Adapt BouncyCastleFeature to KDF-related changes in JDK 25+23

timfel · timfel · commit 6f7907607e22 · 2025-05-22T19:14:13.000+02:00
diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/BouncyCastleFeature.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/BouncyCastleFeature.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * The Universal Permissive License (UPL), Version 1.0
@@ -60,8 +60,19 @@ public void afterRegistration(AfterRegistrationAccess access) {
             support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV", "RNG");
             Security.addProvider(CertUtils.BOUNCYCASTLE_PROVIDER);
 
+            // This is needed since jdk-25+23, see https://github.com/openjdk/jdk/pull/24393
+            Security.addProvider(Security.getProvider("SunJCE"));
+
             // Register runtime reflection here, not in a config, so it can be easily disabled
             String[] reflectiveClasses = new String[]{
+                            // SSLBasicKeyDerivation looks up the classes below reflectively since
+                            // jdk-25+23
+                            // See https://github.com/openjdk/jdk/pull/24393
+                            "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA256",
+                            "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA384",
+                            "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA512",
+                            "sun.security.pkcs11.P11HKDF",
+                            // BouncyCastle looks up the classes below
                             "org.bouncycastle.jcajce.provider.asymmetric.COMPOSITE$Mappings",
                             "org.bouncycastle.jcajce.provider.asymmetric.DH$Mappings",
                             "org.bouncycastle.jcajce.provider.asymmetric.DSA$Mappings",
@@ -160,9 +171,10 @@ public void afterRegistration(AfterRegistrationAccess access) {
 
             for (String name : reflectiveClasses) {
                 try {
-                    RuntimeReflection.register(Class.forName(name).getConstructor());
-                } catch (NoSuchMethodException | SecurityException | ClassNotFoundException e) {
-                    throw new RuntimeException("Could not register " + name + " constructor for reflective access!", e);
+                    RuntimeReflection.register(Class.forName(name));
+                    RuntimeReflection.register(Class.forName(name).getConstructors());
+                } catch (SecurityException | ClassNotFoundException e) {
+                    throw new RuntimeException("Could not register " + name + " for reflective access!", e);
                 }
             }
         }
