diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
index 75d04a47b99c5..7ab85b097a100 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
@@ -428,8 +428,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
return new SecretKeySpec(secret, algorithm);
}
} else {
- throw new NoSuchAlgorithmException("Unsupported secret key "
- + "algorithm: "+ algorithm);
+ throw new NoSuchAlgorithmException(
+ "Unsupported secret key algorithm " + algorithm);
}
}
}
diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreement.java b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
index b6ac8db514e77..1beb8e0f9ce71 100644
--- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
@@ -665,13 +665,14 @@ public final int generateSecret(byte[] sharedSecret, int offset)
*
* Java Security Standard Algorithm Names Specification
* for information about standard secret key algorithm names.
- * Use "Generic" if the output will be used as the input keying
+ * Specify "Generic" if the output will be used as the input keying
* material of a key derivation function (KDF).
*
* @return the shared secret key. The length of the key material
* may be adjusted to be compatible with the specified algorithm,
* regardless of whether the key is extractable. If {@code algorithm}
- * is specified as "Generic", the full shared secret will be returned.
+ * is specified as "Generic" and it is supported by the implementation,
+ * the full shared secret will be returned.
*
* @exception IllegalStateException if this key agreement has not been
* initialized or if {@code doPhase} has not been called to supply the
diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java b/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java
index c28d80b22284a..d85eaf559d96a 100644
--- a/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java
@@ -211,13 +211,14 @@ protected abstract int engineGenerateSecret(byte[] sharedSecret,
*
* Java Security Standard Algorithm Names Specification
* for information about standard secret key algorithm names.
- * Use "Generic" if the output will be used as the input keying
+ * Specify "Generic" if the output will be used as the input keying
* material of a key derivation function (KDF).
*
* @return the shared secret key. The length of the key material
* may be adjusted to be compatible with the specified algorithm,
* regardless of whether the key is extractable. If {@code algorithm}
- * is specified as "Generic", the full shared secret will be returned.
+ * is specified as "Generic" and it is supported by the implementation,
+ * the full shared secret will be returned.
*
* @exception IllegalStateException if this key agreement has not been
* initialized or if {@code doPhase} has not been called to supply the
diff --git a/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java b/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java
index eaad069de1914..f46acc68824cf 100644
--- a/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java
+++ b/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java
@@ -256,10 +256,10 @@ protected SecretKey engineGenerateSecret(String algorithm)
throw new NoSuchAlgorithmException("Algorithm must not be null");
}
if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
- throw new NoSuchAlgorithmException
- ("Only supported for algorithm TlsPremasterSecret");
+ throw new NoSuchAlgorithmException(
+ "Unsupported secret key algorithm " + algorithm);
}
- return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
+ return new SecretKeySpec(engineGenerateSecret(), algorithm);
}
private static
diff --git a/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java b/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java
index 01da49cdc6c50..4675fb43b0528 100644
--- a/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java
+++ b/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java
@@ -211,7 +211,7 @@ protected SecretKey engineGenerateSecret(String algorithm)
if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
throw new NoSuchAlgorithmException(
- "Only supported for algorithm TlsPremasterSecret");
+ "Unsupported secret key algorithm " + algorithm);
}
return new SecretKeySpec(engineGenerateSecret(), algorithm);
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
index e60c40b1c42ed..9e4231c78d59e 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
@@ -171,8 +171,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
throw new NoSuchAlgorithmException("Algorithm must not be null");
}
if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
- throw new NoSuchAlgorithmException
- ("Only supported for algorithm TlsPremasterSecret");
+ throw new NoSuchAlgorithmException(
+ "Unsupported secret key algorithm " + algorithm);
}
return nativeGenerateSecret(algorithm);
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
index 06803aeb09a0e..82f3cea33ffce 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
@@ -278,8 +278,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
}
if (!AllowKDF.VALUE) {
- throw new NoSuchAlgorithmException("Unsupported secret key "
- + "algorithm: " + algorithm);
+ throw new NoSuchAlgorithmException(
+ "Unsupported secret key algorithm " + algorithm);
}
byte[] secret = engineGenerateSecret();
diff --git a/test/jdk/java/security/KeyAgreement/Generic.java b/test/jdk/java/security/KeyAgreement/Generic.java
index fabcb2495100c..dcf212dbffe7c 100644
--- a/test/jdk/java/security/KeyAgreement/Generic.java
+++ b/test/jdk/java/security/KeyAgreement/Generic.java
@@ -30,10 +30,13 @@
* @run main/othervm Generic nss
* @run main/othervm -DCUSTOM_P11_CONFIG_NAME=p11-nss-sensitive.txt Generic nss
*/
+import jdk.test.lib.Asserts;
+
import javax.crypto.KeyAgreement;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
+import java.util.List;
public class Generic {
@@ -56,12 +59,12 @@ static void test(Provider p) throws Exception {
var kp1 = g.generateKeyPair();
var kp2 = g.generateKeyPair();
var ka = KeyAgreement.getInstance(s.getAlgorithm(), s.getProvider());
- ka.init(kp1.getPrivate());
- ka.doPhase(kp2.getPublic(), true);
- ka.generateSecret("TlsPremasterSecret");
- ka.init(kp1.getPrivate());
- ka.doPhase(kp2.getPublic(), true);
- ka.generateSecret("Generic");
+ for (var alg : List.of("TlsPremasterSecret", "Generic")) {
+ ka.init(kp1.getPrivate());
+ ka.doPhase(kp2.getPublic(), true);
+ Asserts.assertEquals(
+ ka.generateSecret(alg).getAlgorithm(), alg);
+ }
} catch (Exception e) {
throw e;
}