[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-dev
Subject: [jira] [Comment Edited] (SSHD-1184) SSDH crashes if it can not regiser EdDSA
From: "James Nord (Jira)" <jira () apache ! org>
Date: 2021-06-24 11:18:00
Message-ID: JIRA.13385600.1624532743000.647581.1624533480316 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/SSHD-1184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17368782#comment-17368782 \
]
James Nord edited comment on SSHD-1184 at 6/24/21, 11:17 AM:
-------------------------------------------------------------
sorry I was on an old branch with \{{1.7.0}} will retest.
was (Author: jnord_cbs):
sorry I was on an old branch with \{1.7.0} will retest.
> SSDH crashes if it can not regiser EdDSA
> ----------------------------------------
>
> Key: SSHD-1184
> URL: https://issues.apache.org/jira/browse/SSHD-1184
> Project: MINA SSHD
> Issue Type: Bug
> Reporter: James Nord
> Priority: Major
>
> [SecurityUtil.isEDDSACurveSupported()|https://github.com/apache/mina-sshd/blob/0eb40 \
> a4e162dddb0a38bafa12713856ad7ce1ce0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java] \
> Attempts to register dynamically the EdDSA provider. Whilst this is generally OK in \
> a FIPS compliant environment registering Providers may be restricted by a \
> SecurityManager to prevent the registration of non compliant providers. If the \
> provider can not be registered due to a {{SecurityException}} then the code should \
> just treat this as {{false}} {noformat}
> java.lang.RuntimeException: Failed to register EdDSA as a JCE provider
> at org.apache.sshd.common.util.security.SecurityUtils.registerSecurityProvider(SecurityUtils.java:458)
> at org.apache.sshd.common.util.security.SecurityUtils.register(SecurityUtils.java:412)
> at org.apache.sshd.common.util.security.SecurityUtils.isEDDSACurveSupported(SecurityUtils.java:529)
> at org.apache.sshd.common.signature.BuiltinSignatures$6.isSupported(BuiltinSignatures.java:103)
> at org.apache.sshd.common.NamedFactory.lambda$setUpBuiltinFactories$1(NamedFactory.java:63)
> at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
> at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
> at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
> at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
> at org.apache.sshd.common.NamedFactory.setUpBuiltinFactories(NamedFactory.java:64)
> at org.apache.sshd.common.BaseBuilder.setUpDefaultSignatures(BaseBuilder.java:339)
> at org.apache.sshd.common.BaseBuilder.fillWithDefaultValues(BaseBuilder.java:159)
> at org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:102)
> at org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:53)
> at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:265)
> at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:137)
> at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:53)
> at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:288)
> at org.apache.sshd.server.SshServer.setUpDefaultServer(SshServer.java:412)
> ...
> Caused by: java.lang.SecurityException: Registration of new security Providers is \
> not supported when running in FIPS compliance mode
> ...{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic