
diff --git a/jdk/src/share/classes/sun/security/ec/SunECEntries.java b/jdk/src/share/classes/sun/security/ec/SunECEntries.java
index 91c56697339..6d2cb65a77a 100644
--- a/jdk/src/share/classes/sun/security/ec/SunECEntries.java
+++ b/jdk/src/share/classes/sun/security/ec/SunECEntries.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -133,17 +133,31 @@ final class SunECEntries {
             "sun.security.ec.ECDSASignature$Raw");
         map.put("Signature.SHA1withECDSA",
             "sun.security.ec.ECDSASignature$SHA1");
+        map.put("Signature.SHA224withECDSA",
+            "sun.security.ec.ECDSASignature$SHA224");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.1", "SHA224withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
+
         map.put("Signature.SHA256withECDSA",
             "sun.security.ec.ECDSASignature$SHA256");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.2", "SHA256withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
+
         map.put("Signature.SHA384withECDSA",
             "sun.security.ec.ECDSASignature$SHA384");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.3", "SHA384withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
+
         map.put("Signature.SHA512withECDSA",
             "sun.security.ec.ECDSASignature$SHA512");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.4", "SHA512withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
 
         String ecKeyClasses = "java.security.interfaces.ECPublicKey" +
                 "|java.security.interfaces.ECPrivateKey";
         map.put("Signature.NONEwithECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA1withECDSA SupportedKeyClasses", ecKeyClasses);
+        map.put("Signature.SHA224withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA256withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA384withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA512withECDSA SupportedKeyClasses", ecKeyClasses);
@@ -152,6 +166,7 @@ final class SunECEntries {
 
         map.put("Signature.NONEwithECDSA ImplementedIn", "Software");
         map.put("Signature.SHA1withECDSA ImplementedIn", "Software");
+        map.put("Signature.SHA224withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA256withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA384withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA512withECDSA ImplementedIn", "Software");
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java b/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java
index 08f22fffc11..2dc66d2368b 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java
@@ -39,7 +39,7 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
  * MessageDigest implementation class. This class currently supports
- * MD2, MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
+ * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
  *
  * Note that many digest operations are on fairly small amounts of data
  * (less than 100 bytes total). For example, the 2nd hashing in HMAC or
@@ -99,6 +99,9 @@ final class P11Digest extends MessageDigestSpi implements Cloneable {
         case (int)CKM_SHA_1:
             digestLength = 20;
             break;
+        case (int)CKM_SHA224:
+            digestLength = 28;
+            break;
         case (int)CKM_SHA256:
             digestLength = 32;
             break;
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
index b32ee7affeb..2b0cbbcdf50 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,8 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
  * MAC implementation class. This class currently supports HMAC using
- * MD5, SHA-1, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC using MD5
- * and SHA-1.
+ * MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC
+ * using MD5 and SHA-1.
  *
  * Note that unlike other classes (e.g. Signature), this does not
  * composite various operations if the token only supports part of the
@@ -107,6 +107,9 @@ final class P11Mac extends MacSpi {
         case (int)CKM_SHA_1_HMAC:
             macLength = 20;
             break;
+        case (int)CKM_SHA224_HMAC:
+            macLength = 28;
+            break;
         case (int)CKM_SHA256_HMAC:
             macLength = 32;
             break;
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
index 70a79e46bdf..3c94ad6d3ab 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -53,12 +53,14 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
  *   . MD2withRSA
  *   . MD5withRSA
  *   . SHA1withRSA
+ *   . SHA224withRSA
  *   . SHA256withRSA
  *   . SHA384withRSA
  *   . SHA512withRSA
  * . ECDSA
  *   . NONEwithECDSA
  *   . SHA1withECDSA
+ *   . SHA224withECDSA
  *   . SHA256withECDSA
  *   . SHA384withECDSA
  *   . SHA512withECDSA
@@ -143,6 +145,7 @@ final class P11Signature extends SignatureSpi {
         case (int)CKM_MD2_RSA_PKCS:
         case (int)CKM_MD5_RSA_PKCS:
         case (int)CKM_SHA1_RSA_PKCS:
+        case (int)CKM_SHA224_RSA_PKCS:
         case (int)CKM_SHA256_RSA_PKCS:
         case (int)CKM_SHA384_RSA_PKCS:
         case (int)CKM_SHA512_RSA_PKCS:
@@ -181,6 +184,8 @@ final class P11Signature extends SignatureSpi {
                 String digestAlg;
                 if (algorithm.equals("SHA1withECDSA")) {
                     digestAlg = "SHA-1";
+                } else if (algorithm.equals("SHA224withECDSA")) {
+                    digestAlg = "SHA-224";
                 } else if (algorithm.equals("SHA256withECDSA")) {
                     digestAlg = "SHA-256";
                 } else if (algorithm.equals("SHA384withECDSA")) {
@@ -207,6 +212,9 @@ final class P11Signature extends SignatureSpi {
             } else if (algorithm.equals("MD2withRSA")) {
                 md = MessageDigest.getInstance("MD2");
                 digestOID = AlgorithmId.MD2_oid;
+            } else if (algorithm.equals("SHA224withRSA")) {
+                md = MessageDigest.getInstance("SHA-224");
+                digestOID = AlgorithmId.SHA224_oid;
             } else if (algorithm.equals("SHA256withRSA")) {
                 md = MessageDigest.getInstance("SHA-256");
                 digestOID = AlgorithmId.SHA256_oid;
@@ -332,6 +340,8 @@ final class P11Signature extends SignatureSpi {
             encodedLength = 34;
         } else if (algorithm.equals("SHA1withRSA")) {
             encodedLength = 35;
+        } else if (algorithm.equals("SHA224withRSA")) {
+            encodedLength = 47;
         } else if (algorithm.equals("SHA256withRSA")) {
             encodedLength = 51;
         } else if (algorithm.equals("SHA384withRSA")) {
diff --git a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
index 8c432571e3a..bac38137f16 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -342,6 +342,7 @@ public final class SunPKCS11 extends AuthProvider {
                 System.out.println("Library info:");
                 System.out.println(p11Info);
             }
+
             if ((slotID < 0) || showInfo) {
                 long[] slots = p11.C_GetSlotList(false);
                 if (showInfo) {
@@ -520,24 +521,37 @@ public final class SunPKCS11 extends AuthProvider {
                 m(CKM_MD2));
         d(MD, "MD5",            P11Digest,
                 m(CKM_MD5));
-        d(MD, "SHA1",           P11Digest,              s("SHA", "SHA-1"),
+        d(MD, "SHA1",           P11Digest, s("SHA", "SHA-1"),
                 m(CKM_SHA_1));
+
+        d(MD, "SHA-224",        P11Digest,
+                s("2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4"),
+                m(CKM_SHA224));
         d(MD, "SHA-256",        P11Digest,
+                s("2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"),
                 m(CKM_SHA256));
         d(MD, "SHA-384",        P11Digest,
+                s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"),
                 m(CKM_SHA384));
         d(MD, "SHA-512",        P11Digest,
+                s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"),
                 m(CKM_SHA512));
 
         d(MAC, "HmacMD5",       P11MAC,
                 m(CKM_MD5_HMAC));
         d(MAC, "HmacSHA1",      P11MAC,
                 m(CKM_SHA_1_HMAC));
+        d(MAC, "HmacSHA224",    P11MAC,
+                s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+                m(CKM_SHA224_HMAC));
         d(MAC, "HmacSHA256",    P11MAC,
+                s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
                 m(CKM_SHA256_HMAC));
         d(MAC, "HmacSHA384",    P11MAC,
+                s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
                 m(CKM_SHA384_HMAC));
         d(MAC, "HmacSHA512",    P11MAC,
+                s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
                 m(CKM_SHA512_HMAC));
         d(MAC, "SslMacMD5",     P11MAC,
                 m(CKM_SSL3_MD5_MAC));
@@ -648,11 +662,17 @@ public final class SunPKCS11 extends AuthProvider {
                 m(CKM_ECDSA));
         d(SIG, "SHA1withECDSA", P11Signature,           s("ECDSA"),
                 m(CKM_ECDSA_SHA1, CKM_ECDSA));
+        d(SIG, "SHA224withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
+                m(CKM_ECDSA));
         d(SIG, "SHA256withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
                 m(CKM_ECDSA));
         d(SIG, "SHA384withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
                 m(CKM_ECDSA));
         d(SIG, "SHA512withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
                 m(CKM_ECDSA));
         d(SIG, "MD2withRSA",    P11Signature,
                 m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
@@ -660,11 +680,17 @@ public final class SunPKCS11 extends AuthProvider {
                 m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA1withRSA",   P11Signature,
                 m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+        d(SIG, "SHA224withRSA", P11Signature,
+                s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"),
+                m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA256withRSA", P11Signature,
+                s("1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11"),
                 m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA384withRSA", P11Signature,
+                s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"),
                 m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA512withRSA", P11Signature,
+                s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
 
         /*
diff --git a/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java b/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java
index fa7ad073598..58f778ebbe2 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -630,6 +630,7 @@ public class Functions {
         addMech(CKM_X9_42_DH_DERIVE,            "CKM_X9_42_DH_DERIVE");
         addMech(CKM_X9_42_DH_HYBRID_DERIVE,     "CKM_X9_42_DH_HYBRID_DERIVE");
         addMech(CKM_X9_42_MQV_DERIVE,           "CKM_X9_42_MQV_DERIVE");
+        addMech(CKM_SHA224_RSA_PKCS,            "CKM_SHA224_RSA_PKCS");
         addMech(CKM_SHA256_RSA_PKCS,            "CKM_SHA256_RSA_PKCS");
         addMech(CKM_SHA384_RSA_PKCS,            "CKM_SHA384_RSA_PKCS");
         addMech(CKM_SHA512_RSA_PKCS,            "CKM_SHA512_RSA_PKCS");
@@ -675,6 +676,9 @@ public class Functions {
         addMech(CKM_RIPEMD160,                  "CKM_RIPEMD160");
         addMech(CKM_RIPEMD160_HMAC,             "CKM_RIPEMD160_HMAC");
         addMech(CKM_RIPEMD160_HMAC_GENERAL,     "CKM_RIPEMD160_HMAC_GENERAL");
+        addMech(CKM_SHA224,                     "CKM_SHA224");
+        addMech(CKM_SHA224_HMAC,                "CKM_SHA224_HMAC");
+        addMech(CKM_SHA224_HMAC_GENERAL,        "CKM_SHA224_HMAC_GENERAL");
         addMech(CKM_SHA256,                     "CKM_SHA256");
         addMech(CKM_SHA256_HMAC,                "CKM_SHA256_HMAC");
         addMech(CKM_SHA256_HMAC_GENERAL,        "CKM_SHA256_HMAC_GENERAL");
@@ -734,6 +738,7 @@ public class Functions {
         addMech(CKM_MD5_KEY_DERIVATION,         "CKM_MD5_KEY_DERIVATION");
         addMech(CKM_MD2_KEY_DERIVATION,         "CKM_MD2_KEY_DERIVATION");
         addMech(CKM_SHA1_KEY_DERIVATION,        "CKM_SHA1_KEY_DERIVATION");
+        addMech(CKM_SHA224_KEY_DERIVATION,      "CKM_SHA224_KEY_DERIVATION");
         addMech(CKM_SHA256_KEY_DERIVATION,      "CKM_SHA256_KEY_DERIVATION");
         addMech(CKM_SHA384_KEY_DERIVATION,      "CKM_SHA384_KEY_DERIVATION");
         addMech(CKM_SHA512_KEY_DERIVATION,      "CKM_SHA512_KEY_DERIVATION");
diff --git a/jdk/src/share/classes/sun/security/provider/DigestBase.java b/jdk/src/share/classes/sun/security/provider/DigestBase.java
index 2c7b719b0bc..cbca1235fe6 100644
--- a/jdk/src/share/classes/sun/security/provider/DigestBase.java
+++ b/jdk/src/share/classes/sun/security/provider/DigestBase.java
@@ -39,7 +39,6 @@ import java.security.ProviderException;
  *  . abstract void implCompress(byte[] b, int ofs);
  *  . abstract void implDigest(byte[] out, int ofs);
  *  . abstract void implReset();
- *  . public abstract Object clone();
  *
  * See the inline documentation for details.
  *
@@ -61,7 +60,7 @@ abstract class DigestBase extends MessageDigestSpi implements Cloneable {
     // buffer to store partial blocks, blockSize bytes large
     // Subclasses should not access this array directly except possibly in their
     // implDigest() method. See MD5.java as an example.
-    final byte[] buffer;
+    byte[] buffer;
     // offset into buffer
     private int bufOfs;
 
@@ -83,18 +82,6 @@ abstract class DigestBase extends MessageDigestSpi implements Cloneable {
         buffer = new byte[blockSize];
     }
 
-    /**
-     * Constructor for cloning. Replicates common data.
-     */
-    DigestBase(DigestBase base) {
-        this.algorithm = base.algorithm;
-        this.digestLength = base.digestLength;
-        this.blockSize = base.blockSize;
-        this.buffer = base.buffer.clone();
-        this.bufOfs = base.bufOfs;
-        this.bytesProcessed = base.bytesProcessed;
-    }
-
     // return digest length. See JCA doc.
     protected final int engineGetDigestLength() {
         return digestLength;
@@ -206,12 +193,11 @@ abstract class DigestBase extends MessageDigestSpi implements Cloneable {
      */
     abstract void implReset();
 
-    /**
-     * Clone this digest. Should be implemented as "return new MyDigest(this)".
-     * That constructor should first call "super(baseDigest)" and then copy
-     * subclass specific data.
-     */
-    public abstract Object clone();
+    public Object clone() throws CloneNotSupportedException {
+        DigestBase copy = (DigestBase) super.clone();
+        copy.buffer = copy.buffer.clone();
+        return copy;
+    }
 
     // padding used for the MD5, and SHA-* message digests
     static final byte[] padding;
@@ -223,5 +209,4 @@ abstract class DigestBase extends MessageDigestSpi implements Cloneable {
         padding = new byte[136];
         padding[0] = (byte)0x80;
     }
-
 }
diff --git a/jdk/src/share/classes/sun/security/provider/MD2.java b/jdk/src/share/classes/sun/security/provider/MD2.java
index c0c116ae84a..5d0a3e3e827 100644
--- a/jdk/src/share/classes/sun/security/provider/MD2.java
+++ b/jdk/src/share/classes/sun/security/provider/MD2.java
@@ -39,14 +39,14 @@ import java.util.Arrays;
 public final class MD2 extends DigestBase {
 
     // state, 48 ints
-    private final int[] X;
+    private int[] X;
 
     // checksum, 16 ints. they are really bytes, but byte arithmetic in
     // the JVM is much slower that int arithmetic.
-    private final int[] C;
+    private int[] C;
 
     // temporary store for checksum C during final digest
-    private final byte[] cBytes;
+    private byte[] cBytes;
 
     /**
      * Create a new MD2 digest. Called by the JCA framework
@@ -58,15 +58,12 @@ public final class MD2 extends DigestBase {
         cBytes = new byte[16];
     }
 
-    private MD2(MD2 base) {
-        super(base);
-        this.X = base.X.clone();
-        this.C = base.C.clone();
-        cBytes = new byte[16];
-    }
-
-    public Object clone() {
-        return new MD2(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD2 copy = (MD2) super.clone();
+        copy.X = copy.X.clone();
+        copy.C = copy.C.clone();
+        copy.cBytes = new byte[16];
+        return copy;
     }
 
     // reset state and checksum
diff --git a/jdk/src/share/classes/sun/security/provider/MD4.java b/jdk/src/share/classes/sun/security/provider/MD4.java
index 56ff5a06ae3..e51b2485499 100644
--- a/jdk/src/share/classes/sun/security/provider/MD4.java
+++ b/jdk/src/share/classes/sun/security/provider/MD4.java
@@ -44,9 +44,9 @@ import static sun.security.provider.ByteArrayAccess.*;
 public final class MD4 extends DigestBase {
 
     // state of this object
-    private final int[] state;
+    private int[] state;
     // temporary buffer, used by implCompress()
-    private final int[] x;
+    private int[] x;
 
     // rotation constants
     private static final int S11 = 3;
@@ -93,16 +93,12 @@ public final class MD4 extends DigestBase {
         implReset();
     }
 
-    // Cloning constructor
-    private MD4(MD4 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.x = new int[16];
-    }
-
     // clone this object
-    public Object clone() {
-        return new MD4(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD4 copy = (MD4) super.clone();
+        copy.state = copy.state.clone();
+        copy.x = new int[16];
+        return copy;
     }
 
     /**
diff --git a/jdk/src/share/classes/sun/security/provider/MD5.java b/jdk/src/share/classes/sun/security/provider/MD5.java
index 85830e55010..32e42e5ecd7 100644
--- a/jdk/src/share/classes/sun/security/provider/MD5.java
+++ b/jdk/src/share/classes/sun/security/provider/MD5.java
@@ -39,9 +39,9 @@ import static sun.security.provider.ByteArrayAccess.*;
 public final class MD5 extends DigestBase {
 
     // state of this object
-    private final int[] state;
+    private int[] state;
     // temporary buffer, used by implCompress()
-    private final int[] x;
+    private int[] x;
 
     // rotation constants
     private static final int S11 = 7;
@@ -69,16 +69,12 @@ public final class MD5 extends DigestBase {
         implReset();
     }
 
-    // Cloning constructor
-    private MD5(MD5 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.x = new int[16];
-    }
-
     // clone this object
-    public Object clone() {
-        return new MD5(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD5 copy = (MD5) super.clone();
+        copy.state = copy.state.clone();
+        copy.x = new int[16];
+        return copy;
     }
 
     /**
diff --git a/jdk/src/share/classes/sun/security/provider/SHA.java b/jdk/src/share/classes/sun/security/provider/SHA.java
index 723c64a2b5b..0f13f41b25c 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA.java
@@ -47,10 +47,10 @@ public final class SHA extends DigestBase {
     // 64 bytes are included in each hash block so the low order
     // bits of count are used to know how to pack the bytes into ints
     // and to know when to compute the block and start the next one.
-    private final int[] W;
+    private int[] W;
 
     // state of this
-    private final int[] state;
+    private int[] state;
 
     /**
      * Creates a new SHA object.
@@ -62,19 +62,14 @@ public final class SHA extends DigestBase {
         implReset();
     }
 
-    /**
-     * Creates a SHA object.with state (for cloning) */
-    private SHA(SHA base) {
-        super(base);
-        this.state = base.state.clone();
-        this.W = new int[80];
-    }
-
     /*
      * Clones this object.
      */
-    public Object clone() {
-        return new SHA(this);
+    public Object clone() throws CloneNotSupportedException {
+        SHA copy = (SHA) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new int[80];
+        return copy;
     }
 
     /**
diff --git a/jdk/src/share/classes/sun/security/provider/SHA2.java b/jdk/src/share/classes/sun/security/provider/SHA2.java
index a04ada05a34..54f34545918 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA2.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA2.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import static sun.security.provider.ByteArrayAccess.*;
  * @author      Valerie Peng
  * @author      Andreas Sterbenz
  */
-public final class SHA2 extends DigestBase {
+abstract class SHA2 extends DigestBase {
 
     private static final int ITERATION = 64;
     // Constants for each round
@@ -64,46 +64,30 @@ public final class SHA2 extends DigestBase {
     };
 
     // buffer used by implCompress()
-    private final int[] W;
+    private int[] W;
 
     // state of this object
-    private final int[] state;
+    private int[] state;
+
+    // initial state value. different between SHA-224 and SHA-256
+    private final int[] initialHashes;
 
     /**
      * Creates a new SHA object.
      */
-    public SHA2() {
-        super("SHA-256", 32, 64);
+    SHA2(String name, int digestLength, int[] initialHashes) {
+        super(name, digestLength, 64);
+        this.initialHashes = initialHashes;
         state = new int[8];
         W = new int[64];
         implReset();
     }
 
-    /**
-     * Creates a SHA2 object.with state (for cloning)
-     */
-    private SHA2(SHA2 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.W = new int[64];
-    }
-
-    public Object clone() {
-        return new SHA2(this);
-    }
-
     /**
      * Resets the buffers and hash value to start a new hash.
      */
     void implReset() {
-        state[0] = 0x6a09e667;
-        state[1] = 0xbb67ae85;
-        state[2] = 0x3c6ef372;
-        state[3] = 0xa54ff53a;
-        state[4] = 0x510e527f;
-        state[5] = 0x9b05688c;
-        state[6] = 0x1f83d9ab;
-        state[7] = 0x5be0cd19;
+        System.arraycopy(initialHashes, 0, state, 0, state.length);
     }
 
     void implDigest(byte[] out, int ofs) {
@@ -242,4 +226,38 @@ public final class SHA2 extends DigestBase {
         state[7] += h;
     }
 
+    public Object clone() throws CloneNotSupportedException {
+        SHA2 copy = (SHA2) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new int[64];
+        return copy;
+    }
+
+    /**
+     * SHA-224 implementation class.
+     */
+    public static final class SHA224 extends SHA2 {
+        private static final int[] INITIAL_HASHES = {
+            0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+            0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
+        };
+
+        public SHA224() {
+            super("SHA-224", 28, INITIAL_HASHES);
+        }
+    }
+
+    /**
+     * SHA-256 implementation class.
+     */
+    public static final class SHA256 extends SHA2 {
+        private static final int[] INITIAL_HASHES = {
+            0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+            0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+        };
+
+        public SHA256() {
+            super("SHA-256", 32, INITIAL_HASHES);
+        }
+    }
 }
diff --git a/jdk/src/share/classes/sun/security/provider/SHA5.java b/jdk/src/share/classes/sun/security/provider/SHA5.java
index 413770cc542..851c0706b1c 100644
--- a/jdk/src/share/classes/sun/security/provider/SHA5.java
+++ b/jdk/src/share/classes/sun/security/provider/SHA5.java
@@ -82,10 +82,10 @@ abstract class SHA5 extends DigestBase {
     };
 
     // buffer used by implCompress()
-    private final long[] W;
+    private long[] W;
 
     // state of this object
-    private final long[] state;
+    private long[] state;
 
     // initial state value. different between SHA-384 and SHA-512
     private final long[] initialHashes;
@@ -101,16 +101,6 @@ abstract class SHA5 extends DigestBase {
         implReset();
     }
 
-    /**
-     * Creates a SHA object with state (for cloning)
-     */
-    SHA5(SHA5 base) {
-        super(base);
-        this.initialHashes = base.initialHashes;
-        this.state = base.state.clone();
-        this.W = new long[80];
-    }
-
     final void implReset() {
         System.arraycopy(initialHashes, 0, state, 0, state.length);
     }
@@ -255,6 +245,13 @@ abstract class SHA5 extends DigestBase {
         state[7] += h;
     }
 
+    public Object clone() throws CloneNotSupportedException {
+        SHA5 copy = (SHA5) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new long[80];
+        return copy;
+    }
+
     /**
      * SHA-512 implementation class.
      */
@@ -270,14 +267,6 @@ abstract class SHA5 extends DigestBase {
         public SHA512() {
             super("SHA-512", 64, INITIAL_HASHES);
         }
-
-        private SHA512(SHA512 base) {
-            super(base);
-        }
-
-        public Object clone() {
-            return new SHA512(this);
-        }
     }
 
     /**
@@ -295,14 +284,5 @@ abstract class SHA5 extends DigestBase {
         public SHA384() {
             super("SHA-384", 48, INITIAL_HASHES);
         }
-
-        private SHA384(SHA384 base) {
-            super(base);
-        }
-
-        public Object clone() {
-            return new SHA384(this);
-        }
     }
-
 }
diff --git a/jdk/src/share/classes/sun/security/provider/SunEntries.java b/jdk/src/share/classes/sun/security/provider/SunEntries.java
index 6421afd0fb3..3f0ef1084ce 100644
--- a/jdk/src/share/classes/sun/security/provider/SunEntries.java
+++ b/jdk/src/share/classes/sun/security/provider/SunEntries.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,10 @@ import java.security.*;
  *   identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
  *   "OID.1.2.840.10040.4.3".
  *
+ * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
+ *   SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
+ *   and SHA-512.
+ *
  * - DSA is the key generation scheme as described in FIPS 186.
  *   Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
  *   and "OID.1.2.840.10040.4.1".
@@ -140,9 +144,19 @@ final class SunEntries {
         map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
         map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
 
-        map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2");
+        map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224");
+
+        map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256");
         map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384");
         map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512");
 
         /*
          * Algorithm Parameter Generator engines
diff --git a/jdk/src/share/classes/sun/security/rsa/RSASignature.java b/jdk/src/share/classes/sun/security/rsa/RSASignature.java
index a98ed881d1c..435e283ad23 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSASignature.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSASignature.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,8 @@ import sun.security.x509.AlgorithmId;
  * PKCS#1 RSA signatures with the various message digest algorithms.
  * This file contains an abstract base class with all the logic plus
  * a nested static class for each of the message digest algorithms
- * (see end of the file). We support MD2, MD5, SHA-1, SHA-256, SHA-384,
- * and SHA-512.
+ * (see end of the file). We support MD2, MD5, SHA-1, SHA-224, SHA-256,
+ * SHA-384, and SHA-512.
  *
  * @since   1.5
  * @author  Andreas Sterbenz
@@ -276,6 +276,13 @@ public abstract class RSASignature extends SignatureSpi {
         }
     }
 
+    // Nested class for SHA224withRSA signatures
+    public static final class SHA224withRSA extends RSASignature {
+        public SHA224withRSA() {
+            super("SHA-224", AlgorithmId.SHA224_oid, 11);
+        }
+    }
+
     // Nested class for SHA256withRSA signatures
     public static final class SHA256withRSA extends RSASignature {
         public SHA256withRSA() {
diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
index fc8f5576339..836fc5f201c 100644
--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,6 +52,8 @@ public final class SunRsaSignEntries {
                 "sun.security.rsa.RSASignature$MD5withRSA");
         map.put("Signature.SHA1withRSA",
                 "sun.security.rsa.RSASignature$SHA1withRSA");
+        map.put("Signature.SHA224withRSA",
+                "sun.security.rsa.RSASignature$SHA224withRSA");
         map.put("Signature.SHA256withRSA",
                 "sun.security.rsa.RSASignature$SHA256withRSA");
         map.put("Signature.SHA384withRSA",
@@ -66,6 +68,7 @@ public final class SunRsaSignEntries {
         map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
+        map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
@@ -88,6 +91,9 @@ public final class SunRsaSignEntries {
         map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
         map.put("Alg.Alias.Signature.1.3.14.3.2.29",            "SHA1withRSA");
 
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14",     "SHA224withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
+
         map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11",     "SHA256withRSA");
         map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
 
diff --git a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java
index 4602248c1f3..0504707fa8a 100644
--- a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java
+++ b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -175,9 +175,9 @@ public class AlgorithmId implements Serializable, DerEncoder {
             // it's NULL. They are ---
             // rfc3370 2.1: Implementations SHOULD generate SHA-1
             // AlgorithmIdentifiers with absent parameters.
-            // rfc3447 C1: When id-sha1, id-sha256, id-sha384 and id-sha512
-            // are used in an AlgorithmIdentifier the parameters (which are
-            // optional) SHOULD be omitted.
+            // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
+            // id-sha512 are used in an AlgorithmIdentifier the parameters
+            // (which are optional) SHOULD be omitted.
             // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
             // domain parameters... When omitted, the parameters component
             // MUST be omitted entirely
@@ -185,6 +185,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
             // is used, the AlgorithmIdentifier parameters field MUST be absent.
             /*if (
                 algid.equals((Object)SHA_oid) ||
+                algid.equals((Object)SHA224_oid) ||
                 algid.equals((Object)SHA256_oid) ||
                 algid.equals((Object)SHA384_oid) ||
                 algid.equals((Object)SHA512_oid) ||
@@ -488,7 +489,10 @@ public class AlgorithmId implements Serializable, DerEncoder {
             name.equalsIgnoreCase("SHA512")) {
             return AlgorithmId.SHA512_oid;
         }
-
+        if (name.equalsIgnoreCase("SHA-224") ||
+            name.equalsIgnoreCase("SHA224")) {
+            return AlgorithmId.SHA224_oid;
+        }
 
         // Various public key algorithms
         if (name.equalsIgnoreCase("RSA")) {
@@ -625,6 +629,9 @@ public class AlgorithmId implements Serializable, DerEncoder {
     public static final ObjectIdentifier SHA_oid =
     ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
 
+    public static final ObjectIdentifier SHA224_oid =
+    ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
+
     public static final ObjectIdentifier SHA256_oid =
     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
 
@@ -664,6 +671,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
                                        { 1, 2, 840, 113549, 1, 1, 5 };
     private static final int sha1WithRSAEncryption_OIW_data[] =
                                        { 1, 3, 14, 3, 2, 29 };
+    private static final int sha224WithRSAEncryption_data[] =
+                                       { 1, 2, 840, 113549, 1, 1, 14 };
     private static final int sha256WithRSAEncryption_data[] =
                                        { 1, 2, 840, 113549, 1, 1, 11 };
     private static final int sha384WithRSAEncryption_data[] =
@@ -681,6 +690,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
     public static final ObjectIdentifier md5WithRSAEncryption_oid;
     public static final ObjectIdentifier sha1WithRSAEncryption_oid;
     public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
+    public static final ObjectIdentifier sha224WithRSAEncryption_oid;
     public static final ObjectIdentifier sha256WithRSAEncryption_oid;
     public static final ObjectIdentifier sha384WithRSAEncryption_oid;
     public static final ObjectIdentifier sha512WithRSAEncryption_oid;
@@ -809,6 +819,14 @@ public class AlgorithmId implements Serializable, DerEncoder {
         sha1WithRSAEncryption_OIW_oid =
             ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
 
+    /**
+     * Identifies a signing algorithm where a SHA224 digest is
+     * encrypted using an RSA private key; defined by PKCS #1.
+     * OID = 1.2.840.113549.1.1.14
+     */
+        sha224WithRSAEncryption_oid =
+            ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
+
     /**
      * Identifies a signing algorithm where a SHA256 digest is
      * encrypted using an RSA private key; defined by PKCS #1.
@@ -859,6 +877,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
         nameTable.put(MD5_oid, "MD5");
         nameTable.put(MD2_oid, "MD2");
         nameTable.put(SHA_oid, "SHA");
+        nameTable.put(SHA224_oid, "SHA224");
         nameTable.put(SHA256_oid, "SHA256");
         nameTable.put(SHA384_oid, "SHA384");
         nameTable.put(SHA512_oid, "SHA512");
@@ -881,6 +900,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
         nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
         nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
         nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
+        nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
         nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
         nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
         nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
diff --git a/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java b/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
index 488c2365b00..f29a62af583 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java
@@ -47,6 +47,7 @@ import sun.security.rsa.RSAKeyFactory;
  *
  *  . "NONEwithRSA"
  *  . "SHA1withRSA"
+ *  . "SHA224withRSA"
  *  . "SHA256withRSA"
  *  . "SHA384withRSA"
  *  . "SHA512withRSA"
@@ -57,8 +58,8 @@ import sun.security.rsa.RSAKeyFactory;
  *
  * NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
  *       Only the following digest algorithms are supported: MD5, SHA-1,
- *       SHA-256, SHA-384, SHA-512 and a special-purpose digest algorithm
- *       which is a concatenation of SHA-1 and MD5 digests.
+ *       SHA-224, SHA-256, SHA-384, SHA-512 and a special-purpose digest
+ *       algorithm which is a concatenation of SHA-1 and MD5 digests.
  *
  * @since   1.6
  * @author  Stanley Man-Kit Ho
@@ -180,6 +181,8 @@ abstract class RSASignature extends java.security.SignatureSpi
                 setDigestName("SHA-512");
             } else if (offset == 16) {
                 setDigestName("MD5");
+            } else if (offset == 28) {
+                setDigestName("SHA-224");
             } else {
                 throw new SignatureException(
                     "Message digest length is not supported");
@@ -199,6 +202,12 @@ abstract class RSASignature extends java.security.SignatureSpi
         }
     }
 
+    public static final class SHA224 extends RSASignature {
+        public SHA224() {
+            super("SHA-224");
+        }
+    }
+
     public static final class SHA256 extends RSASignature {
         public SHA256() {
             super("SHA-256");
diff --git a/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java b/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java
index f7df7ce4a8f..bcba08c739a 100644
--- a/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java
+++ b/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,18 +81,30 @@ public final class SunMSCAPI extends Provider {
          */
         // NONEwithRSA must be supplied with a pre-computed message digest.
         // Only the following digest algorithms are supported: MD5, SHA-1,
-        // SHA-256, SHA-384, SHA-512 and a special-purpose digest algorithm
-        // which is a concatenation of SHA-1 and MD5 digests.
+        // SHA-224, SHA-256, SHA-384, SHA-512 and a special-purpose digest
+        // algorithm which is a concatenation of SHA-1 and MD5 digests.
         map.put("Signature.NONEwithRSA",
             "sun.security.mscapi.RSASignature$Raw");
         map.put("Signature.SHA1withRSA",
             "sun.security.mscapi.RSASignature$SHA1");
+        map.put("Signature.SHA224withRSA",
+            "sun.security.mscapi.RSASignature$SHA224");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14",     "SHA224withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
         map.put("Signature.SHA256withRSA",
             "sun.security.mscapi.RSASignature$SHA256");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11",     "SHA256withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
         map.put("Signature.SHA384withRSA",
             "sun.security.mscapi.RSASignature$SHA384");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12",     "SHA384withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
+
         map.put("Signature.SHA512withRSA",
             "sun.security.mscapi.RSASignature$SHA512");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13",     "SHA512withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
+
         map.put("Signature.MD5withRSA",
             "sun.security.mscapi.RSASignature$MD5");
         map.put("Signature.MD2withRSA",
@@ -103,6 +115,8 @@ public final class SunMSCAPI extends Provider {
             "sun.security.mscapi.Key");
         map.put("Signature.SHA1withRSA SupportedKeyClasses",
             "sun.security.mscapi.Key");
+        map.put("Signature.SHA224withRSA SupportedKeyClasses",
+            "sun.security.mscapi.Key");
         map.put("Signature.SHA256withRSA SupportedKeyClasses",
             "sun.security.mscapi.Key");
         map.put("Signature.SHA384withRSA SupportedKeyClasses",
diff --git a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java
index 2d7d8863b08..55b501ebf36 100644
--- a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java
+++ b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,6 +58,7 @@ public class TestOAEP {
         Cipher.getInstance("RSA/ECB/OAEPwithMD5andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA1andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-1andMGF1Padding");
+        Cipher.getInstance("RSA/ECB/OAEPwithSHA-224andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-384andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-512andMGF1Padding");
@@ -88,6 +89,18 @@ public class TestOAEP {
         // tests alias works
         testEncryptDecrypt("SHA-1", 16);
 
+        // basic test using SHA-224
+        testEncryptDecrypt("SHA-224", 0);
+        testEncryptDecrypt("SHA-224", 16);
+        testEncryptDecrypt("SHA-224", 38);
+        try {
+            testEncryptDecrypt("SHA-224", 39);
+            throw new Exception("Unexpectedly completed call");
+        } catch (IllegalBlockSizeException e) {
+            // ok
+            System.out.println(e);
+        }
+
         // basic test using SHA-256
         testEncryptDecrypt("SHA-256", 0);
         testEncryptDecrypt("SHA-256", 16);
@@ -195,6 +208,7 @@ public class TestOAEP {
         System.out.println("Done (" + (stop - start) + " ms).");
     }
 
+    // NOTE: OAEP can process up to (modLen - 2*digestLen - 2) bytes of data
     private static void testEncryptDecrypt(String hashAlg, int dataLength) throws Exception {
         System.out.println("Testing OAEP with hash " + hashAlg + ", " + dataLength + " bytes");
         Cipher c = Cipher.getInstance("RSA/ECB/OAEPwith" + hashAlg + "andMGF1Padding", cp);
diff --git a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java
index 366467b2bf6..1a152859f35 100644
--- a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java
+++ b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -121,6 +121,7 @@ public class TestOAEPParameterSpec {
     public static void main(String[] argv) throws Exception {
         boolean status = true;
         byte[] p = { (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04 };
+        status &= runTest("SHA-224", MGF1ParameterSpec.SHA224, p);
         status &= runTest("SHA-256", MGF1ParameterSpec.SHA256, p);
         status &= runTest("SHA-384", MGF1ParameterSpec.SHA384, p);
         status &= runTest("SHA-512", MGF1ParameterSpec.SHA512, p);
diff --git a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java
index 97ee3a82ead..13bdfe1a31b 100644
--- a/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java
+++ b/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,10 +47,10 @@ public class TestOAEPWithParams {
     private static Random random = new Random();
 
     private static String MD[] = {
-        "MD5", "SHA1", "SHA-256"
+        "MD5", "SHA1", "SHA-224", "SHA-256"
     };
     private static int DATA_LENGTH[] = {
-        62, 54, 30
+        62, 54, 34, 30
     };
     public static void main(String[] args) throws Exception {
         long start = System.currentTimeMillis();
diff --git a/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java b/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java
index d037c2290ef..3fc55b7f8c3 100644
--- a/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java
+++ b/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4628062
+ * @bug 4628062 4963723
  * @summary Verify that AES KeyGenerator supports default initialization
  *      when init is not called
  * @author Valerie Peng
@@ -34,39 +34,45 @@ import java.util.*;
 
 public class Test4628062 {
 
-    private static final String ALGO = "AES";
-    private static final int[] KEYSIZES =
-        { 16, 24, 32 }; // in bytes
+    private static final int[] AES_SIZES = { 16, 24, 32 }; // in bytes
+    private static final int[] HMACSHA224_SIZES = { 28 };
+    private static final int[] HMACSHA256_SIZES = { 32 };
+    private static final int[] HMACSHA384_SIZES = { 48 };
+    private static final int[] HMACSHA512_SIZES = { 64 };
 
-    public boolean execute() throws Exception {
-        KeyGenerator kg = KeyGenerator.getInstance(ALGO, "SunJCE");
+    public boolean execute(String algo, int[] keySizes) throws Exception {
+        KeyGenerator kg = KeyGenerator.getInstance(algo, "SunJCE");
 
         // TEST FIX 4628062
         Key keyWithDefaultSize = kg.generateKey();
         byte[] encoding = keyWithDefaultSize.getEncoded();
-        if (encoding.length == 0) {
+        int defKeyLen = encoding.length ;
+        if (defKeyLen == 0) {
             throw new Exception("default key length is 0!");
+        } else if (defKeyLen != keySizes[0]) {
+            throw new Exception("default key length mismatch!");
         }
 
         // BONUS TESTS
-        // 1. call init(int keysize) with various valid key sizes
-        // and see if the generated key is the right size.
-        for (int i=0; i 1) {
+            // 1. call init(int keysize) with various valid key sizes
+            // and see if the generated key is the right size.
+            for (int i=0; i 512) {
diff --git a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java
index 13c55339429..fd11d0cb67b 100644
--- a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java
+++ b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,6 +81,7 @@ public class TestSignatures extends PKCS11Test {
         testSignature("MD2withRSA", privateKey, publicKey);
         testSignature("MD5withRSA", privateKey, publicKey);
         testSignature("SHA1withRSA", privateKey, publicKey);
+        testSignature("SHA224withRSA", privateKey, publicKey);
         testSignature("SHA256withRSA", privateKey, publicKey);
         RSAPublicKey rsaKey = (RSAPublicKey)publicKey;
         if (rsaKey.getModulus().bitLength() > 512) {
diff --git a/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java b/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java
index a49c5ce8707..c6746de867b 100644
--- a/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java
+++ b/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4819771 4834179 5008306
+ * @bug 4819771 4834179 5008306 4963723
  * @summary Basic known-answer-test for all our MessageDigest algorithms
  * @author Andreas Sterbenz
  */
@@ -190,6 +190,12 @@ public class DigestKAT {
         t("SHA1", ALONG, "ce:56:53:59:08:04:ba:a9:36:9f:72:d4:83:ed:9e:ba:72:f0:4d:29"),
         t("SHA1", BLONG, "1d:a8:1a:de:8d:1e:d0:82:ba:12:13:e2:56:26:30:fc:05:b8:8d:a6"),
 
+        t("SHA-224", s(""), "d1:4a:02:8c:2a:3a:2b:c9:47:61:02:bb:28:82:34:c4:15:a2:b0:1f:82:8e:a6:2a:c5:b3:e4:2f"),
+        t("SHA-224", s("abc"), "23:09:7d:22:34:05:d8:22:86:42:a4:77:bd:a2:55:b3:2a:ad:bc:e4:bd:a0:b3:f7:e3:6c:9d:a7"),
+        t("SHA-224", s("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"), "75:38:8b:16:51:27:76:cc:5d:ba:5d:a1:fd:89:01:50:b0:c6:45:5c:b4:f5:8b:19:52:52:25:25"),
+        t("SHA-224", s("The quick brown fox jumps over the lazy dog"), "73:0e:10:9b:d7:a8:a3:2b:1c:b9:d9:a0:9a:a2:32:5d:24:30:58:7d:db:c0:c3:8b:ad:91:15:25"),
+        t("SHA-224", s("The quick brown fox jumps over the lazy dog."), "61:9c:ba:8e:8e:05:82:6e:9b:8c:51:9c:0a:5c:68:f4:fb:65:3e:8a:3d:8a:a0:4b:b2:c8:cd:4c"),
+
         t("SHA-256", s(""), "e3:b0:c4:42:98:fc:1c:14:9a:fb:f4:c8:99:6f:b9:24:27:ae:41:e4:64:9b:93:4c:a4:95:99:1b:78:52:b8:55"),
         t("SHA-256", s("a"), "ca:97:81:12:ca:1b:bd:ca:fa:c2:31:b3:9a:23:dc:4d:a7:86:ef:f8:14:7c:4e:72:b9:80:77:85:af:ee:48:bb"),
         t("SHA-256", s("abc"), "ba:78:16:bf:8f:01:cf:ea:41:41:40:de:5d:ae:22:23:b0:03:61:a3:96:17:7a:9c:b4:10:ff:61:f2:00:15:ad"),
diff --git a/jdk/test/sun/security/provider/MessageDigest/Offsets.java b/jdk/test/sun/security/provider/MessageDigest/Offsets.java
index 691278e3d18..eaa98fcbd75 100644
--- a/jdk/test/sun/security/provider/MessageDigest/Offsets.java
+++ b/jdk/test/sun/security/provider/MessageDigest/Offsets.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,6 +80,7 @@ public class Offsets {
         test("MD2", 0, 64, 0, 128);
         test("MD5", 0, 64, 0, 128);
         test("SHA1", 0, 64, 0, 128);
+        test("SHA-224", 0, 64, 0, 128);
         test("SHA-256", 0, 64, 0, 128);
         test("SHA-384", 0, 128, 0, 256);
         test("SHA-512", 0, 128, 0, 256);
diff --git a/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java b/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java
index 376bb4696a4..f1d1089f39a 100644
--- a/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java
+++ b/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
 /**
  * @test
  * @bug 4775971
- * @summary test the clone implementation of SHA, SHA-256,
+ * @summary test the clone implementation of SHA, SHA-224, SHA-256,
  *          SHA-384, SHA-512 MessageDigest implementation.
  */
 import java.security.*;
@@ -33,7 +33,7 @@ import java.util.*;
 public class TestSHAClone {
 
     private static final String[] ALGOS = {
-        "SHA", "SHA-256", "SHA-512", "SHA-384"
+        "SHA", "SHA-224", "SHA-256", "SHA-512", "SHA-384"
     };
 
     private static byte[] input1 = {
diff --git a/jdk/test/sun/security/rsa/TestKeyPairGenerator.java b/jdk/test/sun/security/rsa/TestKeyPairGenerator.java
index 88ab075bced..5e661b08ef1 100644
--- a/jdk/test/sun/security/rsa/TestKeyPairGenerator.java
+++ b/jdk/test/sun/security/rsa/TestKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4853305 4865198 4888410
+ * @bug 4853305 4865198 4888410 4963723
  * @summary Verify that the RSA KeyPairGenerator works
  * @author Andreas Sterbenz
  */
@@ -60,6 +60,7 @@ public class TestKeyPairGenerator {
         testSignature("MD2withRSA", privateKey, publicKey);
         testSignature("MD5withRSA", privateKey, publicKey);
         testSignature("SHA1withRSA", privateKey, publicKey);
+        testSignature("SHA224withRSA", privateKey, publicKey);
         testSignature("SHA256withRSA", privateKey, publicKey);
         RSAPublicKey rsaKey = (RSAPublicKey)publicKey;
         if (rsaKey.getModulus().bitLength() > 512) {
diff --git a/jdk/test/sun/security/rsa/TestSignatures.java b/jdk/test/sun/security/rsa/TestSignatures.java
index 2293077dd20..1933f264295 100644
--- a/jdk/test/sun/security/rsa/TestSignatures.java
+++ b/jdk/test/sun/security/rsa/TestSignatures.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4853305
+ * @bug 4853305 4963723
  * @summary Test signing/verifying using all the signature algorithms
  * @author Andreas Sterbenz
  */
@@ -80,6 +80,7 @@ public class TestSignatures {
         testSignature("MD2withRSA", privateKey, publicKey);
         testSignature("MD5withRSA", privateKey, publicKey);
         testSignature("SHA1withRSA", privateKey, publicKey);
+        testSignature("SHA224withRSA", privateKey, publicKey);
         testSignature("SHA256withRSA", privateKey, publicKey);
         RSAPublicKey rsaKey = (RSAPublicKey)publicKey;
         if (rsaKey.getModulus().bitLength() > 512) {