-
Bug
-
Resolution: Not an Issue
-
P3
-
8u161
-
x86_64
-
linux
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
Using JCE providers that lack support for MD5 causes failures in various JCE API calls. It is therefore currently impossible to use the Oracle JRE in environments that require FIPS 140-2 compliance, as use of MD5 is not permitted.
When javax.crypto.JceSecurity is initialized, it attempts to use javax.crypto.JarVerifier to validate the signatures of the JCE policy files. JarVerifier.testCertificates (seemingly non-deterministically) validates these certificates against a set of hard-coded X.509 certificates, two of which have MD5withRSA signatures.
These hard-coded certificates appear to be development / test certificates. See below:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, L=Cupertino, O=Sun Microsystems, OU=Java Software, CN=JCE Development
Validity
Not Before: Oct 31 15:27:44 2002 GMT
Not After : Oct 31 15:27:44 2007 GMT
Subject: C=US, ST=CA, L=Cupertino, O=Sun Microsystems, OU=Java Software, CN=JCE Development
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:af:53:92:5d:a3:b3:a6:75:68:a8:bd:8b:a9:2e:
7e:1c:bc:b5:91:5b:c1:c2:23:3f:13:98:98:4f:d7:
99:6a:08:44:f2:ab:c5:fb:87:c4:4e:2a:56:50:d4:
d6:09:0c:c7:47:87:03:24:62:4e:97:d3:66:ef:bb:
44:2e:11:12:e1
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
2f:e5:9c:54:5c:a3:fa:25:e5:11:53:55:41:b3:4e:39:49:56:
9a:59:97:1a:23:4a:29:79:c8:74:d7:1c:d5:95:32:8b:e2:56:
d3:39:a5:7d:9e:e2:53:f7:91:62:11:04:24:1c:1d:ad:4a:32:
88:63:86:2e:8e:e9:8b:a2:73:00
-----BEGIN CERTIFICATE-----
MIIB4DCCAYoCAQIwDQYJKoZIhvcNAQEEBQAwezELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMRIwEAYDVQQHEwlDdXBlcnRpbm8xGTAXBgNVBAoTEFN1biBNaWNyb3N5
c3RlbXMxFjAUBgNVBAsTDUphdmEgU29mdHdhcmUxGDAWBgNVBAMTD0pDRSBEZXZl
bG9wbWVudDAeFw0wMjEwMzExNTI3NDRaFw0wNzEwMzExNTI3NDRaMHsxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRkwFwYDVQQK
ExBTdW4gTWljcm9zeXN0ZW1zMRYwFAYDVQQLEw1KYXZhIFNvZnR3YXJlMRgwFgYD
VQQDEw9KQ0UgRGV2ZWxvcG1lbnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr1OS
XaOzpnVoqL2LqS5+HLy1kVvBwiM/E5iYT9eZaghE8qvF+4fETipWUNTWCQzHR4cD
JGJOl9Nm77tELhES4QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAL+WcVFyj+iXlEVNV
QbNOOUlWmlmXGiNKKXnIdNcc1ZUyi+JW0zmlfZ7iU/eRYhEEJBwdrUoyiGOGLo7p
i6JzAA==
-----END CERTIFICATE-----
This issue was reported previously by someone else to https://bugs.openjdk.java.net/browse/JDK-8173244, but this bug does not appear to apply to the OpenJDK's javax.crypto.JarVerifier implementation. The suggestion that the signatures on the JCE provider itself are at fault does not fit with my understanding of the Oracle implementation.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This problem can be reproduced using the Bouncy Castle FIPS provider in approved-only mode, however I believe it will occur with *any* JRE configured with JCE providers that do not support MD5.
Please see https://bugs.openjdk.java.net/browse/JDK-8173244.
ACTUAL -
A call to javax.crypto.Cipher.getInstance("AES/CBC/NoPadding") results in the following exception:
java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
at javax.crypto.Cipher.getInstance(Cipher.java:515)
at Test.test_javax_crypto_cipher_getinstance_aes_cbc_nopadding(Test.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.junit.runner.JUnitCore.runMain(JUnitCore.java:77)
at org.junit.runner.JUnitCore.main(JUnitCore.java:36)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:228)
... 37 more
Caused by: java.security.PrivilegedActionException: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.4 Signature not available
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:186)
... 37 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.4 Signature not available
at java.security.Signature.getInstance(Signature.java:229)
at org.bouncycastle.jcajce.provider.X509CertificateObject.getSignatureFromProvider(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at javax.crypto.JarVerifier.testSignatures(JarVerifier.java:775)
at javax.crypto.JarVerifier.access$400(JarVerifier.java:37)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:222)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:187)
... 39 more
A subsequent call to javax.crypto.Mac.getinstance("HmacSHA384") results in:
java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.JceSecurity
at javax.crypto.Mac.getInstance(Mac.java:176)
at Test.test_javax_crypto_mac_getinstance_hmacsha384(Test.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.junit.runner.JUnitCore.runMain(JUnitCore.java:77)
at org.junit.runner.JUnitCore.main(JUnitCore.java:36)
REPRODUCIBILITY :
This bug can be reproduced often.
A DESCRIPTION OF THE PROBLEM :
Using JCE providers that lack support for MD5 causes failures in various JCE API calls. It is therefore currently impossible to use the Oracle JRE in environments that require FIPS 140-2 compliance, as use of MD5 is not permitted.
When javax.crypto.JceSecurity is initialized, it attempts to use javax.crypto.JarVerifier to validate the signatures of the JCE policy files. JarVerifier.testCertificates (seemingly non-deterministically) validates these certificates against a set of hard-coded X.509 certificates, two of which have MD5withRSA signatures.
These hard-coded certificates appear to be development / test certificates. See below:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, L=Cupertino, O=Sun Microsystems, OU=Java Software, CN=JCE Development
Validity
Not Before: Oct 31 15:27:44 2002 GMT
Not After : Oct 31 15:27:44 2007 GMT
Subject: C=US, ST=CA, L=Cupertino, O=Sun Microsystems, OU=Java Software, CN=JCE Development
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:af:53:92:5d:a3:b3:a6:75:68:a8:bd:8b:a9:2e:
7e:1c:bc:b5:91:5b:c1:c2:23:3f:13:98:98:4f:d7:
99:6a:08:44:f2:ab:c5:fb:87:c4:4e:2a:56:50:d4:
d6:09:0c:c7:47:87:03:24:62:4e:97:d3:66:ef:bb:
44:2e:11:12:e1
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
2f:e5:9c:54:5c:a3:fa:25:e5:11:53:55:41:b3:4e:39:49:56:
9a:59:97:1a:23:4a:29:79:c8:74:d7:1c:d5:95:32:8b:e2:56:
d3:39:a5:7d:9e:e2:53:f7:91:62:11:04:24:1c:1d:ad:4a:32:
88:63:86:2e:8e:e9:8b:a2:73:00
-----BEGIN CERTIFICATE-----
MIIB4DCCAYoCAQIwDQYJKoZIhvcNAQEEBQAwezELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMRIwEAYDVQQHEwlDdXBlcnRpbm8xGTAXBgNVBAoTEFN1biBNaWNyb3N5
c3RlbXMxFjAUBgNVBAsTDUphdmEgU29mdHdhcmUxGDAWBgNVBAMTD0pDRSBEZXZl
bG9wbWVudDAeFw0wMjEwMzExNTI3NDRaFw0wNzEwMzExNTI3NDRaMHsxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRkwFwYDVQQK
ExBTdW4gTWljcm9zeXN0ZW1zMRYwFAYDVQQLEw1KYXZhIFNvZnR3YXJlMRgwFgYD
VQQDEw9KQ0UgRGV2ZWxvcG1lbnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr1OS
XaOzpnVoqL2LqS5+HLy1kVvBwiM/E5iYT9eZaghE8qvF+4fETipWUNTWCQzHR4cD
JGJOl9Nm77tELhES4QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAL+WcVFyj+iXlEVNV
QbNOOUlWmlmXGiNKKXnIdNcc1ZUyi+JW0zmlfZ7iU/eRYhEEJBwdrUoyiGOGLo7p
i6JzAA==
-----END CERTIFICATE-----
This issue was reported previously by someone else to https://bugs.openjdk.java.net/browse/JDK-8173244, but this bug does not appear to apply to the OpenJDK's javax.crypto.JarVerifier implementation. The suggestion that the signatures on the JCE provider itself are at fault does not fit with my understanding of the Oracle implementation.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This problem can be reproduced using the Bouncy Castle FIPS provider in approved-only mode, however I believe it will occur with *any* JRE configured with JCE providers that do not support MD5.
Please see https://bugs.openjdk.java.net/browse/JDK-8173244.
ACTUAL -
A call to javax.crypto.Cipher.getInstance("AES/CBC/NoPadding") results in the following exception:
java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
at javax.crypto.Cipher.getInstance(Cipher.java:515)
at Test.test_javax_crypto_cipher_getinstance_aes_cbc_nopadding(Test.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.junit.runner.JUnitCore.runMain(JUnitCore.java:77)
at org.junit.runner.JUnitCore.main(JUnitCore.java:36)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:228)
... 37 more
Caused by: java.security.PrivilegedActionException: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.4 Signature not available
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:186)
... 37 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.4 Signature not available
at java.security.Signature.getInstance(Signature.java:229)
at org.bouncycastle.jcajce.provider.X509CertificateObject.getSignatureFromProvider(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at javax.crypto.JarVerifier.testSignatures(JarVerifier.java:775)
at javax.crypto.JarVerifier.access$400(JarVerifier.java:37)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:222)
at javax.crypto.JarVerifier$1.run(JarVerifier.java:187)
... 39 more
A subsequent call to javax.crypto.Mac.getinstance("HmacSHA384") results in:
java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.JceSecurity
at javax.crypto.Mac.getInstance(Mac.java:176)
at Test.test_javax_crypto_mac_getinstance_hmacsha384(Test.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.junit.runner.JUnitCore.runMain(JUnitCore.java:77)
at org.junit.runner.JUnitCore.main(JUnitCore.java:36)
REPRODUCIBILITY :
This bug can be reproduced often.
- duplicates
-
-
- Closed
-