Bug 2008316

Summary: java-17-openjdk / rhel-8.5: KeyFactories from SunEC provider enabled in FIPS mode
Product: Red Hat Enterprise Linux 8 Reporter: zzambers
Component: java-17-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED WONTFIX QA Contact: OpenJDK QA <java-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: mbalao
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-27 07:28:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description zzambers 2021-09-27 21:51:36 UTC 
KeyFactories from SunEC are enabled in java-17-openjdk in FIPS mode. This looks suspicious as other stuff from SunEC were disabled in JDK17 (e.g. KeyGenerators, see: [1]).

This can be seen by running Cryptotest [2]:
export JAVA_HOME=/usr/lib/jvm/java-17-openjdk
make KeyFactoryTests

(Cryptotest currently fails for KeyFactories from SunEC provider as test requires corresponding KeyGenerators to be available. )

Openjdk build tested:
java-17-openjdk-17.0.0.0.35-4

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1995150
[2] https://github.com/judovana/CryptoTest/tree/master/cryptotest
Comment 3 RHEL Program Management 2023-03-27 07:28:04 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.