[jira] [Created] (SSHD-1184) SSDH crashes if it can not regiser EdDSA

Thu, 24 Jun 2021 04:06:06 -0700 

James Nord created SSHD-1184:
--------------------------------

             Summary: SSDH crashes if it can not regiser EdDSA
                 Key: SSHD-1184
                 URL: https://issues.apache.org/jira/browse/SSHD-1184
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.5.1
            Reporter: James Nord


[SecurityUtil.isEDDSACurveSupported()|https://github.com/apache/mina-sshd/blob/0eb40a4e162dddb0a38bafa12713856ad7ce1ce0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java]
 Attempts to register dynamically the EdDSA provider.

Whilst this is generally OK in a FIPS compliant environment registering 
Providers may be restricted by a SecurityManager to prevent code registiner a 
non compliant provider.

If the provider can not be registered due to a {{SecurityException}} then the 
code should just treat this as {{false}}


{noformat}
java.lang.RuntimeException: Failed to register EdDSA as a JCE provider
        at 
org.apache.sshd.common.util.security.SecurityUtils.registerSecurityProvider(SecurityUtils.java:458)
        at 
org.apache.sshd.common.util.security.SecurityUtils.register(SecurityUtils.java:412)
        at 
org.apache.sshd.common.util.security.SecurityUtils.isEDDSACurveSupported(SecurityUtils.java:529)
        at 
org.apache.sshd.common.signature.BuiltinSignatures$6.isSupported(BuiltinSignatures.java:103)
        at 
org.apache.sshd.common.NamedFactory.lambda$setUpBuiltinFactories$1(NamedFactory.java:63)
        at 
java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
        at 
java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
        at 
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
        at 
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at 
java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
        at 
org.apache.sshd.common.NamedFactory.setUpBuiltinFactories(NamedFactory.java:64)
        at 
org.apache.sshd.common.BaseBuilder.setUpDefaultSignatures(BaseBuilder.java:339)
        at 
org.apache.sshd.common.BaseBuilder.fillWithDefaultValues(BaseBuilder.java:159)
        at 
org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:102)
        at 
org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:53)
        at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:265)
        at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:137)
        at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:53)
        at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:288)
        at 
org.apache.sshd.server.SshServer.setUpDefaultServer(SshServer.java:412)
...
Caused by: java.lang.SecurityException: Registration of new security Providers 
is not supported when running in FIPS compliance mode
...{noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to