SUN/SunRSA SHA1 algorithms required for FIPS?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SUN/SunRSA SHA1 algorithms required for FIPS?

Melanie Coggan

Hi everyone,

 

I'm working on the integrating the new BouncyCastle FIPS module with our software, and I'm running into a strange issue. Due to the nature of our software, which is a framework that other developers build on, in addition to installing the FIPS provider, we also do our best to strip out any non-required algorithms from non-FIPS providers. Basically, we're only leaving the bare minimum that Java needs to start up, and verify JAR files, etc...

 

Here's the issue: if I strip out any of the following algorithms:

·         SunRSA: Signature.SHA1withRSA

·         SUN: Signature.SHA1withDSA

·         SUN: MessageDigest.SHA

·         SUN: Alg.Alias.MessageDigest.SHA-1

 

I get:

java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS5Padding

 

Further debugging revealed that the root cause of that particular problem was actually:

java.util.jar.JarException: file:/D:/my/path/jre/lib/ext/bc-fips-1.0.0.jar has unsigned entries - org/bouncycastle/LICENSE.class

 

Of course, inspecting the BouncyCastle FIPS JARs, it's easy to see that there aren’t, in fact, any unsigned entries. In any case adding the stripped algorithms back in makes everything work like a charm. I'm thinking that what's happening here is that the SUN SHA1 algorithms are used for signature verification. What I find odd is that everything seems to be signed with SHA256, so I'm not sure why SHA1 is required at all.

 

Here's my question: is it a known thing that SHA1 is just required to verify signature and I just have to live with that, or is this a bug in the JRE or in BouncyCastle that should be addressed?

 

Thanks for your time!

-Melanie

 

P.S. By the way, so far the BouncyCastle JARs have been wonderful to work with. We've really appreciated them here at work. This isn't our first foray into FIPS but so far it's been the best.


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SUN/SunRSA SHA1 algorithms required for FIPS?

David Hook

Yes, the actual signature verified by the JCE, as well as the timestamp associated with it rely on the algorithms listed. As it's a bootstrapping process, the JVM uses the default providers.

Regards,

David

On 16/11/16 01:43, Coggan, Melanie wrote:

Hi everyone,

 

I'm working on the integrating the new BouncyCastle FIPS module with our software, and I'm running into a strange issue. Due to the nature of our software, which is a framework that other developers build on, in addition to installing the FIPS provider, we also do our best to strip out any non-required algorithms from non-FIPS providers. Basically, we're only leaving the bare minimum that Java needs to start up, and verify JAR files, etc...

 

Here's the issue: if I strip out any of the following algorithms:

·         SunRSA: Signature.SHA1withRSA

·         SUN: Signature.SHA1withDSA

·         SUN: MessageDigest.SHA

·         SUN: Alg.Alias.MessageDigest.SHA-1

 

I get:

java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS5Padding

 

Further debugging revealed that the root cause of that particular problem was actually:

java.util.jar.JarException: file:/D:/my/path/jre/lib/ext/bc-fips-1.0.0.jar has unsigned entries - org/bouncycastle/LICENSE.class

 

Of course, inspecting the BouncyCastle FIPS JARs, it's easy to see that there aren’t, in fact, any unsigned entries. In any case adding the stripped algorithms back in makes everything work like a charm. I'm thinking that what's happening here is that the SUN SHA1 algorithms are used for signature verification. What I find odd is that everything seems to be signed with SHA256, so I'm not sure why SHA1 is required at all.

 

Here's my question: is it a known thing that SHA1 is just required to verify signature and I just have to live with that, or is this a bug in the JRE or in BouncyCastle that should be addressed?

 

Thanks for your time!

-Melanie

 

P.S. By the way, so far the BouncyCastle JARs have been wonderful to work with. We've really appreciated them here at work. This isn't our first foray into FIPS but so far it's been the best.


Reply | Threaded
Open this post in threaded view
|

RE: SUN/SunRSA SHA1 algorithms required for FIPS?

Melanie Coggan

Thank you very much, David.

 

From: David Hook [mailto:[hidden email]]
Sent: Tuesday, November 15, 2016 3:51 PM
To: Coggan, Melanie <[hidden email]>; [hidden email]
Subject: Re: [dev-crypto] SUN/SunRSA SHA1 algorithms required for FIPS?

 


Yes, the actual signature verified by the JCE, as well as the timestamp associated with it rely on the algorithms listed. As it's a bootstrapping process, the JVM uses the default providers.

Regards,

David

On 16/11/16 01:43, Coggan, Melanie wrote:

Hi everyone,

 

I'm working on the integrating the new BouncyCastle FIPS module with our software, and I'm running into a strange issue. Due to the nature of our software, which is a framework that other developers build on, in addition to installing the FIPS provider, we also do our best to strip out any non-required algorithms from non-FIPS providers. Basically, we're only leaving the bare minimum that Java needs to start up, and verify JAR files, etc...

 

Here's the issue: if I strip out any of the following algorithms:

·         SunRSA: Signature.SHA1withRSA

·         SUN: Signature.SHA1withDSA

·         SUN: MessageDigest.SHA

·         SUN: Alg.Alias.MessageDigest.SHA-1

 

I get:

java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS5Padding

 

Further debugging revealed that the root cause of that particular problem was actually:

java.util.jar.JarException: <a href="file:///D:\my\path\jre\lib\ext\bc-fips-1.0.0.jar">file:/D:/my/path/jre/lib/ext/bc-fips-1.0.0.jar has unsigned entries - org/bouncycastle/LICENSE.class

 

Of course, inspecting the BouncyCastle FIPS JARs, it's easy to see that there aren’t, in fact, any unsigned entries. In any case adding the stripped algorithms back in makes everything work like a charm. I'm thinking that what's happening here is that the SUN SHA1 algorithms are used for signature verification. What I find odd is that everything seems to be signed with SHA256, so I'm not sure why SHA1 is required at all.

 

Here's my question: is it a known thing that SHA1 is just required to verify signature and I just have to live with that, or is this a bug in the JRE or in BouncyCastle that should be addressed?

 

Thanks for your time!

-Melanie

 

P.S. By the way, so far the BouncyCastle JARs have been wonderful to work with. We've really appreciated them here at work. This isn't our first foray into FIPS but so far it's been the best.

 


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: SUN/SunRSA SHA1 algorithms required for FIPS?

Eckenfels. Bernd
In reply to this post by David Hook
Hello,

just for the record, Sean answered my Question in this direction on the OpenJDK security-dev list that Oracle includes a newer certificate in 8U111 (7u121):

http://mail.openjdk.java.net/pipermail/security-dev/2016-November/015174.html
http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html

I guess with this additional certification in place the bc(-fips) JCE provider would work when SHA1 or DSA 1024 is turned off. That would be helpful, not only for the FIPS version.

Gruss
Bernd


From: David Hook [mailto:[hidden email]]
Sent: Tuesday, November 15, 2016 9:51 PM
To: [hidden email]; [hidden email]
Subject: Re: [dev-crypto] SUN/SunRSA SHA1 algorithms required for FIPS?


Yes, the actual signature verified by the JCE, as well as the timestamp associated with it rely on the algorithms listed. As it's a bootstrapping process, the JVM uses the default providers.

Regards,

David










SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.