JDK-8250661 : Java 11.0.8 breaks USAF EW-Unified-3.5.7-FIPS.jar
  • Type: Bug
  • Component: security-libs
  • Affected Version: 11.0.8-oracle
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2020-07-23
  • Updated: 2020-11-18
  • Resolved: 2020-07-28
Related Reports
Duplicate :  
JDK-8248505 - Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider
Duplicate :  
JDK-8248505 - Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider
Description
ADDITIONAL SYSTEM INFORMATION :
Mac OS X (Mojave) 10.14.6 (18G6020)

$ java -version
java version "11.0.8" 2020-07-14 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.8+10-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.8+10-LTS, mixed mode)




A DESCRIPTION OF THE PROBLEM :
EW-Unified-3.5.7-FIPS.jar (available from https://www.tens.af.mil/docs/EncryptionWizard-Unified-3.5.7-FIPS.zip) uses the Bouncy Castle FIPS crypto library.  It fails to launch under 11.0.8.  It works (or rather worked) under Java 11.0.7.

It would seem that this is related to ( https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8248505 ) which popped up (and was fixed) in Java 15 beta.  It would appear that this bug (but not the fix: oops!) was backported to Java 11.0.8.  Note that this bug is >incorrectly< marked as fixed in 11.0.8.

REGRESSION : Last worked in version 11

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Double click on EW-Unified-3.5.7-FIPS.jar to try to launch it.

or try to launch from command line: $ java -jar EW-Unified-3.5.7-FIPS.jar

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program launch.
ACTUAL -
$ java -jar EW-Unified-3.5.7-FIPS.jar --verbose
WARNING: Unknown module: jdk.crypto.mscapi specified to --add-opens
11:08:10.915 [EW_Main]         INFO  EncryptionWizard - INIT; startup '/Library/Java/JavaVirtualMachines/jdk-11.0.8.jdk/Contents/Home/bin/java --add-exports=java.base/sun.security.jca=ALL-UNNAMED --add-opens=java.base/sun.security.jca=ALL-UNNAMED --add-opens=java.base/sun.security.provider=ALL-UNNAMED --add-opens=jdk.crypto.mscapi/sun.security.mscapi=ALL-UNNAMED -Djava.io.tmpdir=/private/var/folders/p2/yz5svxhd4gdcmtrsktn56wyc0000gn/T/ewzd.1805979493.d -Dafrlew.load.userdir=/Users/outer/Downloads/EncryptionWizard-Unified-3.5.7-FIPS' in /Users/outer/Downloads/EncryptionWizard-Unified-3.5.7-FIPS
11:08:10.922 [EW_Main]         INFO  EncryptionWizard - INIT; command afrlew.wizard.EncryptionWizard --verbose
11:08:10.922 [EW_Main]         INFO  EncryptionWizard - INIT; JRE 11.0.8 running Encryption Wizard 3.5.7-FIPS, Unified FIPS Edition
11:08:12.015 [EW_Main]         INFO  Crypto - [0] BCFIPS validation passes
11:08:12.016 [EW_Main]         INFO  Crypto - [0] FIPS provider loaded as "BCFIPS"
11:08:12.027 [EW_Main]         INFO  EscrowKeyManager - Escrow keys disabled for this build.
11:08:12.029 [EW_Main]         INFO  Crypto - [0] Setting key size to 128
11:08:12.049 [EW_Main]         ERROR EncryptionWizard - initAES fatal error, about to exit
java.lang.ExceptionInInitializerError: null
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:540)
	at afrlew.crypto.Hut8$Hut4.probeKeySize(Hut8.java:1482)
	at afrlew.crypto.Hut8$Hut4.keyStrengthDescription(Hut8.java:1442)
	at afrlew.wizard.EncryptionWizard.initAESkeysize(EncryptionWizard.java:744)
	at afrlew.wizard.EncryptionWizard.continuity(EncryptionWizard.java:1282)
	at afrlew.Self.lambda$startup$4(Self.java:493)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Service not registered with Provider BCFIPS: BCFIPS: SecureRandom.DEFAULT -> org.bouncycastle.jcajce.provider.random.DefSecureRandom
  attributes: {ImplementedIn=Software}

	at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:294)
	at java.base/java.security.SecureRandom.<init>(SecureRandom.java:219)
	at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:80)
	... 7 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: Service not registered with Provider BCFIPS: BCFIPS: SecureRandom.DEFAULT -> org.bouncycastle.jcajce.provider.random.DefSecureRandom
  attributes: {ImplementedIn=Software}

	at java.base/java.security.Provider$Service.newInstance(Provider.java:1855)
	at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:290)
	... 9 common frames omitted
<EW> Serious error (Could not probe for 'AES/CBC/PKCS5Padding' crypto capabilities!), data and stack trace follow:
[java.lang.ExceptionInInitializerError]: <<null>>
java.base/javax.crypto.Cipher.getInstance(Cipher.java:540)
afrlew.crypto.Hut8$Hut4.probeKeySize(Hut8.java:1482)
afrlew.crypto.Hut8$Hut4.keyStrengthDescription(Hut8.java:1442)
afrlew.wizard.EncryptionWizard.initAESkeysize(EncryptionWizard.java:744)
afrlew.wizard.EncryptionWizard.continuity(EncryptionWizard.java:1282)
afrlew.Self.lambda$startup$4(Self.java:493)
java.base/java.lang.Thread.run(Thread.java:834)

<EW> Chained cause with numbered stack traces follows:  [c1] [java.lang.RuntimeException]: <<java.security.NoSuchAlgorithmException: Service not registered with Provider BCFIPS: BCFIPS: SecureRandom.DEFAULT -> org.bouncycastle.jcajce.provider.random.DefSecureRandom
  attributes: {ImplementedIn=Software}
>>
[c1] java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:294)
[c1] java.base/java.security.SecureRandom.<init>(SecureRandom.java:219)
[c1] java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:80)
[c1] java.base/javax.crypto.Cipher.getInstance(Cipher.java:540)
[c1] afrlew.crypto.Hut8$Hut4.probeKeySize(Hut8.java:1482)
[c1] afrlew.crypto.Hut8$Hut4.keyStrengthDescription(Hut8.java:1442)
[c1] afrlew.wizard.EncryptionWizard.initAESkeysize(EncryptionWizard.java:744)
[c1] afrlew.wizard.EncryptionWizard.continuity(EncryptionWizard.java:1282)
[c1] afrlew.Self.lambda$startup$4(Self.java:493)
[c1] java.base/java.lang.Thread.run(Thread.java:834)
[c2] [java.security.NoSuchAlgorithmException]: <<Service not registered with Provider BCFIPS: BCFIPS: SecureRandom.DEFAULT -> org.bouncycastle.jcajce.provider.random.DefSecureRandom
  attributes: {ImplementedIn=Software}
>>
[c2] java.base/java.security.Provider$Service.newInstance(Provider.java:1855)
[c2] java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:290)
[c2] java.base/java.security.SecureRandom.<init>(SecureRandom.java:219)
[c2] java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:80)
[c2] java.base/javax.crypto.Cipher.getInstance(Cipher.java:540)
[c2] afrlew.crypto.Hut8$Hut4.probeKeySize(Hut8.java:1482)
[c2] afrlew.crypto.Hut8$Hut4.keyStrengthDescription(Hut8.java:1442)
[c2] afrlew.wizard.EncryptionWizard.initAESkeysize(EncryptionWizard.java:744)
[c2] afrlew.wizard.EncryptionWizard.continuity(EncryptionWizard.java:1282)
[c2] afrlew.Self.lambda$startup$4(Self.java:493)
[c2] java.base/java.lang.Thread.run(Thread.java:834)

**
** This is almost certainly a bug.  Please consider filing a bug report with 
** <Wright-PattersonAFRL.RYW_ATSPI_Outreach@us.af.mil> containing as much 
** information as possible, including the output of running with 
** '--sys-info'.  
**

11:08:12.065 [EW_Main]         INFO  EncryptionWizard - Exiting with code 2, generic unrecoverable error
Additional error information might be obtainable by adding '--verbose' to the 
command.  


---------- BEGIN SOURCE ----------
Not applicable.  Try "$ java -jar EW-Unified-3.5.7-FIPS.jar --verbose"
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
None.

FREQUENCY : always
Comments
This is a duplicate of JDK-8248505. Closed as duplicate and moved to JDK.
27-07-2020