000012283 - How to fix FIPS 140 self verification integrity test failures

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012283
Applies ToBSAFE/Crypto-J 4.0
Java Cryptography Extension (JCE) Provider
IssueHow to fix FIPS 140 self verification integrity test failures
Exception in thread "main" java.security.NoSuchAlgorithmException: No such algorithm: AES/CBC/PKCS5Padding
    at javax.crypto.Cipher.getInstance(DashoA13*..)
     at javax.crypto.Cipher.getInstance(DashoA13*..)
     at jce.symCipher.AES.go(AES.java:95)
     at jce.symCipher.AES.main(AES.java:37)
     Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: AES, provider: JsafeJCE, class: com.rsa.cryptoj.s.HJ)
    at java.security.Provider$Service.newInstance(Provider.java:1245)
     ... 4 more
    Caused by: java.lang.SecurityException: An internal FIPS 140 self-verification test has failed.  Algorithm AES has been disabled.
CauseCrypto-J support key sizes which are not supported by the limited strength jurisdiction policy files that ship with Sun JDKs.  If the unlimited strength jurisdiction policy files are not installed, the FIPS self-tests will fail when trying to test with these key sizes.
Resolution

From page 6 of the Crypto-J 4.0 Installation Guide (install.pdf):

Jurisdiction Policy files must be downloaded and installed. The Unlimited Strength Jurisdiction Policy Files are required to build and run the samples in this release.  The JDK version installed determines the Jurisdiction Policy File to download. The following table lists the JDK versions and the corresponding download location.
Table 1: JDK Versions and Jurisdiction Policy File Locations
1.4.2 http://java.sun.com/j2se/1.4.2/download.html
1.5 http://java.sun.com/javase/downloads/index_jdk5.jsp
1.6 http://java.sun.com/javase/downloads/index.jsp

Notes

On Windows, these files need to be installed in the [JDK Directory]\jre\lib\security folder.

Legacy Article IDa40475

Attachments

    Outcomes