Forum: JRuby OpenSSL: no such provider: BC

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Simon S. (Guest)
on 2009-01-26 23:21
(Received via mailing list)
I am trying to use openssl cryptography. The program works fine in MRI
but fails under jruby. I think I am doing everything right, but it still
doesn;t work.

The application includes a file called  bouncycastle.rb and then tries
to use the encryption.

The require

[code]
 if RUBY_PLATFORM =~ /java/ then
    require 'bouncycastle'
end
[/code]

the bouncycastle.rb

[code]
require 'java'

java.security.Security.addProvider(org.bouncycastle.jce.provider.BouncyCastleProvider().new)

providers = java.security.Security.getProviders()

providers.each do |p|
    puts(p.getName())
end
[/code]

Program output

[code]
SUN
SunRsaSign
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
SunPCSC
SunMSCAPI
BC
java.lang.RuntimeException: java.security.NoSuchProviderException: no
such provider: BC
        at
org.bouncycastle.jce.provider.JCEBlockCipher.engineGetParameters(Unknown
Source)
        at javax.crypto.Cipher.a(DashoA13*..)
        at javax.crypto.Cipher.init(DashoA13*..)
        at javax.crypto.Cipher.init(DashoA13*..)
        at org.jruby.ext.openssl.Cipher.doInitialize(Cipher.java:531)
        at org.jruby.ext.openssl.Cipher._final(Cipher.java:608)
        at
org.jruby.ext.openssl.Cipher$i_method_0_0$RUBYINVOKER$_final.call(org/jruby/ext/openssl/Cipher$i_method_0_0$RUBYINVOKER$_final.gen)
        at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:260)
        at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:75)
        at org.jruby.ast.CallNoArgNode.interpret(CallNoArgNode.java:61)
        at
org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57)
        at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:101)
        at org.jruby.ast.BlockNode.interpret(BlockNode.java:68)
        at
org.jruby.internal.runtime.methods.DefaultMethod.interpretedCall(DefaultMethod.java:165)
        at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:142)
        at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:297)
        at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:300)
        at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:157)
        at
org.jruby.ast.FCallTwoArgNode.interpret(FCallTwoArgNode.java:38)
        at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:101)
        at org.jruby.ast.BlockNode.interpret(BlockNode.java:68)
        at
org.jruby.internal.runtime.methods.DefaultMethod.interpretedCall(DefaultMethod.java:165)
        at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:142)
        at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:255)
        at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:280)
        at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:116)
        at init.__file__(init.rb:10)
        at init.__file__(init.rb)
        at init.load(init.rb)
        at org.jruby.Ruby.runScript(Ruby.java:560)
        at org.jruby.Ruby.runNormally(Ruby.java:463)
        at org.jruby.Ruby.runFromMain(Ruby.java:337)
        at org.jruby.Main.run(Main.java:214)
        at org.jruby.Main.run(Main.java:100)
        at org.jruby.Main.main(Main.java:84)
crypto.rb:63:in `aes': No message available
(OpenSSL::Cipher::CipherError)
        from crypto.rb:24:in `decrypt_aes'
        from init.rb:10
[/code]

My classpath is : CLASSPATH=.;C:\Program
Files\Java\jre1.5.0_05\lib\ext\QTJava.zip;C:\Code\jruby\jruby-1.1.5\lib\jruby.jar;C:\Code\jruby\jruby-1.1.5\lib\bcprov-jdk14-141.jar;


the application fails in this function

[code]
def aes(mode,str)
        crypt = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
        crypt.iv = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
        crypt.send(mode)
        crypt.key = key_hash(key, 16)
        crypt.update(str) << crypt.final
    end
[/code]

the key_hash function returns a fixed 16 character key string, nothing
complicated. mode is :encrypt or :decrypt


Any idea what I might be doing wrong?





---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Charles Oliver N. (Guest)
on 2009-01-27 16:57
(Received via mailing list)
Simon S. wrote:
> [/code]
>
> the key_hash function returns a fixed 16 character key string, nothing complicated. mode 
is :encrypt or :decrypt

Which line does it fail on? We would want to look at that method in
JRuby-OpenSSL and see if we're not properly registering BC.

The tricky bit of jossl + bc is that we tend to be registering and
unregistering BC a lot before and after certain operations. The reasons
for this are complex, but basically having a deployed application in a
server register its own security provider led to it being difficult or
impossible to deploy. So my guess is that there's a method used by your
script where we're not properly registering BC before performing some
action.

Can you narrow it down to a simple case and post a bug please?

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Simon S. (Guest)
on 2009-01-27 17:30
(Received via mailing list)
Attachment: ruby.zip (0 Bytes)
I'm unsure how to go about posting a bug, but I am attaching the whole
test program (with a dummy key) and the results from my machine which
should make it easily repeatable.

A second thing I forgot to mention is that I tried adding the security
provider to the java.security file instead of using the addProvider and
I get exactly the same results.

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider


The preferred method is to not have to change the security file though
as not all of our users/admins will have this access.

Thanks,

Simon


----- Original Message ----
From: Charles Oliver N. <removed_email_address@domain.invalid>
To: removed_email_address@domain.invalid
Sent: Tuesday, 27 January, 2009 8:56:39
Subject: Re: [jruby-user] OpenSSL: no such provider: BC

Simon S. wrote:
>
> the key_hash function returns a fixed 16 character key string, nothing complicated. mode 
is :encrypt or :decrypt

Which line does it fail on? We would want to look at that method in
JRuby-OpenSSL and see if we're not properly registering BC.

The tricky bit of jossl + bc is that we tend to be registering and
unregistering BC a lot before and after certain operations. The reasons
for this are complex, but basically having a deployed application in a
server register its own security provider led to it being difficult or
impossible to deploy. So my guess is that there's a method used by your
script where we're not properly registering BC before performing some
action.

Can you narrow it down to a simple case and post a bug please?

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

  http://xircles.codehaus.org/manage_email
Charles Oliver N. (Guest)
on 2009-01-27 18:49
(Received via mailing list)
You can file bugs here: http://jira.codehaus.org/browse/JRUBY. Just
create an account if you don't already have one.

I agree we should't have to modify the policy file. The unfortunate
situation is that Java's crypto stuff in some cases only works with
registered providers, which is why we try to selectively register and
unregister BC. It's a stupid, stupid design flaw in Java crypto, and if
we had an army of hackers we would probably try to get it fixed.

Go ahead and file the bug and do any exploration/research you can. We
have no real crypto experts on hand at the moment, but I think together
we can figure it out.

- Charlie

Simon S. wrote:
>
>> the application fails in this function
>> the key_hash function returns a fixed 16 character key string, nothing complicated. 
mode is :encrypt or :decrypt
>   http://xircles.codehaus.org/manage_email
>     http://xircles.codehaus.org/manage_email
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Simon S. (Guest)
on 2009-01-28 00:32
(Received via mailing list)
Thanks, bug report has been added. I have attached the script to
demonstrate the issue.





---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
This topic is locked and can not be replied to.