Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10983

Unable to use BouncyCastleFipsProvider with IBM java

    XMLWordPrintable

Details

    • Hide
      • Copy bouncy castle fips jar bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext
      • Register Bouncy Castle Provider into java.security file 
        security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
      • run EAP
      Show
      Copy bouncy castle fips jar bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext Register Bouncy Castle Provider into java.security file security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider run EAP

    Description

      FIPS bouncy castle is not possible to use with IBM java.
      Probably nothing can be done on EAP side as it seems as problem in Bouncy Castle.
      As bc-fips-1.0.0.jar is certified as is, it can't be easily patched. Can be retried once new version will be certified.

      Exception in thread "main" java.lang.NoClassDefFoundError: org.bouncycastle.crypto.CryptoServicesRegistrar (initialization failure)
	at java.lang.J9VMInternals.initializationAlreadyFailed(J9VMInternals.java:91)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:233)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:218)
	at java.security.AccessController.doPrivileged(AccessController.java:594)
	at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:218)
	at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:199)
	at sun.security.jca.ProviderList.loadAll(ProviderList.java:294)
	at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:311)
	at sun.security.jca.Providers.getFullProviderList(Providers.java:181)
	at java.security.Security.insertProviderAt(Security.java:371)
	at java.security.Security.addProvider(Security.java:414)
	at org.jboss.modules.Main.lambda$main$0(Main.java:503)
	at org.jboss.modules.Main$$Lambda$28.0000000020D59F00.run(Unknown Source)
	at java.security.AccessController.doPrivileged(AccessController.java:620)
	at org.jboss.modules.Main.main(Main.java:502)
Caused by: org.bouncycastle.crypto.fips.FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE
	at org.bouncycastle.crypto.fips.SelfTestExecutor.validate(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsRSA.rsaKasTest(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsRSA.<clinit>(Unknown Source)
	at java.lang.Class.forNameImpl(Native Method)
	at java.lang.Class.forName(Class.java:278)
	at org.bouncycastle.crypto.fips.FipsStatus.loadClass(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus.access$200(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)
	at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)
	at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:233)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:218)
	at java.security.AccessController.doPrivileged(AccessController.java:594)
	at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:218)
	at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:199)
	at sun.security.jca.ProviderList.loadAll(ProviderList.java:294)
	at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:311)
	at sun.security.jca.Providers.getFullProviderList(Providers.java:181)
	at java.security.Security.getProviders(Security.java:463)
	at com.ibm.security.jgss.k.e(k.java:115)
	at com.ibm.security.jgss.k.a(k.java:90)
	at com.ibm.security.jgss.k.<init>(k.java:67)
	at com.ibm.security.jgss.GSSManagerImpl.<init>(GSSManagerImpl.java:35)
	at org.ietf.jgss.GSSManager.getInstance(GSSManager.java:103)
	at org.wildfly.security.sasl.gs2.Gs2SaslClientFactory.<init>(Gs2SaslClientFactory.java:65)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:391)
	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:415)
	at java.util.ServiceLoader$1.next(ServiceLoader.java:491)
	at org.wildfly.security.WildFlyElytronProvider.putSaslMechanismImplementations(WildFlyElytronProvider.java:329)
	at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:158)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:391)
	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:415)
	at java.util.ServiceLoader$1.next(ServiceLoader.java:491)
	at org.jboss.modules.Main.main(Main.java:499)

      Attachments

        Activity

          People

            jkalina@redhat.com Jan Kalina (Inactive)
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: