000015102 - Crypto-J: JCE provider FIPS 140 self-verification fails under IBM WAS 7 with IBM JDK 1.6

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015102
Applies ToCrypto-J 4.0
JCE Provider
IBM WebSphere Application Server 7
IBM WAS 7
IBM Java 6
IBM JDK 1.6
IssueCrypto-J: JCE provider FIPS 140 self-verification fails under IBM WAS 7 with IBM JDK 1.6
java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
...
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: FIPS186PRNG, provider: JsafeJCE, class: com.rsa.cryptoj.s.c)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:184)
...
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: FIPS186PRNG, provider: JsafeJCE, class: com.rsa.cryptoj.s.c)
at java.security.Provider$Service.newInstance(Provider.java:1245)
...
Caused by: java.lang.SecurityException: An internal FIPS 140 self-verification test has failed. Algorithm HMAC has been disabled.
at com.rsa.cryptoj.s.GE.d(Unknown Source)
CauseThe Crypto-J 4.0 JCE provider does not work with IBM's implementation of Java 6 (JDK 1.6).
ResolutionUpgrading to Crypto-J 4.1 or 5.0 should solve the problem.
NotesNone of Crypto-J 4.0, 4.1 and 5.0 were tested with IBM JDK 1.6 (except on AIX) prior to release.  In subsequent tests, Crypto-J 4.0 was shown to have this problem, while Crypto-J 4.1 and 5.0 worked fine.
Legacy Article IDa52831

Attachments

    Outcomes