Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10983

Unable to use BouncyCastleFipsProvider with IBM java

XMLWordPrintable

    • Hide
      • Copy bouncy castle fips jar bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext
      • Register Bouncy Castle Provider into java.security file 
        security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
      • run EAP
      Show
      Copy bouncy castle fips jar bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext Register Bouncy Castle Provider into java.security file security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider run EAP

      FIPS bouncy castle is not possible to use with IBM java.
      Probably nothing can be done on EAP side as it seems as problem in Bouncy Castle.
      As bc-fips-1.0.0.jar is certified as is, it can't be easily patched. Can be retried once new version will be certified.

      Exception in thread "main" java.lang.NoClassDefFoundError: org.bouncycastle.crypto.CryptoServicesRegistrar (initialization failure)
	at java.lang.J9VMInternals.initializationAlreadyFailed(J9VMInternals.java:91)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:233)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:218)
	at java.security.AccessController.doPrivileged(AccessController.java:594)
	at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:218)
	at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:199)
	at sun.security.jca.ProviderList.loadAll(ProviderList.java:294)
	at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:311)
	at sun.security.jca.Providers.getFullProviderList(Providers.java:181)
	at java.security.Security.insertProviderAt(Security.java:371)
	at java.security.Security.addProvider(Security.java:414)
	at org.jboss.modules.Main.lambda$main$0(Main.java:503)
	at org.jboss.modules.Main$$Lambda$28.0000000020D59F00.run(Unknown Source)
	at java.security.AccessController.doPrivileged(AccessController.java:620)
	at org.jboss.modules.Main.main(Main.java:502)
Caused by: org.bouncycastle.crypto.fips.FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE
	at org.bouncycastle.crypto.fips.SelfTestExecutor.validate(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsRSA.rsaKasTest(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsRSA.<clinit>(Unknown Source)
	at java.lang.Class.forNameImpl(Native Method)
	at java.lang.Class.forName(Class.java:278)
	at org.bouncycastle.crypto.fips.FipsStatus.loadClass(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus.access$200(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(Unknown Source)
	at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)
	at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)
	at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:233)
	at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:218)
	at java.security.AccessController.doPrivileged(AccessController.java:594)
	at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:218)
	at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:199)
	at sun.security.jca.ProviderList.loadAll(ProviderList.java:294)
	at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:311)
	at sun.security.jca.Providers.getFullProviderList(Providers.java:181)
	at java.security.Security.getProviders(Security.java:463)
	at com.ibm.security.jgss.k.e(k.java:115)
	at com.ibm.security.jgss.k.a(k.java:90)
	at com.ibm.security.jgss.k.<init>(k.java:67)
	at com.ibm.security.jgss.GSSManagerImpl.<init>(GSSManagerImpl.java:35)
	at org.ietf.jgss.GSSManager.getInstance(GSSManager.java:103)
	at org.wildfly.security.sasl.gs2.Gs2SaslClientFactory.<init>(Gs2SaslClientFactory.java:65)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:391)
	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:415)
	at java.util.ServiceLoader$1.next(ServiceLoader.java:491)
	at org.wildfly.security.WildFlyElytronProvider.putSaslMechanismImplementations(WildFlyElytronProvider.java:329)
	at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:158)
	at java.lang.J9VMInternals.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1899)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:391)
	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:415)
	at java.util.ServiceLoader$1.next(ServiceLoader.java:491)
	at org.jboss.modules.Main.main(Main.java:499)

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: