Re: [Pki-devel] [PATCH] pki-cfu-0140-Ticket-2346-support-SHA384withRSA.patch

Christina Fu Fri, 17 Jun 2016 17:09:05 -0700

forgot to attach patch... here you go.

On 06/17/2016 04:48 PM, Christina Fu wrote:

This patch adds support for SHA384withRSA signing algorithm.
It addresses ticket: https://fedorahosted.org/pki/ticket/2346java.security.NoSuchAlgorithmException: no such algorithm:OID.1.2.840.113549.1.1.12 for provider Mozilla-JSS when signing a CSRusing SHA384withRSA
Tested to work with
1. the CSR provided by bug reporter in ticket against caServerCertenrollment profile
2. few selected profiles

sample result:

Signature Algorithm: SHA384withRSA - 1.2.840.113549.1.1.12

thanks,
Christina

_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel

>From 2037eaa4f22dbdd5abf03f869506ef74a904824b Mon Sep 17 00:00:00 2001
From: Christina Fu <[email protected]>
Date: Fri, 17 Jun 2016 15:18:52 -0700
Subject: [PATCH] Ticket #2346 support SHA384withRSA This patch adds support
 for SHA384withRSA signing algorithm.

---
 base/ca/shared/profiles/ca/AdminCert.cfg            |  2 +-
 base/ca/shared/profiles/ca/caAdminCert.cfg          |  2 +-
 base/ca/shared/profiles/ca/caAgentFileSigning.cfg   |  2 +-
 base/ca/shared/profiles/ca/caAgentServerCert.cfg    |  2 +-
 base/ca/shared/profiles/ca/caCACert.cfg             |  2 +-
 base/ca/shared/profiles/ca/caCMCUserCert.cfg        |  2 +-
 base/ca/shared/profiles/ca/caCrossSignedCACert.cfg  |  2 +-
 base/ca/shared/profiles/ca/caDirBasedDualCert.cfg   |  2 +-
 base/ca/shared/profiles/ca/caDirPinUserCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caDirUserCert.cfg        |  2 +-
 base/ca/shared/profiles/ca/caDualCert.cfg           |  6 +++---
 base/ca/shared/profiles/ca/caDualRAuserCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caECDirUserCert.cfg      |  2 +-
 base/ca/shared/profiles/ca/caECDualCert.cfg         |  6 +++---
 base/ca/shared/profiles/ca/caECUserCert.cfg         |  2 +-
 base/ca/shared/profiles/ca/caEncECUserCert.cfg      |  2 +-
 base/ca/shared/profiles/ca/caEncUserCert.cfg        |  2 +-
 base/ca/shared/profiles/ca/caFullCMCUserCert.cfg    |  2 +-
 base/ca/shared/profiles/ca/caIPAserviceCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caInstallCACert.cfg      |  2 +-
 .../profiles/ca/caInternalAuthAuditSigningCert.cfg  |  2 +-
 .../profiles/ca/caInternalAuthDRMstorageCert.cfg    |  2 +-
 .../shared/profiles/ca/caInternalAuthOCSPCert.cfg   |  2 +-
 .../shared/profiles/ca/caInternalAuthServerCert.cfg |  2 +-
 .../profiles/ca/caInternalAuthSubsystemCert.cfg     |  2 +-
 .../profiles/ca/caInternalAuthTransportCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caJarSigningCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caOCSPCert.cfg           |  2 +-
 base/ca/shared/profiles/ca/caOtherCert.cfg          |  2 +-
 base/ca/shared/profiles/ca/caRACert.cfg             |  2 +-
 base/ca/shared/profiles/ca/caRARouterCert.cfg       |  2 +-
 base/ca/shared/profiles/ca/caRAagentCert.cfg        |  2 +-
 base/ca/shared/profiles/ca/caRAserverCert.cfg       |  2 +-
 base/ca/shared/profiles/ca/caRouterCert.cfg         |  2 +-
 base/ca/shared/profiles/ca/caServerCert.cfg         |  2 +-
 base/ca/shared/profiles/ca/caSignedLogCert.cfg      |  2 +-
 base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg  |  2 +-
 base/ca/shared/profiles/ca/caStorageCert.cfg        |  2 +-
 base/ca/shared/profiles/ca/caSubsystemCert.cfg      |  2 +-
 base/ca/shared/profiles/ca/caTPSCert.cfg            |  2 +-
 base/ca/shared/profiles/ca/caTransportCert.cfg      |  2 +-
 base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg     |  2 +-
 base/ca/shared/profiles/ca/caUserCert.cfg           |  2 +-
 base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg   |  2 +-
 base/util/src/com/netscape/cmsutil/util/Cert.java   |  2 ++
 base/util/src/netscape/security/pkcs/PKCS10.java    |  2 ++
 .../src/netscape/security/x509/AlgorithmId.java     | 21 +++++++++++++++++++--
 .../src/netscape/security/x509/X509CRLImpl.java     |  6 ++++++
 48 files changed, 77 insertions(+), 50 deletions(-)

diff --git a/base/ca/shared/profiles/ca/AdminCert.cfg b/base/ca/shared/profiles/ca/AdminCert.cfg
index 526d05d493d48c6175a31e99bf139e22bbdc4875..292beb433c914da542f3f99df46aeb9e4fd5dd86 100644
--- a/base/ca/shared/profiles/ca/AdminCert.cfg
+++ b/base/ca/shared/profiles/ca/AdminCert.cfg
@@ -80,7 +80,7 @@ policyset.adminCertSet.7.default.params.exKeyUsageCritical=false
 policyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.adminCertSet.8.constraint.name=No Constraint
-policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.adminCertSet.8.default.name=Signing Alg
 policyset.adminCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caAdminCert.cfg b/base/ca/shared/profiles/ca/caAdminCert.cfg
index f779edb0f221f4a91821bfb562b26cd0dc870f75..6eb784b15e01b2a6c80577b4427ab9bccbad35c9 100644
--- a/base/ca/shared/profiles/ca/caAdminCert.cfg
+++ b/base/ca/shared/profiles/ca/caAdminCert.cfg
@@ -81,7 +81,7 @@ policyset.adminCertSet.7.default.params.exKeyUsageCritical=false
 policyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.adminCertSet.8.constraint.name=No Constraint
-policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC
+policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.adminCertSet.8.default.name=Signing Alg
 policyset.adminCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg
index 26eb171b0aad807d70d10a8c655e166e2d6bc7be..560837391a635c1c70fa6472ac5afa7bc4649664 100644
--- a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg
+++ b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg
@@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/base/ca/shared/profiles/ca/caAgentServerCert.cfg
index 9543383301e725513fd2f2bb79e70f0709c7deb8..924046d477f086724c8770d5b3d30d3c571b7d16 100644
--- a/base/ca/shared/profiles/ca/caAgentServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caAgentServerCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caCACert.cfg b/base/ca/shared/profiles/ca/caCACert.cfg
index faceb8025cf5716fcb56d87f036d431ca22b2783..2f898b8a665cd583011f84d1e7971e35c77ab201 100644
--- a/base/ca/shared/profiles/ca/caCACert.cfg
+++ b/base/ca/shared/profiles/ca/caCACert.cfg
@@ -79,7 +79,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default
 policyset.caCertSet.8.default.params.critical=false
 policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.caCertSet.9.constraint.name=No Constraint
-policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.caCertSet.9.default.name=Signing Alg
 policyset.caCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/base/ca/shared/profiles/ca/caCMCUserCert.cfg
index e703f0cd31f0458347b9ed012f6bc49b891bcb7f..7ff1329c0e66d1fd4f08a500e560d701007ef6b5 100644
--- a/base/ca/shared/profiles/ca/caCMCUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caCMCUserCert.cfg
@@ -80,7 +80,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false
 policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.cmcUserCertSet.8.constraint.name=No Constraint
-policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.cmcUserCertSet.8.default.name=Signing Alg
 policyset.cmcUserCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg b/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
index 6662bdb11d52cf91ac4cb74b5fd767585b9d3642..8fafbdf2240f34f5747cf323167e033d98aa41df 100644
--- a/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
+++ b/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
@@ -76,7 +76,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default
 policyset.caCertSet.8.default.params.critical=false
 policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.caCertSet.9.constraint.name=No Constraint
-policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.caCertSet.9.default.name=Signing Alg
 policyset.caCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg b/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
index 884fef8f53ccf2a27154bda97c862b7f9dd722bb..3f346842cb38101247a0acd3e5ae009cddf9e898 100644
--- a/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
+++ b/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
@@ -89,7 +89,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.encryptionCertSet.9.constraint.name=No Constraint
-policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
 policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.encryptionCertSet.9.default.name=Signing Alg
 policyset.encryptionCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg
index 065a05aabf92690d60934d8253fcdb25482184b4..af2b5e5725100020111dd13b9d6d6583cdac8138 100644
--- a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caDirUserCert.cfg b/base/ca/shared/profiles/ca/caDirUserCert.cfg
index d18dbedf97862dcfb84d43fbd0be0f6cc45a8f0f..b4472970ff79e383c4cbf63423b360f56e2026e6 100644
--- a/base/ca/shared/profiles/ca/caDirUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caDirUserCert.cfg
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caDualCert.cfg b/base/ca/shared/profiles/ca/caDualCert.cfg
index 87c6e6c9e3c754e53eb1ba7cd22467cea31fbe5b..f90f78f6c77209b256a3c3a189af64d8c382df84 100644
--- a/base/ca/shared/profiles/ca/caDualCert.cfg
+++ b/base/ca/shared/profiles/ca/caDualCert.cfg
@@ -89,7 +89,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.encryptionCertSet.9.constraint.name=No Constraint
-policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.encryptionCertSet.9.default.name=Signing Alg
 policyset.encryptionCertSet.9.default.params.signingAlg=-
@@ -161,8 +161,8 @@ policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.signingCertSet.9.constraint.name=No Constraint
-policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.signingCertSet.9.default.name=Signing Alg
 policyset.signingCertSet.9.default.params.signingAlg=-
-policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
diff --git a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg
index 741e26a3fe030d2b4146be52e488f0fe895dec4a..7d61b36acaabfa0b6b14e9877a9dad1c66cebb32 100644
--- a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg
+++ b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg
@@ -88,7 +88,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caECDirUserCert.cfg b/base/ca/shared/profiles/ca/caECDirUserCert.cfg
index da5047840c268ddc9a3f4424a3d49bc8ae657730..c692bcfd74587d65afdbf16070dd56d70113f2a6 100644
--- a/base/ca/shared/profiles/ca/caECDirUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caECDirUserCert.cfg
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caECDualCert.cfg b/base/ca/shared/profiles/ca/caECDualCert.cfg
index 7a8d38172db97dfaf03409be1b8bfc735ef37031..1a51dc6d507f33c596a39624a684c0114f535626 100644
--- a/base/ca/shared/profiles/ca/caECDualCert.cfg
+++ b/base/ca/shared/profiles/ca/caECDualCert.cfg
@@ -89,7 +89,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.encryptionCertSet.9.constraint.name=No Constraint
-policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.encryptionCertSet.9.default.name=Signing Alg
 policyset.encryptionCertSet.9.default.params.signingAlg=-
@@ -161,8 +161,8 @@ policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.signingCertSet.9.constraint.name=No Constraint
-policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.signingCertSet.9.default.name=Signing Alg
 policyset.signingCertSet.9.default.params.signingAlg=-
-policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
diff --git a/base/ca/shared/profiles/ca/caECUserCert.cfg b/base/ca/shared/profiles/ca/caECUserCert.cfg
index a641e5800e73da16d3baa4952057f5164fa52f3c..383af015969f181b299ae83042c562d1a0eed412 100644
--- a/base/ca/shared/profiles/ca/caECUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caECUserCert.cfg
@@ -95,7 +95,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caEncECUserCert.cfg b/base/ca/shared/profiles/ca/caEncECUserCert.cfg
index 66baa4bf86c31a7c4646448b9d59949dc50309f7..9faa4a5b1355008ecc8b679902a6569cb2fce5bd 100644
--- a/base/ca/shared/profiles/ca/caEncECUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caEncECUserCert.cfg
@@ -87,7 +87,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.encryptionCertSet.9.constraint.name=No Constraint
-policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.encryptionCertSet.9.default.name=Signing Alg
 policyset.encryptionCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caEncUserCert.cfg b/base/ca/shared/profiles/ca/caEncUserCert.cfg
index e49faf24e49f364f536bbbb6b1bb30541465ad93..07e78f9d48c2fe9afa41f8a5aabd2c84c30270f3 100644
--- a/base/ca/shared/profiles/ca/caEncUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caEncUserCert.cfg
@@ -89,7 +89,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.encryptionCertSet.9.constraint.name=No Constraint
-policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.encryptionCertSet.9.default.name=Signing Alg
 policyset.encryptionCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg
index 2276f50003c688890d997c7177eeeb9152d004fc..29baeed26233fda0873af7c6ea96955d498b671d 100644
--- a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg
@@ -79,7 +79,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false
 policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.cmcUserCertSet.8.constraint.name=No Constraint
-policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.cmcUserCertSet.8.default.name=Signing Alg
 policyset.cmcUserCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg
index 782df90610631c2d3bda75c158a230c23ed38206..9603758b975b73cfe4bc11b00f432ac577f2f644 100644
--- a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg
+++ b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInstallCACert.cfg b/base/ca/shared/profiles/ca/caInstallCACert.cfg
index d087068eea73ba95a4a54b31e3fbdab101691952..7bdb18002fa2360b32b373cfbbcb5ae553758026 100644
--- a/base/ca/shared/profiles/ca/caInstallCACert.cfg
+++ b/base/ca/shared/profiles/ca/caInstallCACert.cfg
@@ -80,7 +80,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default
 policyset.caCertSet.8.default.params.critical=false
 policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.caCertSet.9.constraint.name=No Constraint
-policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.caCertSet.9.default.name=Signing Alg
 policyset.caCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg
index e0eb13d35dc83e7c4dbabb38c3812d582f3714a0..b850f1c88ddcbae3335270a53719294ecb672857 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg
@@ -74,7 +74,7 @@ policyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false
 policyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false
 policyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.auditSigningCertSet.9.constraint.name=No Constraint
-policyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.auditSigningCertSet.9.default.name=Signing Alg
 policyset.auditSigningCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg
index d5da9f599d8a2a7c28dd83688396a2ae4cd22792..5acc1745aa57e25584efb6122371b09cdd471543 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg
@@ -80,7 +80,7 @@ policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false
 policyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.drmStorageCertSet.9.constraint.name=No Constraint
-policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.drmStorageCertSet.9.default.name=Signing Alg
 policyset.drmStorageCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
index 151dc8129efaed1e1ef35000dfed565ee2d22394..8788f94f3b920ecd1a97544bd9542acc2290fde7 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
@@ -65,7 +65,7 @@ policyset.ocspCertSet.8.default.name=OCSP No Check Extension
 policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false
 policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.ocspCertSet.9.constraint.name=No Constraint
-policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.ocspCertSet.9.default.name=Signing Alg
 policyset.ocspCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
index f145325f0c840ee406bdae0e1e7e52f62ac3fb3b..5d4fbee7501e197afd6cf7bae959c557ad9a1677 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
@@ -81,7 +81,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
index 4106c5feff9a030354fff73298881cd45155962f..3a8c202abe6a38ae5a27e1059af8e922eeaa78dc 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
@@ -82,7 +82,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg
index 538c76071958b81ca5ca3b1a2fc33e2653e50181..9f7680a1f8d57cff937312f4385f6af3b0c363b1 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg
@@ -80,7 +80,7 @@ policyset.transportCertSet.7.default.params.exKeyUsageCritical=false
 policyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.transportCertSet.8.constraint.name=No Constraint
-policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.transportCertSet.8.default.name=Signing Alg
 policyset.transportCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caJarSigningCert.cfg b/base/ca/shared/profiles/ca/caJarSigningCert.cfg
index 36aca18c172afe1f96ad2e786dff52d5c4c42d92..f5f5e629e2fa8d259d7525909accd8263782ddca 100644
--- a/base/ca/shared/profiles/ca/caJarSigningCert.cfg
+++ b/base/ca/shared/profiles/ca/caJarSigningCert.cfg
@@ -80,7 +80,7 @@ policyset.caJarSigningSet.5.default.params.nsCertSSLClient=false
 policyset.caJarSigningSet.5.default.params.nsCertSSLServer=false
 policyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl
 policyset.caJarSigningSet.6.constraint.name=No Constraint
-policyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl
 policyset.caJarSigningSet.6.default.name=Signing Alg
 policyset.caJarSigningSet.6.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caOCSPCert.cfg b/base/ca/shared/profiles/ca/caOCSPCert.cfg
index 61f92a385e83351b620322ff722a373609258668..0a855b983514fb109e9c50e865fc17105d406d6d 100644
--- a/base/ca/shared/profiles/ca/caOCSPCert.cfg
+++ b/base/ca/shared/profiles/ca/caOCSPCert.cfg
@@ -64,7 +64,7 @@ policyset.ocspCertSet.8.default.name=OCSP No Check Extension
 policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false
 policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.ocspCertSet.9.constraint.name=No Constraint
-policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.ocspCertSet.9.default.name=Signing Alg
 policyset.ocspCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caOtherCert.cfg b/base/ca/shared/profiles/ca/caOtherCert.cfg
index 839517a0251826048e35d880ddb1689b906dc230..e5cf627b0c19e721d0cbbe92d72cbdd3e54af08e 100644
--- a/base/ca/shared/profiles/ca/caOtherCert.cfg
+++ b/base/ca/shared/profiles/ca/caOtherCert.cfg
@@ -79,7 +79,7 @@ policyset.otherCertSet.7.default.params.exKeyUsageCritical=false
 policyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
 policyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.otherCertSet.8.constraint.name=No Constraint
-policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.otherCertSet.8.default.name=Signing Alg
 policyset.otherCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caRACert.cfg b/base/ca/shared/profiles/ca/caRACert.cfg
index 2f8d8cbb836ff0632b1c4ef73de514db240a80ee..977456667fa26f610f17de8df2bfe978a77f49b6 100644
--- a/base/ca/shared/profiles/ca/caRACert.cfg
+++ b/base/ca/shared/profiles/ca/caRACert.cfg
@@ -79,7 +79,7 @@ policyset.raCertSet.7.default.params.exKeyUsageCritical=false
 policyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.raCertSet.8.constraint.name=No Constraint
-policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.raCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.raCertSet.8.default.name=Signing Alg
 policyset.raCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caRARouterCert.cfg b/base/ca/shared/profiles/ca/caRARouterCert.cfg
index 28407668699893edbcb517d3eba69e8b2db03195..05b3a7214c6ce8fbbd5667021c810df4d4a402e0 100644
--- a/base/ca/shared/profiles/ca/caRARouterCert.cfg
+++ b/base/ca/shared/profiles/ca/caRARouterCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caRAagentCert.cfg b/base/ca/shared/profiles/ca/caRAagentCert.cfg
index d330e6f0129c7e70673bb860fb3990af424f842f..2199b26fbeea29bb301195d7449a4a5f5c22c0c6 100644
--- a/base/ca/shared/profiles/ca/caRAagentCert.cfg
+++ b/base/ca/shared/profiles/ca/caRAagentCert.cfg
@@ -89,7 +89,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caRAserverCert.cfg b/base/ca/shared/profiles/ca/caRAserverCert.cfg
index 297c001e327da0155875340acd48ad2fbdde1a0e..3a6cefab26e3d33c7940b91ed7a7f2f678493f5c 100644
--- a/base/ca/shared/profiles/ca/caRAserverCert.cfg
+++ b/base/ca/shared/profiles/ca/caRAserverCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caRouterCert.cfg b/base/ca/shared/profiles/ca/caRouterCert.cfg
index 2400c69b8afeec11177717427016dee02ab2ee5a..3364675aa47b70ed0abbd04c5b8692f24729a392 100644
--- a/base/ca/shared/profiles/ca/caRouterCert.cfg
+++ b/base/ca/shared/profiles/ca/caRouterCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caServerCert.cfg b/base/ca/shared/profiles/ca/caServerCert.cfg
index 35254cb7538265d80709fda5580bc74435763c8d..997a056d9dd2a2fb81e2042aa352c098f803c7d2 100644
--- a/base/ca/shared/profiles/ca/caServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caServerCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caSignedLogCert.cfg b/base/ca/shared/profiles/ca/caSignedLogCert.cfg
index 393fe278c63999785ea65e94589590bf6d0bc835..6fdb8b5d3540bfb9fa1665c25cd4087fd4c6e4eb 100644
--- a/base/ca/shared/profiles/ca/caSignedLogCert.cfg
+++ b/base/ca/shared/profiles/ca/caSignedLogCert.cfg
@@ -68,7 +68,7 @@ policyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Defaul
 policyset.caLogSigningSet.8.default.params.critical=false
 policyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.caLogSigningSet.9.constraint.name=No Constraint
-policyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl
 policyset.caLogSigningSet.9.default.name=Signing Alg
 policyset.caLogSigningSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg
index f470a1dc203582389c518bf06cbd17cdb832d7bd..34015e21159389ecf1c0866c43915928df7055e3 100644
--- a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg
@@ -78,7 +78,7 @@ policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false
 policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.cmcUserCertSet.8.constraint.name=No Constraint
-policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.cmcUserCertSet.8.default.name=Signing Alg
 policyset.cmcUserCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caStorageCert.cfg b/base/ca/shared/profiles/ca/caStorageCert.cfg
index 3d99883cdfc8d4797cc0ddf14c4a0865f12eec68..c8e720599102dbae89b4105750ece2abba96baf0 100644
--- a/base/ca/shared/profiles/ca/caStorageCert.cfg
+++ b/base/ca/shared/profiles/ca/caStorageCert.cfg
@@ -79,7 +79,7 @@ policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false
 policyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.drmStorageCertSet.9.constraint.name=No Constraint
-policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.drmStorageCertSet.9.default.name=Signing Alg
 policyset.drmStorageCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caSubsystemCert.cfg b/base/ca/shared/profiles/ca/caSubsystemCert.cfg
index 41a710fc7eca0c59f4a3122e46c56fed6e8e83c8..63fd3a698e25282094a9e9289c962c6b5b4397ef 100644
--- a/base/ca/shared/profiles/ca/caSubsystemCert.cfg
+++ b/base/ca/shared/profiles/ca/caSubsystemCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caTPSCert.cfg b/base/ca/shared/profiles/ca/caTPSCert.cfg
index bcc30a7fd8b88e2f9f1f12a0ad8fca4485ffe0ea..82a217ace894f0f97143a30c23f966e91e898d59 100644
--- a/base/ca/shared/profiles/ca/caTPSCert.cfg
+++ b/base/ca/shared/profiles/ca/caTPSCert.cfg
@@ -79,7 +79,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.serverCertSet.8.constraint.name=No Constraint
-policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.serverCertSet.8.default.name=Signing Alg
 policyset.serverCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caTransportCert.cfg b/base/ca/shared/profiles/ca/caTransportCert.cfg
index 466e2b313316023db9fdc3e9620a73fafbff63c0..20fcb0644085faec21c5d7f34e7900509f2a6308 100644
--- a/base/ca/shared/profiles/ca/caTransportCert.cfg
+++ b/base/ca/shared/profiles/ca/caTransportCert.cfg
@@ -79,7 +79,7 @@ policyset.transportCertSet.7.default.params.exKeyUsageCritical=false
 policyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
 policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl
 policyset.transportCertSet.8.constraint.name=No Constraint
-policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl
 policyset.transportCertSet.8.default.name=Signing Alg
 policyset.transportCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
index fcc9ffc0858af649144b4943bfd3f2eeed4fd1a2..43caf2607c5c1063753de8655fafc1419e59dc77 100644
--- a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
+++ b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=2
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caUserCert.cfg b/base/ca/shared/profiles/ca/caUserCert.cfg
index 0fdc451ca03471116eeed7416cf9f71a42f254a3..917c589d7944d0ce2e5996098986793708653db5 100644
--- a/base/ca/shared/profiles/ca/caUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caUserCert.cfg
@@ -95,7 +95,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
index 06271e4761d8d2bf1291e24a959c62b035c6781e..43b6e85d3628f0fe7c01b8b5fd4dcbbf764a754a 100644
--- a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
+++ b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
@@ -95,7 +95,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
 policyset.userCertSet.9.constraint.name=No Constraint
-policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
 policyset.userCertSet.9.default.name=Signing Alg
 policyset.userCertSet.9.default.params.signingAlg=-
diff --git a/base/util/src/com/netscape/cmsutil/util/Cert.java b/base/util/src/com/netscape/cmsutil/util/Cert.java
index 7dfc18a5df2a678b2325b18cb15c0b56ae984e01..0fe55899306b4b2cc467cdfc1c9f3ae1b6eddf28 100644
--- a/base/util/src/com/netscape/cmsutil/util/Cert.java
+++ b/base/util/src/com/netscape/cmsutil/util/Cert.java
@@ -41,6 +41,8 @@ public class Cert {
             return SignatureAlgorithm.DSASignatureWithSHA1Digest;
         else if (algname.equals("SHA256withRSA"))
             return SignatureAlgorithm.RSASignatureWithSHA256Digest;
+        else if (algname.equals("SHA384withRSA"))
+            return SignatureAlgorithm.RSASignatureWithSHA384Digest;
         else if (algname.equals("SHA512withRSA"))
             return SignatureAlgorithm.RSASignatureWithSHA512Digest;
         else if (algname.equals("SHA1withEC"))
diff --git a/base/util/src/netscape/security/pkcs/PKCS10.java b/base/util/src/netscape/security/pkcs/PKCS10.java
index 4dd9f0f52fedebc58893f881072b99fd3a0a8d55..ea6bd0ec4564d8b3b27a5fc53061d9d31155cc93 100644
--- a/base/util/src/netscape/security/pkcs/PKCS10.java
+++ b/base/util/src/netscape/security/pkcs/PKCS10.java
@@ -181,6 +181,8 @@ public class PKCS10 {
                 idName = "SHA1/RSA";
             else if (idName.equals("SHA1withDSA"))
                 idName = "SHA1/DSA";
+            else if (idName.equals("SHA384withRSA"))
+                idName = "SHA384/RSA";
             else if (idName.equals("SHA1withEC"))
                 idName = "SHA1/EC";
             else if (idName.equals("SHA256withEC"))
diff --git a/base/util/src/netscape/security/x509/AlgorithmId.java b/base/util/src/netscape/security/x509/AlgorithmId.java
index fa69f77f116582c615496eee1361b217e21a008b..08c9c4f46cfadd7e75a3e6c1f61b47b6d6687ec9 100644
--- a/base/util/src/netscape/security/x509/AlgorithmId.java
+++ b/base/util/src/netscape/security/x509/AlgorithmId.java
@@ -329,6 +329,9 @@ public class AlgorithmId implements Serializable, DerEncoder {
         if (name.equals("SHA256withRSA") || name.equals("SHA256/RSA")
                 || name.equals("1.2.840.113549.1.1.11"))
             return AlgorithmId.sha256WithRSAEncryption_oid;
+        if (name.equals("SHA384withRSA") || name.equals("SHA384/RSA")
+                || name.equals("1.2.840.113549.1.1.12"))
+            return AlgorithmId.sha384WithRSAEncryption_oid;
         if (name.equals("SHA512withRSA") || name.equals("SHA512/RSA")
                 || name.equals("1.2.840.113549.1.1.13"))
             return AlgorithmId.sha512WithRSAEncryption_oid;
@@ -364,6 +367,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
             return "SHA";
         if (algid.equals(AlgorithmId.SHA256_oid))
             return "SHA256";
+        if (algid.equals(AlgorithmId.SHA384_oid))
+            return "SHA384";
         if (algid.equals(AlgorithmId.SHA512_oid))
             return "SHA512";
 
@@ -399,6 +404,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
             return "SHA1withRSA";
         if (algid.equals(AlgorithmId.sha256WithRSAEncryption_oid))
             return "SHA256withRSA";
+        if (algid.equals(AlgorithmId.sha384WithRSAEncryption_oid))
+            return "SHA384withRSA";
         if (algid.equals(AlgorithmId.sha512WithRSAEncryption_oid))
             return "SHA512withRSA";
         if (algid.equals(AlgorithmId.sha1WithDSA_oid)
@@ -530,6 +537,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
     // sha = { 1, 3, 14, 3, 2, 18 };
     private static final int SHA1_OIW_data[] = { 1, 3, 14, 3, 2, 26 };
     private static final int SHA256_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
+    private static final int SHA384_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
     private static final int SHA512_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
 
     /**
@@ -553,6 +561,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
     public static final ObjectIdentifier SHA_oid = new ObjectIdentifier(SHA1_OIW_data);
 
     public static final ObjectIdentifier SHA256_oid = new ObjectIdentifier(SHA256_data);
+    public static final ObjectIdentifier SHA384_oid = new ObjectIdentifier(SHA384_data);
 
     public static final ObjectIdentifier SHA512_oid = new ObjectIdentifier(SHA512_data);
 
@@ -651,6 +660,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
                                    { 1, 2, 840, 113549, 1, 1, 5 };
     private static final int sha256WithRSAEncryption_data[] =
                                    { 1, 2, 840, 113549, 1, 1, 11 };
+    private static final int sha384WithRSAEncryption_data[] =
+                                   { 1, 2, 840, 113549, 1, 1, 12 };
     private static final int sha512WithRSAEncryption_data[] =
                                    { 1, 2, 840, 113549, 1, 1, 13 };
     private static final int sha1WithRSAEncryption_OIW_data[] =
@@ -704,6 +715,12 @@ public class AlgorithmId implements Serializable, DerEncoder {
             ObjectIdentifier(sha256WithRSAEncryption_data);
 
     /**
+     * The proper one for sha384/rsa
+     */
+    public static final ObjectIdentifier sha384WithRSAEncryption_oid = new
+            ObjectIdentifier(sha384WithRSAEncryption_data);
+
+    /**
      * The proper one for sha512/rsa
      */
     public static final ObjectIdentifier sha512WithRSAEncryption_oid = new
@@ -749,7 +766,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
      * Supported signing algorithms for a RSA key.
      */
     public static final String[] RSA_SIGNING_ALGORITHMS = new String[]
-    { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" };
+    { "SHA1withRSA", "SHA256withRSA", "SHA384withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" };
 
     public static final String[] EC_SIGNING_ALGORITHMS = new String[]
     { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" };
@@ -759,7 +776,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
      */
     public static final String[] ALL_SIGNING_ALGORITHMS = new String[]
     {
-            "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC",
+            "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA384withRSA", "SHA512withRSA", "SHA1withEC",
             "SHA256withEC", "SHA384withEC", "SHA512withEC" };
 
 }
diff --git a/base/util/src/netscape/security/x509/X509CRLImpl.java b/base/util/src/netscape/security/x509/X509CRLImpl.java
index c48f390509dc1dc405cb2fa0c39b2be8b94a75be..e8e039034576f552006f91be049d4879f18f450a 100755
--- a/base/util/src/netscape/security/x509/X509CRLImpl.java
+++ b/base/util/src/netscape/security/x509/X509CRLImpl.java
@@ -415,6 +415,12 @@ public class X509CRLImpl extends X509CRL {
                 sigAlg = "SHA1/DSA";
             } else if (sigAlg.equals("SHA1withEC")) {
                 sigAlg = "SHA1/EC";
+            } else if (sigAlg.equals("SHA256withRSA")) {
+                sigAlg = "SHA256/RSA";
+            } else if (sigAlg.equals("SHA384withRSA")) {
+                sigAlg = "SHA384/RSA";
+            } else if (sigAlg.equals("SHA512withRSA")) {
+                sigAlg = "SHA512/RSA";
             } else if (sigAlg.equals("SHA256withEC")) {
                 sigAlg = "SHA256/EC";
             } else if (sigAlg.equals("SHA384withEC")) {
-- 
2.4.3

_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] pki-cfu-0140-Ticket-2346-support-SHA384withRSA.patch

Reply via email to