Quantcast

BC-FIPS issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

BC-FIPS issue

Kamal, Murali

Hi All,

 

We are using bc-fips-1.0.0.jar in our java web-application project for encryption/decryption. We have dynamically loaded org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider class, in our application using Security.addProvider(new BouncyCastleFipsProvider()) method.

I have deployed and tested my web-application on different containers like Tomcat 7, Jboss 6.4.3, WildFly 8.2, Weblogic 12c.  It worked fine.

 

Problem:

 

When I deployed the same web application in IBM WebSphere 8.5.5.0 application server, I am getting the following FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE  error, when my code try to load the BouncyCastleFipsProvider class.  

 

 

[12/15/16 9:32:26:388 PST] 00000048 webapp        E com.ibm.ws.webcontainer.webapp.WebApp notifyServletContextCreated SRVE0283E: Exception caught while initializing context: {0}

                                 org.bouncycastle.crypto.fips.FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE

                at org.bouncycastle.crypto.fips.SelfTestExecutor.validate(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.rsaKasTest(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at java.lang.Class.forNameImpl(Native Method)

                at java.lang.Class.forName(Class.java:182)

                at org.bouncycastle.crypto.fips.FipsStatus.loadClass(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.access$200(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:21)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:16)

                at com.ca.integration.normalization.common.NIMServletContextListener.fetchJDBCURL(NIMServletContextListener.java:266)

               

 

Note: WebSphere 8.5.5.0 comes with it’s own IBM JDK.

 

Please let me know, if there is a solution for using bc-fips-1.0.0.jar in IBM WebSphere 8.5.5.0 application server.

 

Thanks In Advance

Chinni.

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: BC-FIPS issue

David Hook

There's no patchable solution or work around to this. It is dealt with in bc-fips-1.0.1 though.

Regards,

David

On 15/12/16 23:11, Kamal, Murali wrote:

Hi All,

 

We are using bc-fips-1.0.0.jar in our java web-application project for encryption/decryption. We have dynamically loaded org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider class, in our application using Security.addProvider(new BouncyCastleFipsProvider()) method.

I have deployed and tested my web-application on different containers like Tomcat 7, Jboss 6.4.3, WildFly 8.2, Weblogic 12c.  It worked fine.

 

Problem:

 

When I deployed the same web application in IBM WebSphere 8.5.5.0 application server, I am getting the following FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE  error, when my code try to load the BouncyCastleFipsProvider class.  

 

 

[12/15/16 9:32:26:388 PST] 00000048 webapp        E com.ibm.ws.webcontainer.webapp.WebApp notifyServletContextCreated SRVE0283E: Exception caught while initializing context: {0}

                                 org.bouncycastle.crypto.fips.FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE

                at org.bouncycastle.crypto.fips.SelfTestExecutor.validate(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.rsaKasTest(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at java.lang.Class.forNameImpl(Native Method)

                at java.lang.Class.forName(Class.java:182)

                at org.bouncycastle.crypto.fips.FipsStatus.loadClass(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.access$200(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:21)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:16)

                at com.ca.integration.normalization.common.NIMServletContextListener.fetchJDBCURL(NIMServletContextListener.java:266)

               

 

Note: WebSphere 8.5.5.0 comes with it’s own IBM JDK.

 

Please let me know, if there is a solution for using bc-fips-1.0.0.jar in IBM WebSphere 8.5.5.0 application server.

 

Thanks In Advance

Chinni.

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: BC-FIPS issue

Kamal, Murali

Thank you for the update David.

Regards,
Murali.

Get Outlook for Android


From: David Hook <[hidden email]>
Sent: Tuesday, December 20, 2016 3:51:46 AM
To: [hidden email]
Subject: Re: [dev-crypto] BC-FIPS issue
 

There's no patchable solution or work around to this. It is dealt with in bc-fips-1.0.1 though.

Regards,

David

On 15/12/16 23:11, Kamal, Murali wrote:

Hi All,

 

We are using bc-fips-1.0.0.jar in our java web-application project for encryption/decryption. We have dynamically loaded org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider class, in our application using Security.addProvider(new BouncyCastleFipsProvider()) method.

I have deployed and tested my web-application on different containers like Tomcat 7, Jboss 6.4.3, WildFly 8.2, Weblogic 12c.  It worked fine.

 

Problem:

 

When I deployed the same web application in IBM WebSphere 8.5.5.0 application server, I am getting the following FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE  error, when my code try to load the BouncyCastleFipsProvider class.  

 

 

[12/15/16 9:32:26:388 PST] 00000048 webapp        E com.ibm.ws.webcontainer.webapp.WebApp notifyServletContextCreated SRVE0283E: Exception caught while initializing context: {0}

                                 org.bouncycastle.crypto.fips.FipsSelfTestFailedError: Self test SVE encryption KAT failed.: RSA/SVE

                at org.bouncycastle.crypto.fips.SelfTestExecutor.validate(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.rsaKasTest(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsRSA.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at java.lang.Class.forNameImpl(Native Method)

                at java.lang.Class.forName(Class.java:182)

                at org.bouncycastle.crypto.fips.FipsStatus.loadClass(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.access$200(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(Unknown Source)

                at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)

                at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)

                at java.lang.J9VMInternals.initializeImpl(Native Method)

                at java.lang.J9VMInternals.initialize(J9VMInternals.java:236)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:21)

                at com.ca.crypto.FIPSCryptoUtilFactory.getUtil(FIPSCryptoUtilFactory.java:16)

                at com.ca.integration.normalization.common.NIMServletContextListener.fetchJDBCURL(NIMServletContextListener.java:266)

               

 

Note: WebSphere 8.5.5.0 comes with it’s own IBM JDK.

 

Please let me know, if there is a solution for using bc-fips-1.0.0.jar in IBM WebSphere 8.5.5.0 application server.

 

Thanks In Advance

Chinni.

 


Loading...