Customer application registers Bouncy Castle as a JCE provider with in Picketlink. There is a bug in Bouncy castle when it is used with Java 11.0.5 and later that causes a crash due to a missing null pointer check. The issue is patched upstream, and they would like the patch applied to the version we release with JBoss EAP.
The attached java file is the file from Bouncy castle 1.60 with the upstream patch applied so it can be compared to the originaly version
Their complete report:
This results in BC implementations of various crypto algorithms being used, e.g., for TLS connections.
Unfortunately, all currently available releases of the BC crypto provider [1] (also Beta 1.65b02 [2]) contain a bug which breaks TLS handshakes when ECDHE key exchange is used. This key exchange mechanism requires the data transferred between the peers to be signed using RSASSA-PSS – a signature scheme whose implementation in BC lacks a null check during its initialization phase.
The problem only occurs since OpenJDK 11.0.5 and 13 due to a regression introduced in OpenJDK by [3] which fixed another compatibility issue with BC. Downgrading the installed JDK to 11.0.4 is not an option, as the issue fixed by [1] will arise and we would lose a number of JDK security fixes. I also strongly believe that BC instead of the JDK is the right place to resolve the defect.
An issue has been opened with BC in [4] which has resulted in a merged pull request in [5], but since there is no ETA on a release of BC that will incorporate this fix, we need a viable interim solution to the problem, otherwise TLS connections with JBoss will not work in our environment.
I've merged the fix from [5] locally to version 1.60 of the BC provider and successfully tested it by manually adjusting the Jboss module org.bouncycastle to use my own patched version of bcprov-jdk15on. Since our client insists on an official solution from Red Hat, I'd like to know if you could build a one-off patch for BC provider for us. I will attach the changed class org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi for BC 1.60 to this ticket.
- clones
JBEAP-18599 [GSS](7.3.z) Picketlink: TLS handshakes with ECDHE fail with Bouncy Castle and Java 11.0.5
- Closed
- is incorporated by
JBEAP-18536 [GSS](7.2.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
- Closed
- links to