Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update an OpenJDK exclude tests list for FIPS 140-2 #116

Open
WilburZjh opened this issue Jun 20, 2022 · 2 comments
Open

Update an OpenJDK exclude tests list for FIPS 140-2 #116

WilburZjh opened this issue Jun 20, 2022 · 2 comments

Comments

@WilburZjh
Copy link
Contributor

Currently, only 4 restrictive security providers can be used when FIPS mode is enabled. So there may be some tests failed due to the limitations of the specific types of providers. This issue aims to update the OpenJDK exclude tests list “ProblemList-fips.txt” for the FIPS testing.
@WilburZjh
Copy link
Contributor Author

WilburZjh commented Jun 20, 2022
edited
Loading

Sanity.openjdk Failures Exclude List for FIPS Testing

Hard coded provider SunJCE in the test codes, or related to both SunJCE and SunRsaSign providers.
com/sun/crypto/provider/Cipher/AEAD/Encrypt.java.Encrypt
com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java.GCMLargeDataKAT
com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java.GCMParameterSpecTest
com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java.KeyWrapper
com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java.ReadWriteSkip
com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java.SameBuffer
com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java.SealedObjectTest
com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java.WrongAAD
com/sun/crypto/provider/Cipher/AES/CICO.java.CICO
com/sun/crypto/provider/Cipher/AES/CTR.java.CTR
com/sun/crypto/provider/Cipher/AES/Padding.java.Padding
com/sun/crypto/provider/Cipher/AES/Test4511676.java.Test4511676
com/sun/crypto/provider/Cipher/AES/Test4512524.java.Test4512524
com/sun/crypto/provider/Cipher/AES/Test4512704.java.Test4512704
com/sun/crypto/provider/Cipher/AES/Test4513830.java.Test4513830
com/sun/crypto/provider/Cipher/AES/Test4517355.java.Test4517355
com/sun/crypto/provider/Cipher/AES/Test4626070.java.Test4626070
com/sun/crypto/provider/Cipher/AES/TestAESCipher.java.TestAESCipher
com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java.TestAESWithDefaultProvider
com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java.TestAESWithRemoveAddProvider
com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java.TestCICOWithGCM
com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java.TestCICOWithGCMAndAAD
com/sun/crypto/provider/Cipher/AES/TestCopySafe.java.TestCopySafe
com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java.TestGCMKeyAndIvCheck
com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java.TestISO10126Padding
com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java.TestKATForECB_IV
com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java.TestKATForECB_VK
com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java.TestKATForECB_VT
com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java.TestKATForGCM
com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java.TestNonexpanding
com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java.TestSameBuffer
com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java.TestShortBuffer
com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java.BlowfishTestVector
com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java.TestCipherBlowfish
com/sun/crypto/provider/Cipher/CTR/CounterMode.java.CounterMode
com/sun/crypto/provider/Cipher/CTS/CTSMode.java.CTSMode
com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java.DESKeyCleanupTest
com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java.DESSecretKeySpec
com/sun/crypto/provider/Cipher/DES/DesAPITest.java.DesAPITest
com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java.DoFinalReturnLen
com/sun/crypto/provider/Cipher/DES/FlushBug.java.FlushBug
com/sun/crypto/provider/Cipher/DES/KeyWrapping.java.KeyWrapping
com/sun/crypto/provider/Cipher/DES/PaddingTest.java.PaddingTest
com/sun/crypto/provider/Cipher/DES/Sealtest.java.Sealtest
com/sun/crypto/provider/Cipher/DES/TestCipherDES.java.TestCipherDES
com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java.TestCipherDESede
com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java.TextPKCS5PaddingTest
com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java.NISTWrapKAT
com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java.TestCipherKeyWrapperTest
com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java.XMLEncKAT
com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java.CheckPBEKeySize
com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java.DecryptWithoutParameters
com/sun/crypto/provider/Cipher/PBE/NegativeLength.java.NegativeLength
com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java.PBEInvalidParamsTest
com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java.PBEKeyCleanupTest
com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java.PBEKeyTest
com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java.PBEKeysAlgorithmNames
com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java.PBEParametersTest
com/sun/crypto/provider/Cipher/PBE/PBES2Test.java.PBES2Test
com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java.PBESameBuffer
com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java.PBESealedObject
com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java.PBKDF2Translate
com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java.PBMacBuffer
com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java.PBMacDoFinalVsUpdate
com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java.PKCS12Cipher
com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java.PKCS12CipherKAT
com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java.PKCS12Oid
com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java.TestCipherKeyWrapperPBEKey
com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java.TestCipherPBE
com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java.TestCipherPBECons
com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java.CipherKAT
com/sun/crypto/provider/Cipher/RSA/TestOAEP.java.TestOAEP
com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java.TestOAEPPadding
com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java.TestOAEPParameterSpec
com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java.TestOAEPWithParams
com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java.TestOAEP_KAT
com/sun/crypto/provider/Cipher/RSA/TestRSA.java.TestRSA
com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java.StrongOrUnlimited
com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java.SunJCEGetInstance
java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java.MultiReleaseJarAPI
java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java.MultiReleaseJarSecurity

Related to DES Cipher
com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java.TestCipherTextLength

Related to ChaCha20, NoSuchAlgorithmException: Cannot find any provider supporting ChaCha20
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java.ChaCha20KAT
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java.ChaCha20KeyGeneratorTest
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java.ChaCha20NoReuse
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java.ChaCha20Poly1305ParamTest
com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java.OutputSizeTest
com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java.ChaCha20CipherUnitTest

Check all the security providers, including SunJCE, SunRsaSign, etc.
java/lang/SecurityManager/CheckSecurityProvider.java.CheckSecurityProvider

Hard coded provider SunRsaSign in the test codes, NoSuchProviderException: no such provider: SunRsaSign
java/math/BigInteger/ModPow65537.java.ModPow65537

Generate Key Pair related
"-keystore ks -storepass changeit -keypass changeit -keyalg rsa -alias a -dname CN=A -genkeypair"
keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
java/util/jar/JarInputStream/ExtraFileInMetaInf.java.ExtraFileInMetaInf

The following 4 failures after reduce the algorithms from Sun and SunEC, they get the existing signed jar from “/test/jdk/java/util/jar/JarFile/“ folder, and get the JarEntry, and then invoke the JarEntry.getCertificates(). The return is “null”.
java/util/jar/JarFile/ScanSignedJar.java.ScanSignedJar
java/util/jar/JarInputStream/ScanSignedJar.java.ScanSignedJar
java/util/jar/JarFile/TurkCert.java.TurkCert
java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java.TestIndexedJarWithBadSignature
java/util/jar/JarFile/SignedJarFileGetInputStream.java.SignedJarFileGetInputStream

Hard-coded provider SunJCE in the test code, or related to both SunJCE and SunRsaSign providers.
com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java.TestNoPaddingModes
com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java.TestGeneral
com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java.TestKeySizeCheck
com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java.SameBufferOverwrite

@WilburZjh
Copy link
Contributor Author

WilburZjh commented Jun 24, 2022
edited
Loading

Extended.openjdk Failures Exclude List for FIPS Testing

KeyStoreException JKS not found
security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java.AmazonCA
security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java.ComodoCA
security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java.DTrustCA
security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java.EntrustCA
security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java.GlobalSignR6CA
security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java.GoDaddyCA
security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java.HaricaCA
security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java.LetsEncryptCA
security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java.SSLCA
security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java.TeliaSoneraCA

DSA, dsaWithSHA1 related
java/security/cert/CertificateFactory/openssl/OpenSSLCert.java.OpenSSLCert
java/security/cert/CertificateFactory/ReturnStream.java.ReturnStream
java/security/cert/CertificateFactory/slowstream.sh.slowstream
java/security/cert/CertPath/Serialize.java.Serialize
java/security/cert/CertPathEncodingTest.java.CertPathEncodingTest
java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java.ValidateCertPath
java/security/cert/CertPathValidatorException/Serial.java.Serial
java/security/cert/PolicyNode/GetPolicyQualifiers.java.GetPolicyQualifiers
java/security/cert/X509CertSelectorTest.java.X509CertSelectorTest
java/security/CodeSigner/Serialize.java.Serialize
java/security/misc/TestDefaultRandom.java.TestDefaultRandom
java/security/SecureClassLoader/DefineClass.java.DefineClass
java/security/Signature/Offsets.java.Offsets
java/security/UnresolvedPermission/AccessorMethods.java.AccessorMethods

SunJGSS and krb5 related
sun/security/krb5/auto/AcceptorSubKey.java.AcceptorSubKey
sun/security/krb5/auto/AcceptPermissions.java.AcceptPermissions
sun/security/krb5/auto/Addresses.java.Addresses
sun/security/krb5/auto/AddressesAndNameType.java.AddressesAndNameType
sun/security/krb5/auto/AlwaysEncPaReq.java.AlwaysEncPaReq
sun/security/krb5/auto/Basic.java.Basic
sun/security/krb5/auto/BasicKrb5Test.java.BasicKrb5Test
sun/security/krb5/auto/BasicProc.java.BasicProc
sun/security/krb5/auto/BogusKDC.java.BogusKDC
sun/security/krb5/auto/CleanState.java.CleanState
sun/security/krb5/auto/CrossRealm.java.CrossRealm
sun/security/krb5/auto/DiffNameSameKey.java.DiffNameSameKey
sun/security/krb5/auto/DiffSaltParams.java.DiffSaltParams
sun/security/krb5/auto/DupEtypes.java.DupEtypes
sun/security/krb5/auto/DynamicKeytab.java.DynamicKeytab
sun/security/krb5/auto/EmptyPassword.java.EmptyPassword
sun/security/krb5/auto/FileKeyTab.java.FileKeyTab
sun/security/krb5/auto/ForwardableCheck.java.ForwardableCheck
sun/security/krb5/auto/Forwarded.java.Forwarded
sun/security/krb5/auto/GSS.java.GSS
sun/security/krb5/auto/GSSUnbound.java.GSSUnbound
sun/security/krb5/auto/HttpNegotiateServer.java.HttpNegotiateServer
sun/security/krb5/auto/HttpsCB.java.HttpsCB
sun/security/krb5/auto/IgnoreChannelBinding.java.IgnoreChannelBinding
sun/security/krb5/auto/KdcPolicy.java.KdcPolicy
sun/security/krb5/auto/KeyPermissions.java.KeyPermissions
sun/security/krb5/auto/KeyTabCompat.java.KeyTabCompat
sun/security/krb5/auto/KPEquals.java.KPEquals
sun/security/krb5/auto/KrbTicket.java.KrbTicket
sun/security/krb5/auto/KvnoNA.java.KvnoNA
sun/security/krb5/auto/LifeTimeInSeconds.java.LifeTimeInSeconds
sun/security/krb5/auto/LoginModuleOptions.java.LoginModuleOptions
sun/security/krb5/auto/LoginNoPass.java.LoginNoPass
sun/security/krb5/auto/LongLife.java.LongLife
sun/security/krb5/auto/ModuleName.java.ModuleName
sun/security/krb5/auto/MoreKvno.java.MoreKvno
sun/security/krb5/auto/MSOID2.java.MSOID2
sun/security/krb5/auto/NewInquireTypes.java.NewInquireTypes
sun/security/krb5/auto/NewSalt.java.NewSalt
sun/security/krb5/auto/NoAddresses.java.NoAddresses
sun/security/krb5/auto/NoInitNoKeytab.java.NoInitNoKeytab
sun/security/krb5/auto/NonAscii.java.NonAscii
sun/security/krb5/auto/NoneReplayCacheTest.java.NoneReplayCacheTest
sun/security/krb5/auto/NonMutualSpnego.java.NonMutualSpnego
sun/security/krb5/auto/NullRenewUntil.java.NullRenewUntil
sun/security/krb5/auto/OkAsDelegate.java.OkAsDelegate
sun/security/krb5/auto/OkAsDelegateXRealm.java.OkAsDelegateXRealm
sun/security/krb5/auto/OnlyDesLogin.java.OnlyDesLogin
sun/security/krb5/auto/PrincipalNameEquals.java.PrincipalNameEquals
sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java.PrincipalSystemPropTest
sun/security/krb5/auto/ReferralsTest.java.ReferralsTest
sun/security/krb5/auto/RefreshKrb5Config.java.RefreshKrb5Config
sun/security/krb5/auto/Renew.java.Renew
sun/security/krb5/auto/Renewal.java.Renewal
sun/security/krb5/auto/ReplayCacheTest.java.ReplayCacheTest
sun/security/krb5/auto/ReplayCacheTestProc.java.ReplayCacheTestProc
sun/security/krb5/auto/ReplayCacheTestProcWithMD5.java.ReplayCacheTestProcWithMD5
sun/security/krb5/auto/RRC.java.RRC
sun/security/krb5/auto/S4U2proxy.java.S4U2proxy
sun/security/krb5/auto/S4U2proxyGSS.java.S4U2proxyGSS
sun/security/krb5/auto/S4U2self.java.S4U2self
sun/security/krb5/auto/S4U2selfAsServer.java.S4U2selfAsServer
sun/security/krb5/auto/S4U2selfAsServerGSS.java.S4U2selfAsServerGSS
sun/security/krb5/auto/S4U2selfGSS.java.S4U2selfGSS
sun/security/krb5/auto/SaslBasic.java.SaslBasic
sun/security/krb5/auto/SaslMutual.java.SaslMutual
sun/security/krb5/auto/SaslUnbound.java.SaslUnbound
sun/security/krb5/auto/SPNEGO.java.SPNEGO
sun/security/krb5/auto/SpnegoLifeTime.java.SpnegoLifeTime
sun/security/krb5/auto/SpnegoReqFlags.java.SpnegoReqFlags
sun/security/krb5/auto/Test5653.java.Test5653
sun/security/krb5/auto/TicketSName.java.TicketSName
sun/security/krb5/auto/TwoOrThree.java.TwoOrThree
sun/security/krb5/auto/TwoPrinces.java.TwoPrinces
sun/security/krb5/auto/TwoTab.java.TwoTab
sun/security/krb5/auto/Unavailable.java.Unavailable
sun/security/krb5/auto/UnboundService.java.UnboundService
sun/security/krb5/auto/UseCacheAndStoreKey.java.UseCacheAndStoreKey
sun/security/krb5/auto/W83.java.W83
sun/security/krb5/etype/KerberosAesSha2.java.KerberosAesSha2
sun/security/krb5/etype/WeakCrypto.java.WeakCrypto
sun/security/krb5/KrbCredSubKey.java.KrbCredSubKey
sun/security/krb5/ktab/BufferBoundary.java.BufferBoundary
sun/security/krb5/ktab/FileKeyTab.java.FileKeyTab
sun/security/krb5/ktab/KeyTabIndex.java.KeyTabIndex
sun/security/krb5/RFC396xTest.java.RFC396xTest
sun/security/krb5/runNameEquals.sh.runNameEquals
sun/security/krb5/ServiceCredsCombination.java.ServiceCredsCombination
sun/security/jgss/GssMemoryIssues.java.GssMemoryIssues
sun/security/jgss/spnego/MSOID.java.MSOID
sun/security/jgss/spnego/NotPreferredMech.java.NotPreferredMech

security.provider.8=XMLDSig related
javax/xml/crypto/dsig/BadXPointer.java.BadXPointer
javax/xml/crypto/dsig/ErrorHandlerPermissions.java.ErrorHandlerPermissions
javax/xml/crypto/dsig/GenerationTests.java.GenerationTests
javax/xml/crypto/dsig/GetInstanceTests.java.GetInstanceTests
javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java.Marshal
javax/xml/crypto/dsig/PSSSpec.java.PSSSpec
javax/xml/crypto/dsig/SecureValidation.java.SecureValidation
javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java.XMLDSigWithSecMgr
javax/xml/crypto/dsig/TransformService/NullParent.java.NullParent
javax/xml/crypto/dsig/ValidationTests.java.ValidationTests
javax/xml/crypto/dsig/FileSocketPermissions.java.FileSocketPermissions

Related to SunJCE or SunRsaSign, no such provider: SunJCE or no such provider: SunRsaSign
javax/crypto/Cipher/CipherInputStreamExceptions.java.CipherInputStreamExceptions
javax/crypto/Cipher/GetMaxAllowed.java.GetMaxAllowed
javax/crypto/Cipher/TestCipherMode.java.TestCipherMode
javax/crypto/Cipher/TestGetInstance.java.TestGetInstance
javax/crypto/CipherSpi/DirectBBRemaining.java.DirectBBRemaining
javax/crypto/CryptoPermission/AllPermCheck.java.AllPermCheck
javax/crypto/CryptoPermission/LowercasePermCheck.java.LowercasePermCheck
javax/crypto/CryptoPermission/RC2PermCheck.java.RC2PermCheck
javax/crypto/CryptoPermission/RC4AliasPermCheck.java.RC4AliasPermCheck
javax/crypto/CryptoPermission/RSANoLimit.java.RSANoLimit
javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java.GetAlgName
javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java.GetKeySpec
javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java.GetKeySpecException
javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java.GetKeySpecException2
javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java.GetKeySpecInvalidEncoding
javax/crypto/KeyGenerator/TestGetInstance.java.TestGetInstance
javax/crypto/Mac/TestGetInstance.java.TestGetInstance
javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java.PBKDF2TranslateTest
javax/crypto/SecretKeyFactory/SecKeyFacSunJCEPrf.java.SecKeyFacSunJCEPrf
javax/crypto/SecretKeyFactory/SecKFTranslateTest.java.SecKFTranslateTest
javax/crypto/spec/DESKeySpec/CheckParity.java.CheckParity
javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java.RC2AlgorithmParameters
com/sun/crypto/provider/CICO/CICODESFuncTest.java.CICODESFuncTest
com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java.CICOPBEFuncTest
com/sun/crypto/provider/Cipher/AEAD/Encrypt.java.Encrypt
com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java.GCMLargeDataKAT
com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java.GCMParameterSpecTest
com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java.KeyWrapper
com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java.ReadWriteSkip
com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java.SameBuffer
com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java.SealedObjectTest
com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java.WrongAAD
com/sun/crypto/provider/Cipher/AES/CICO.java.CICO
com/sun/crypto/provider/Cipher/AES/CTR.java.CTR
com/sun/crypto/provider/Cipher/AES/Padding.java.Padding
com/sun/crypto/provider/Cipher/AES/Test4511676.java.Test4511676
com/sun/crypto/provider/Cipher/AES/Test4512524.java.Test4512524
com/sun/crypto/provider/Cipher/AES/Test4512704.java.Test4512704
com/sun/crypto/provider/Cipher/AES/Test4513830.java.Test4513830
com/sun/crypto/provider/Cipher/AES/Test4517355.java.Test4517355
com/sun/crypto/provider/Cipher/AES/Test4626070.java.Test4626070
com/sun/crypto/provider/Cipher/AES/TestAESCipher.java.TestAESCipher
com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java.TestAESWithDefaultProvider
com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java.TestAESWithRemoveAddProvider
com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java.TestCICOWithGCM
com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java.TestCICOWithGCMAndAAD
com/sun/crypto/provider/Cipher/AES/TestCopySafe.java.TestCopySafe
com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java.TestGCMKeyAndIvCheck
com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java.TestISO10126Padding
com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java.TestKATForECB_IV
com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java.TestKATForECB_VK
com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java.TestKATForECB_VT
com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java.TestKATForGCM
com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java.TestNonexpanding
com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java.TestNoPaddingModes
com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java.TestSameBuffer
com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java.TestShortBuffer
com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java.BlowfishTestVector
com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java.TestCipherBlowfish
com/sun/crypto/provider/Cipher/CTR/CounterMode.java.CounterMode
com/sun/crypto/provider/Cipher/CTS/CTSMode.java.CTSMode
com/sun/crypto/provider/Cipher/DES/DesAPITest.java.DesAPITest
com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java.DESKeyCleanupTest
com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java.DESSecretKeySpec
com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java.DoFinalReturnLen
com/sun/crypto/provider/Cipher/DES/FlushBug.java.FlushBug
com/sun/crypto/provider/Cipher/DES/KeyWrapping.java.KeyWrapping
com/sun/crypto/provider/Cipher/DES/PaddingTest.java.PaddingTest
com/sun/crypto/provider/Cipher/DES/Sealtest.java.Sealtest
com/sun/crypto/provider/Cipher/DES/TestCipherDES.java.TestCipherDES
com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java.TestCipherDESede
com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java.TextPKCS5PaddingTest
com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java.NISTWrapKAT
com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java.TestCipherKeyWrapperTest
com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java.TestGeneral
com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java.TestKeySizeCheck
com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java.XMLEncKAT
com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java.CheckPBEKeySize
com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java.DecryptWithoutParameters
com/sun/crypto/provider/Cipher/PBE/NegativeLength.java.NegativeLength
com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java.PBEInvalidParamsTest
com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java.PBEKeyCleanupTest
com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java.PBEKeysAlgorithmNames
com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java.PBEKeyTest
com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java.PBEParametersTest
com/sun/crypto/provider/Cipher/PBE/PBES2Test.java.PBES2Test
com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java.PBESameBuffer
com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java.PBESealedObject
com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java.PBKDF2Translate
com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java.PBMacBuffer
com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java.PBMacDoFinalVsUpdate
com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java.PKCS12Cipher
com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java.PKCS12CipherKAT
com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java.PKCS12Oid
com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java.TestCipherKeyWrapperPBEKey
com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java.TestCipherPBE
com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java.TestCipherPBECons
com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java.CipherKAT
com/sun/crypto/provider/Cipher/RSA/TestOAEP.java.TestOAEP
com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java.TestOAEP_KAT
com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java.TestOAEPPadding
com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java.TestOAEPParameterSpec
com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java.TestOAEPWithParams
com/sun/crypto/provider/Cipher/RSA/TestRSA.java.TestRSA
com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java.SameBufferOverwrite
com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java.StrongOrUnlimited
com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java.SunJCEGetInstance
com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java.DHGenSharedSecret
com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java.DHKeyAgreement2
com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java.DHKeyAgreement3
com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java.DHKeyFactory
com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java.DHKeyGenSpeed
com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java.SameDHKeyStressTest
com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java.SupportedDHKeys
com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java.SupportedDHParamGens
com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java.SupportedDHParamGensLongKey
com/sun/crypto/provider/KeyAgreement/TestExponentSize.java.TestExponentSize
com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java.UnsupportedDHKeys
com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java.PBKDF2HmacSHA1FactoryTest
com/sun/crypto/provider/KeyFactory/TestProviderLeak.java.TestProviderLeak
com/sun/crypto/provider/KeyGenerator/Test4628062.java.Test4628062
com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java.TestExplicitKeyLength
com/sun/crypto/provider/Mac/DigestCloneabilityTest.java.DigestCloneabilityTest
com/sun/crypto/provider/Mac/EmptyByteBufferTest.java.EmptyByteBufferTest
com/sun/crypto/provider/Mac/HmacMD5.java.HmacMD5
com/sun/crypto/provider/Mac/HmacPBESHA1.java.HmacPBESHA1
com/sun/crypto/provider/Mac/HmacSaltLengths.java.HmacSaltLengths
com/sun/crypto/provider/Mac/HmacSHA512.java.HmacSHA512
com/sun/crypto/provider/Mac/LargeByteBufferTest.java.LargeByteBufferTest
com/sun/crypto/provider/Mac/MacClone.java.MacClone
com/sun/crypto/provider/Mac/MacKAT.java.MacKAT
com/sun/crypto/provider/Mac/MacSameTest.java.MacSameTest
com/sun/crypto/provider/Mac/NullByteBufferTest.java.NullByteBufferTest
com/sun/crypto/provider/NSASuiteB/TestAESOids.java.TestAESOids
com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java.TestAESWrapOids
com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java.TestHmacSHAOids
com/sun/crypto/provider/TLS/TestKeyMaterial.java.TestKeyMaterial
com/sun/crypto/provider/TLS/TestLeadingZeroes.java.TestLeadingZeroes
com/sun/crypto/provider/TLS/TestMasterSecret.java.TestMasterSecret
com/sun/crypto/provider/TLS/TestPremaster.java.TestPremaster
com/sun/crypto/provider/TLS/TestPRF.java.TestPRF
com/sun/crypto/provider/TLS/TestPRF12.java.TestPRF12
java/security/KeyAgreement/KeySizeTest.java.KeySizeTest
java/security/KeyAgreement/KeySpecTest.java.KeySpecTest
java/security/KeyAgreement/MultiThreadTest.java.MultiThreadTest
java/security/KeyAgreement/NegativeTest.java.NegativeTest
java/security/KeyFactory/GenerateRSAPrivateCrtKey.java.GenerateRSAPrivateCrtKey
java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java.KeyFactoryGetKeySpecForInvalidSpec
java/security/KeyPairGenerator/GenerateRSAKeyPair.java.GenerateRSAKeyPair
java/security/KeyStore/TestKeyStoreEntry.java.TestKeyStoreEntry
java/security/Security/ClassLoaderDeadlock/Deadlock.sh.Deadlock
java/security/Signature/NONEwithRSA.java.NONEwithRSA
java/security/Signature/SignatureGetInstance.java.SignatureGetInstance
java/security/spec/PKCS8EncodedKeySpec/Algorithm.java.Algorithm

CHACHA20 related
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java.ChaCha20KAT
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java.ChaCha20KeyGeneratorTest
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java.ChaCha20NoReuse
com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java.ChaCha20Poly1305ParamTest
com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java.OutputSizeTest
com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java.ChaCha20CipherUnitTest

java.security.NoSuchAlgorithmException: Cannot find any provider supporting Blowfish
javax/crypto/Cipher/Turkish.java.Turkish

Generated DES key, java.lang.NullPointerException. Or for DES/DESede ciphers
com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java.TestCipherTextLength
com/sun/crypto/provider/CICO/CICOSkipTest.java.CICOSkipTest

FIPS not support SunJCE provider
javax/crypto/Mac/ByteBuffers.java.ByteBuffers
javax/crypto/Cipher/ByteBuffers.java.ByteBuffers

java.security.NoSuchAlgorithmException: RSASSA-PSS KeyPairGenerator not available
java/security/cert/X509Certificate/GetSigAlgParams.java.GetSigAlgParams

java.security.NoSuchAlgorithmException: LDAP CertStore not available
java/security/cert/GetInstance.java.GetInstance

Harded coded for provider Sun, because we remove those non-fips algorithms from Sunjava/security/KeyPairGenerator/Failover.java.Failover
java/security/MessageDigest/ByteBuffers.java.ByteBuffers
java/security/MessageDigest/TestDigestIOStream.java.TestDigestIOStream
java/security/MessageDigest/TestSameLength.java.TestSameLength
java/security/MessageDigest/TestSameValue.java.TestSameValue
java/security/Provider/SupportsParameter.java.SupportsParameter
java/security/Security/CaseInsensitiveAlgNames.java.CaseInsensitiveAlgNames
java/security/Signature/ByteBuffers.java.ByteBuffers
java/security/Signature/TestInitSignWithMyOwnRandom.java.TestInitSignWithMyOwnRandom
java/security/SignedObject/Copy.java.Copy

DSA related
java/security/SignedObject/Chain.java.Chain

P11Signature Unknown mechanism
java/security/Signature/SignatureLength.java.SignatureLength
java/security/Provider/NewInstance.java.NewInstance

Related to com.sun.exp.provider.EXP
java/security/Security/signedfirst/Static.sh.Static
java/security/Security/signedfirst/Dyn.sh.Dyn

'SHA1PRNG'java.security.NoSuchAlgorithmException: SHA1PRNG SecureRandom not available. 'Hash_DRBG'java.security.NoSuchAlgorithmException: DRBG SecureRandom not available. 'HMAC_DRBG'java.security.NoSuchAlgorithmException: DRBG SecureRandom not available. 'CTR_DRBG'java.security.NoSuchAlgorithmException: DRBG SecureRandom not available. Because we remove those from Sun
java/security/SecureRandom/ApiTest.java.ApiTest
java/security/SecureRandom/DefaultAlgo.java.DefaultAlgo
java/security/SecureRandom/DefaultProvider.java.DefaultProvider
java/security/SecureRandom/EnoughSeedTest.java.EnoughSeedTest
java/security/SecureRandom/GetAlgorithm.java.GetAlgorithm
java/security/SecureRandom/GetInstanceTest.java.GetInstanceTest
java/security/SecureRandom/MultiThreadTest.java.MultiThreadTest
java/security/SecureRandom/NoSync.java.NoSync
java/security/SecureRandom/Serialize.java.Serialize
java/security/SecureRandom/SerializedSeedTest.java.SerializedSeedTest

JKS KeyStore not available
java/security/KeyStore/CheckInputStream.java.CheckInputStream
java/security/KeyStore/EntryMethods.java.EntryMethods
java/security/KeyStore/KeyStoreBuilder.java.KeyStoreBuilder
java/security/KeyStore/PBETest.java.PBETest
java/security/KeyStore/ProbeKeystores.java.ProbeKeystores
java/security/KeyStore/TestKeyStoreBasic.java.TestKeyStoreBasic
java/security/Policy/SignedJar/SignedJarTest.java.SignedJarTest

PKCS12 Key related
java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java.GetAndPostTests
java/security/KeyStore/PKCS12/CheckDefaults.java.CheckDefaults
java/security/KeyStore/PKCS12/ConvertP12Test.java.ConvertP12Test
java/security/KeyStore/PKCS12/EntryProtectionTest.java.EntryProtectionTest
java/security/KeyStore/PKCS12/MetadataEmptyTest.java.MetadataEmptyTest
java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java.MetadataStoreLoadTest
java/security/KeyStore/PKCS12/ReadP12Test.java.ReadP12Test
java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java.StoreTrustedCertAPITest
java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java.StoreTrustedCertKeytool
java/security/KeyStore/PKCS12/WriteP12Test.java.WriteP12Test

DSA PKCS8 related
java/security/KeyRep/SerialDSAPubKey.java.SerialDSAPubKey
java/security/KeyRep/SerialOld.java.SerialOld

Related to curves X25519
java/security/KeyAgreement/KeyAgreementTest.java.KeyAgreementTest

no cipher suites in common. javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: TLS Handshake Exception
com/sun/jndi/ldap/LdapCBPropertiesTest.java.LdapCBPropertiesTest

Test key generation of DES and DESEDE
javax/crypto/KeyGenerator/TestKGParity.java.TestKGParity

Related to exist testing jar
java/security/Provider/SecurityProviderModularTest.java.SecurityProviderModularTest

MessageDigest, Signature Engines are not supported in FIPS mode
java/security/MessageDigest/TestCloneable.java.TestCloneable
java/security/Signature/TestCloneable.java.TestCloneable

Related to HmacSHA3-224
javax/crypto/KeyGenerator/CompareKeys.java.CompareKeys

CKR_ENCRYPTED_DATA_LEN_RANGE issue due to a not multiple of AES block size. From the latest PKCS11 Cryptographic Token Interface Base Specification Version 3.0.
javax/crypto/CipherSpi/ResetByteBuffer.java.ResetByteBuffer

Execution failed: `main' threw exception: java.lang.ClassCastException: sun.security.pkcs11.P11Key$P11PrivateKey incompatible with java.security.interfaces.ECPrivateKey
com/sun/crypto/provider/KeyAgreement/ECKeyCheck.java.ECKeyCheck

@WilburZjh WilburZjh mentioned this issue Jun 30, 2022
Merged
@WilburZjh WilburZjh changed the title Update an OpenJDK exclude tests list for FIPS Update an OpenJDK exclude tests list for FIPS 140-2 Feb 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WilburZjh