bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

bc-fips-2.0.jar: java.security.cert.CertPathValidatorException: OCSP responder failed: 1

Open yhuang01 opened this issue 1 year ago • 8 comments

I am using bc-fips-2.0.jar to do ocsp check for certificate generated from entrust. The ocsp responder url is: http://ocsps.ssl.com/

JDK version: openjdk version "11.0.25" 2024-10-15 LTS OpenJDK Runtime Environment Zulu11.76+22-SA (build 11.0.25+9-LTS) OpenJDK 64-Bit Server VM Zulu11.76+22-SA (build 11.0.25+9-LTS, mixed mode)

However, I keep getting the following error when doing ocsp check:

Caused by: java.security.cert.CertPathValidatorException: OCSP responder failed: 1
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.OcspCache.getOcspResponse(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvOcspRevocationChecker.check(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRevocationChecker.check(Unknown Source)
        at java.base/java.security.cert.PKIXCertPathChecker.check(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.RFC3280CertPathUtilities.processCertA(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.PKIXCertPathValidatorSpi_8.engineValidate(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.PKIXCertPathBuilderSpi_8.build(Unknown Source)

The following is the testing code which can be used to reproduce the issue:

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

import java.io.FileInputStream;
import org.bouncycastle.util.Properties;

import java.security.Security;
import java.security.cert.*;
import java.util.*;

public class PKIXRevocationCheckerTest {

    public static void main(String[] args) throws Exception {
        String path = "/tmpcerts/";

        try {
            // Add Bouncy Castle FIPS as a security provider
            Security.addProvider(new BouncyCastleFipsProvider());

            // Paths to the certificates
            String rootCertPath = path + "RootCA.crt";

            // Load the certificates
            X509Certificate rootCert = loadCertificate(rootCertPath);
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BCFIPS");

            // Load certificates individually
            X509Certificate leafCert = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "leaf.crt"));
            X509Certificate intermediateCert1 = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "intermediate1.crt"));
            X509Certificate intermediateCert2 = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "intermediate2.crt"));

            // Add certificates to the chain
            List<Certificate> certChain = new ArrayList<>();
            certChain.add(leafCert);
            certChain.add(intermediateCert1);
            certChain.add(intermediateCert2);

            // Load the leaf certificate and its chain
            CertPath certPath = certFactory.generateCertPath(certChain);

            // Set up the trust anchor (root certificate)
            TrustAnchor trustAnchor = new TrustAnchor(rootCert, null);

            System.setProperty("ocsp.responderURL", "http://ocsps.ssl.com");

            // Retrieve and print the property using Properties.getPropertyValue
            String ocspResponderURL = Properties.getPropertyValue("ocsp.responderURL");
            System.out.println("OCSP Responder URL: " + ocspResponderURL);

            // Set up PKIX parameters
            PKIXParameters pkixParams = new PKIXParameters(Collections.singleton(trustAnchor));
            pkixParams.setRevocationEnabled(true);

            // Add PKIXRevocationChecker to perform OCSP checks
            CertPathValidator validator = CertPathValidator.getInstance("PKIX", "BCFIPS");
            PKIXRevocationChecker revocationChecker = (PKIXRevocationChecker) validator.getRevocationChecker();

            // Configure revocation checker to use OCSP/CRL
            revocationChecker.setOptions(EnumSet.of (PKIXRevocationChecker.Option.SOFT_FAIL,
                    PKIXRevocationChecker.Option.ONLY_END_ENTITY));
            pkixParams.addCertPathChecker(revocationChecker);

            // Validate the certification path
            try {
                System.out.println(((PKIXRevocationChecker) validator.getRevocationChecker()).getClass());
                validator.validate(certPath, pkixParams);
                System.out.println("Certificate chain is valid.");
            } catch (CertPathValidatorException e) {
                e.printStackTrace();
                System.err.println("Certificate chain validation failed: " + e.getMessage());
            }

        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    /**
     * Loads a certificate from a file.
     *
     * @param certPath Path to the certificate file.
     * @return The loaded X509Certificate.
     * @throws Exception If an error occurs while loading the certificate.
     */
    private static X509Certificate loadCertificate(String certPath) throws Exception {
        try (FileInputStream fis = new FileInputStream(certPath)) {
            CertificateFactory factory = CertificateFactory.getInstance("X.509");
            return (X509Certificate) factory.generateCertificate(fis);
        }
    }

    private static X509CRL loadCRL(String crlPath) throws Exception {
        try (FileInputStream fis = new FileInputStream(crlPath)) {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BCFIPS");
            return (X509CRL) certFactory.generateCRL(fis);
        }
    }
}

yhuang01 avatar Nov 27 '24 08:11 yhuang01

This the leaf.crt:

-----BEGIN CERTIFICATE----- MIIIXjCCBkagAwIBAgIQJMVkeUx4he0HqG6SEmmbHDANBgkqhkiG9w0BAQsFADBR MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD DB9FbnRydXN0IE9WIFRMUyBJc3N1aW5nIFJTQSBDQSAxMB4XDTI0MTEyMDAxNDIy MloXDTI1MTExOTA4MDAwMFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp Zm9ybmlhMRIwEAYDVQQHDAlTYW4gRGllZ28xHTAbBgNVBAoMFFRlcmFkYXRhIENv cnBvcmF0aW9uMSswKQYDVQQDDCJkbS10ZHZtLXNtcC0xNDM2LmxhYnMudGVyYWRh dGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrc97eSXzx8S JLOQ1MFShNH08fmXpg/QQy4MM2P9aauelBsglFf9CEp6/WEF/Uq2XSADtoJ8L42K F8/R0FltH2OtH/9qJ51SpxyD79qWRITYFGdeWH61jnAv17JkKb7kPGUjyHE/N8pM 4WKvIMPWCX+sBRaYijrzSjm9pQQV0ewtiSz5mNS0nK6VL2tzW1sbjoMXf4bQvAVk yA2YGMsqENQEMwby7fzSuzoQCkYhCJuy2gc/bcxbQkjxnkNa2GEeGPGqAzjVLFuT it7IgKsPBPWxro6XQDGj2W3VZ9pNEP0wD1VDBThXMiSu7GgfEunM8hGOlc7BxgQX /Dy+ofF7RqS5g3XpxeNvKikxq+PIb8FfgqhXylhPFDnA9BZfVuTJfRNt7Y+R7/0b vBIs4oPGN0x26RfpkVHPNqyVaIR7ChC5xjuPg2tQqK9pjmGXCcnAWrA3IqTaW0Ck Io399Ih+oIJ24VIy2sfnIJcBJ3EIHnfBXWAXs1xfhRv8aZJxX8RzBvlwtMdbYLFM ex6If2xGcqIQVeDSAoWbcyvtJaHSncOOYaKCVtZ2OBmSTT/lZrVE9c23CrVM92dU T1NjZuSyF41TkfQb08M6rZc2g/KTdduDxiVZxQhDhKwn/EaljqtMhGbqqIjkvIAY vo+Csh6OmbHhDH3DbhXNsjjfQIwHi78CAwEAAaOCAv4wggL6MAwGA1UdEwEB/wQC MAAwHwYDVR0jBBgwFoAUaA1FyjXC55ob8LOE3dXafwuJwREwaAYIKwYBBQUHAQEE XDBaMDYGCCsGAQUFBzAChipodHRwOi8vY2VydC5zc2wuY29tL0VudHJ1c3QtT1ZU TFMtSS1SMS5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nwcy5zc2wuY29tMC0G A1UdEQQmMCSCImRtLXRkdm0tc21wLTE0MzYubGFicy50ZXJhZGF0YS5jb20wIwYD VR0gBBwwGjAIBgZngQwBAgIwDgYMKwYBBAGCqTABAwECMB0GA1UdJQQWMBQGCCsG AQUFBwMCBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5z c2wuY29tL0VudHJ1c3QtT1ZUTFMtSS1SMS5jcmwwHQYDVR0OBBYEFHU3NqvtEsnU 1BCfMSJpoWg4u50EMA4GA1UdDwEB/wQEAwIFoDCCAX4GCisGAQQB1nkCBAIEggFu BIIBagFoAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTR0VM KAAABAMARzBFAiAMHORZOOsyn4rXza7mPu1OudrS6Myk7iOdb0c/3R6BgQIhAOC6 GH7XU9c9dkmiuRr/TvW+CsShAhp7j84Uhw9JAumHAHYA3dzKNJXX4RYF55Uy+sef +D0cUN/bADoUEnYKLKy7yCoAAAGTR0VMEwAABAMARzBFAiB653sS0NqBKniaqoal qxOAsINJwGIQMTwDeOL0DPNHagIhAPF9Kk/1ktJ3/jfIw3xoggf3gx+LVrJd4ndc izJIy8bSAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGTR0VL 8gAABAMARzBFAiBo1DzKCQKZHopbnqOXV/M5A/8stYvh9cw4JLNPiVfICgIhAOOz 9Ldth08mVt9d61KVZsB+cXzknumz+degPxBqmKb+MA0GCSqGSIb3DQEBCwUAA4IC AQBWyWIGPlu5Hvf+CXGy6/6XlHKvjJ1dfN0ror5pbXWS27KOz1ZCygNu58oAtV46 877KkoxPM7KjiU6m3lkwkr7Nppy6zpcvIcmLSZROV4FwMefRXixihixr/5gAPnmC ElmSUj7SihwppGxk8mtL36PumfRxC3FVEy5BzbIgfPb44R1U3wlvbmoqlUKK0ueF aDYap+PHOYuAxRuyK6+fGKeajfVjaWek16IlGAnZtNtnjm9IgFU+l/mvvs+fzvWG 2FCtak82is0IkDC75F9KaNXs5AVvxNeRYlPQC2oSuqmZJjAqrjt0baZuQtSZjoRG fRc7f82kJZD3VT6kA6wJYI6Fx4oBNv4dxmv4XyJu/X/oHFYve0skEWJhAiHOTsmd 61P80i3x7kGtMpG4L4ahwR/8JC+1W+kgq80UMGm5ZfRzLL1F2oPRppDe9nn4PmmV giUYBPv7mfHn9slqT6asLSyZx5DVPD+H3X0bjPkew0ItHtSrr1RDmsedI/K0/dcb ULvLKm4O7HrdYTAzzB61meZD7BIaw9qSqi9sw0T9wJGHg4RObBgwyYs4sHQW0sxS aYohUFdaHwIJHg1XW9ZfpV+pIWQh3ity1b0AkNa+bOPZNKD+eVsGsYjX/72e6Khq It/mZJZFQnUIqhkKtoJL+unjiOpKoVxdFWw+0pEUNrem8A== -----END CERTIFICATE-----

yhuang01 avatar Nov 27 '24 08:11 yhuang01

The following is intermediate1.crt:

-----BEGIN CERTIFICATE----- MIIGVjCCBD6gAwIBAgIQb+Y+3l/BwDr7bXqFvToVbTANBgkqhkiG9w0BAQsFADBO MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTI0MDgyMjE3NTMzOFoX DTI3MDgyMjE3NTMzN1owUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw b3JhdGlvbjEoMCYGA1UEAwwfRW50cnVzdCBPViBUTFMgSXNzdWluZyBSU0EgQ0Eg MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKCL+NvDMIL3efFuNaQc aYwzFpZQd/B6gkTd0s+Cu5jFu3Iw5qxis7xsRQWf739+ohRm42PYEiH7IjErxQAw +jbLstW7HP7UaTDoYSN/IZ5mG0wHF/QLlAyXsGz9hNPPE31CN8xfA4JFH8jaQftN QJJnRgWKFys3LK/U2YWbOkx4M50XHFsEDkAuwkt11vEzveJkglfd2O9srAhMsz21 YciZed5VQRncdFbY0hh/hbs9n9eRkmg/ItDOmvKbWiljXP7Pigl9mMJWfnqEJaUd tt4FzpiizghGgTwGytDAUH7GxtiLdf3F/Vs5UhRUdEQEnm5Y1OVdjLb3CZpTc3vw XViwO/jG7b64Ancehrrpagbj8yVXGk4Vh8Rj4nf99whmGGP+z9+9T5DXaWTF2xt9 PCbviJaIotT3XO7J2VGZyxnV85us4WVY7/vpCQgUEajsglaFW53UCD3uzuBUR3lW YDWZvd7wiPg5wWhA6DXL//MKVQ0dvUJ03AI+zxUvYCDyhBPOEx9ojRgF7HOvq+wG EvX6kV34e5ZLaeR0Wr8iaUq8Wl9oPB0vxuZdJMT4ewNHjLB6IFJY4cszBQBPmxMx jnRkaDb7B/dlS/I2sjTyxB/n+CwbHbuiwkKqVVQpbYws7cmrkUjLQklqFO1xJrVI Me3bAHHqOZeMfUYCo5gxrPCLAgMBAAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/ AgEAMB8GA1UdIwQYMBaAFPsuN+7jhHonLs0ZNbEzfP/UREK5MEwGCCsGAQUFBwEB BEAwPjA8BggrBgEFBQcwAoYwaHR0cDovL2NlcnQuc3NsLmNvbS9TU0xjb20tVExT LVJvb3QtMjAyMi1SU0EuY2VyMBEGA1UdIAQKMAgwBgYEVR0gADAdBgNVHSUEFjAU BggrBgEFBQcDAgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2Ny bHMuc3NsLmNvbS9TU0xjb20tVExTLVJvb3QtMjAyMi1SU0EuY3JsMB0GA1UdDgQW BBRoDUXKNcLnmhvws4Td1dp/C4nBETAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN AQELBQADggIBABNdeusuCgNkxuATfOU8MHWeX7BYQA77yRx/fdV5rEMOdIRMRH/J Ar7qQ+RH9SY4tqAwkfsKBNhgqZnjzeYOMmOVRTlOQpKJwMwZbX5M1IvuF45EF5BO dwRBIMAqSxLzFV4CAS1LUEptuA6SGMC6thY4TdQoHN1YR5A/tFmPj9ASDxlqE7Wc 7ZkeL1R8NAKNbcYGPEUXAy9NMiIwwnTqJqQSQXAquf8rhOiOfqWoghMU1xUQ4VgO aPPCbHCanTLWLLo6MEcHuVNdYvtTUmxixuTcqU2E+XfzUH0qoOskiwxAXncRaM+H 7diEROecsP9PQFui/ll7QmiEE4goazA72Mvk1IsL7+2gI9BrUgWGxGLOoCcJqvUg Z/8K6N5UJZKXnjOL+tjQVk8qCcF818vuOtOvSAQUeOjSdb1QjaM18Fc62qyclga8 FIxqs4UPJg7ozHrCkPBUXb1MlUu0yf0Y9i8R9woh6S0k4TZGZKKKdxmS7QnF4D6M Rr60DDCwdUKP5dMmqPsWd2qaBxlaS3wacNqjhdt0DbXmEOz18BRiKbRxaZ4sDxn9 O8XngqHUi9j5bulLTfQSqxDXuMwG0WjkqgkJaCujQ1zIZ7sSIcfGzBevRSy1R32Y Wp1i1vr3oWsj+Cw9gr8FPEw/pPcW7GWfoJvpiHVQ99u7+vUqjQQ13ieL -----END CERTIFICATE-----

yhuang01 avatar Nov 27 '24 08:11 yhuang01

The following is intermediate2.crt

-----BEGIN CERTIFICATE----- MIIGrzCCBJegAwIBAgIQMm9k6XA0xvejlGpQo+0E/jANBgkqhkiG9w0BAQsFADCB gjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9u MRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYg Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EgUjIwHhcNMjMxMTA3MTcy NTQ0WhcNMzgxMTAzMTcyNTQzWjBOMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NM IENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAy MDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0KQJck9AiBJhPjUj nu72dM8ve1g9zjwNECiQL5f3jEjYoNglsUywEUwXc1DQIkpju4HTKW7VtQk+Jhh/ shJ/k5i3r/A2v/LuGJ6cO1LFRxlddPNkZtVdx2i0vxscBqO8j0Ajth7GhL1RxBs5 wZXSKexLrnstvzn9tGLelntBxpyg4AZy+/AHlwk5gXSv9zRZEVcKwlvBJPQxczCC xp26Avc+fERfgw3z8d0gaRYJUOLUVbbggHJ2bkxHt3VVWbRTdNmUxkGtWIoxZg8e ohspQE4v33vmFiwt/L/s87T6vhj2m0nU7gVu2TTznPHsAYvRIMYPoLW8F05Ie1HC /OlcaTdHZrNo+BUo8LnTpBXMWk+6UnCjEkXdxrpO+8LQ96hSJ21uebWM/HuMwRZM 7oB/vvB2vkFTEjOuWjhCq9cPPkGNdgcy1auJ9k5n2bFCdSNu881CsvxV9VOHFzvA M1jxUtL5gKTw6PA7izjMpMaQfw+c/YvRo8/ag6dpyVA21VwF0gpBdNtjETfBpaCW Sx6MFhJ3rpQ0ex5/wmYA5KqD6oqQrc42RE3RUem8H/NqBf3AdB8lGUBRbuqCUUDf m7kIKgYC1SMcE9bp29vGsHrLeyeb++DVRiTtEEtjS6UFj7q4HSum+pHiklK97Otn l22aLZ+BMgVnMvtICD/ZJbgEJS8CAwEAAaOCAVIwggFOMA8GA1UdEwEB/wQFMAMB Af8wHwYDVR0jBBgwFoAU+WC71OPVNPa49QaAJadz20ZpqJ4wcgYIKwYBBQUHAQEE ZjBkMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydC5zc2wuY29tL1NTTGNvbS1Sb290 Q0EtRVYtUlNBLTQwOTYtUjIuY2VyMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcHMu c3NsLmNvbTARBgNVHSAECjAIMAYGBFUdIAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG CCsGAQUFBwMBMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmxzLnNzbC5jb20v U1NMY29tLVJvb3RDQS1FVi1SU0EtNDA5Ni1SMi5jcmwwHQYDVR0OBBYEFPsuN+7j hHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOC AgEABww8/EJeCfUTd8APb/yA2G0SfcBZ6tmWD/+XuQwoI81XaDh9w56fSfDJoRjf EFOjdkwyrQj2p/Rah9rfArC8S/DttURF0cWbLfxBdfNyomfO9QtEukNyRgtFYBai wbf/r21fm5ieukFA3/5A0vRxTlVJyrvAEMI+hML/HaeB8bkvXX61qKsN8YyeuZB8 0nS0iwXiM+qzOgr7dtlCvjwZRC+DqbWQreoVyibnXM99sgrb5cgMNQbud7TEZwEZ v+3Mf2Ld2oW38tivJbDAPtWvTovMN3qG5ch/UbGCbhYxZ+rBOKLgPUlBrjMkly8g CzbEYozmo+WuoBDapkJN06qJmIPQNJDyYikK0QztZjRtdlHzHCQKaPifcs2HJ79p IhZ6j1KfoMmEBMyIDZkj3oJ5aNpIDaN6FP95yBVwVrVXis6LmlxWsDsMDO8Xmusp rY80h8OfUwQsRf/noJX9wBeQ3gEgPiZEWXYgd0WMmraJM2ultEcYgNVlYcYFTrZc QxT7ULP/gopAUa1f/V4AJrxVvmHUfU02AnPoE2C9YprR77b9pSkBeyu1GAmLf24P Jzmbxl0TGvfbPennBaBKOFYvaPLTDLZyRkxJRWbZFnfsVz+7a/+HyqOzBo0J5zGE QPxsyeT4xKYKwjTrVyrIyFxfVyiWXZ7ZssN5cHqkX/3At4w= -----END CERTIFICATE-----

yhuang01 avatar Nov 27 '24 08:11 yhuang01

The following is RootCA.crt

-----BEGIN CERTIFICATE----- MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa 4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM 79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz /bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== -----END CERTIFICATE-----

yhuang01 avatar Nov 27 '24 08:11 yhuang01

It appears that this issue is related to https://github.com/bcgit/bc-java/issues/1548, which was fixed in 1.78. But it is not included in bc-fips-2.0.0 distribution.

yhuang01 avatar Dec 02 '24 04:12 yhuang01

Yes, unfortunately this showed up well after submission. It's fixed in the FIPS PQC update which we are working on now.

dghgit avatar Dec 15 '24 05:12 dghgit

FIPS PQC update

Thank you for your response. Do you have an estimated timeline for the next BC-FIPS library release and its certification?

yhuang01 avatar Dec 15 '24 05:12 yhuang01

This is also fixed in BC-FJA 2.0.1 which should be appearing next week.

dghgit avatar Aug 16 '25 10:08 dghgit