You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
11:31:40,980 INFO [app] 11:31:39,754 HTTP Request to /q/webauthn/register failed, error id: fca3b38c-d42c-4b73-8248-28a5070e0afc-1: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
11:31:40,980 INFO [app] at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
11:31:40,980 INFO [app] at io.vertx.mysqlclient.impl.util.RsaPublicKeyEncryptor.encrypt(RsaPublicKeyEncryptor.java:59)
11:31:40,980 INFO [app] at io.vertx.mysqlclient.impl.util.RsaPublicKeyEncryptor.encrypt(RsaPublicKeyEncryptor.java:34)
11:31:40,980 INFO [app] at io.vertx.mysqlclient.impl.codec.AuthenticationCommandBaseCodec.sendEncryptedPasswordWithServerRsaPublicKey(AuthenticationCommandBaseCodec.java:87)
11:31:40,980 INFO [app] at io.vertx.mysqlclient.impl.codec.AuthenticationCommandBaseCodec.handleAuthMoreData(AuthenticationCommandBaseCodec.java:46)
11:31:40,981 INFO [app] at io.vertx.mysqlclient.impl.codec.InitialHandshakeCommandCodec.handleAuthentication(InitialHandshakeCommandCodec.java:179)
11:31:40,981 INFO [app] at io.vertx.mysqlclient.impl.codec.InitialHandshakeCommandCodec.decodePayload(InitialHandshakeCommandCodec.java:63)
11:31:40,981 INFO [app] at io.vertx.mysqlclient.impl.codec.MySQLDecoder.decodePackets(MySQLDecoder.java:69)
11:31:40,981 INFO [app] at io.vertx.mysqlclient.impl.codec.MySQLDecoder.channelRead(MySQLDecoder.java:45)
11:31:40,981 INFO [app] at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
11:31:40,981 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
11:31:40,981 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,981 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
11:31:40,981 INFO [app] at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
11:31:40,982 INFO [app] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318)
11:31:40,982 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
11:31:40,982 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,982 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
11:31:40,982 INFO [app] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
11:31:40,982 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
11:31:40,982 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,982 INFO [app] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
11:31:40,982 INFO [app] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
11:31:40,983 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
11:31:40,983 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
11:31:40,983 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
11:31:40,983 INFO [app] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
11:31:40,983 INFO [app] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
11:31:40,983 INFO [app] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
11:31:40,983 INFO [app] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
11:31:40,983 INFO [app] at java.base/java.lang.Thread.run(Thread.java:840)
11:31:40,984 INFO [app] Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA-1AndMGF1Padding
11:31:40,984 INFO [app] at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
11:31:40,984 INFO [app] at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
11:31:40,984 INFO [app] at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
11:31:40,984 INFO [app] ... 30 more
11:31:40,984 INFO [app] 11:31:39,917 HTTP Request to /q/webauthn/register failed, error id: fca3b38c-d42c-4b73-8248-28a5070e0afc-2: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
11:31:40,984 INFO [app] at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
11:31:40,984 INFO [app] at io.vertx.mysqlclient.impl.util.RsaPublicKeyEncryptor.encrypt(RsaPublicKeyEncryptor.java:59)
11:31:40,984 INFO [app] at io.vertx.mysqlclient.impl.util.RsaPublicKeyEncryptor.encrypt(RsaPublicKeyEncryptor.java:34)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.AuthenticationCommandBaseCodec.sendEncryptedPasswordWithServerRsaPublicKey(AuthenticationCommandBaseCodec.java:87)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.AuthenticationCommandBaseCodec.handleAuthMoreData(AuthenticationCommandBaseCodec.java:46)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.InitialHandshakeCommandCodec.handleAuthentication(InitialHandshakeCommandCodec.java:179)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.InitialHandshakeCommandCodec.decodePayload(InitialHandshakeCommandCodec.java:63)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.MySQLDecoder.decodePackets(MySQLDecoder.java:69)
11:31:40,985 INFO [app] at io.vertx.mysqlclient.impl.codec.MySQLDecoder.channelRead(MySQLDecoder.java:45)
11:31:40,985 INFO [app] at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
11:31:40,985 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
11:31:40,985 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
11:31:40,986 INFO [app] at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
11:31:40,986 INFO [app] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
11:31:40,986 INFO [app] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
11:31:40,986 INFO [app] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
11:31:40,986 INFO [app] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
11:31:40,987 INFO [app] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
11:31:40,987 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
11:31:40,987 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
11:31:40,987 INFO [app] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
11:31:40,987 INFO [app] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
11:31:40,987 INFO [app] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
11:31:40,987 INFO [app] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
11:31:40,987 INFO [app] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
11:31:40,988 INFO [app] at java.base/java.lang.Thread.run(Thread.java:840)
11:31:40,988 INFO [app] Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA-1AndMGF1Padding
11:31:40,988 INFO [app] at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
11:31:40,988 INFO [app] at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
11:31:40,988 INFO [app] at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
11:31:40,988 INFO [app] ... 30 more
Version
Vert.X 4.5.7.
Context
I'd expect that if the cipher has to be hardcoded, the default cipher is such that I can actually use in FIPS-enabled environment. with the RH OpenJDK without doing any extra work and have it working. For example RSA/ECB/PKCS1Padding could be used.
@michalvavrik I've checked what the MySQL Connector for Java does for caching sha-2 authentication and it seems to use the same cipher.
Have you bean able to create a working setup with Quarkus + MySQL JDBC driver with fips mode enabled? In this case, can you help me do the same or get access to such an environment? I'd like to debug what the driver does in this case. Thanks
@michalvavrik I've checked what the MySQL Connector for Java does for caching sha-2 authentication and it seems to use the same cipher.
Have you bean able to create a working setup with Quarkus + MySQL JDBC driver with fips mode enabled? In this case, can you help me do the same or get access to such an environment? I'd like to debug what the driver does in this case. Thanks
Questions
I am having trouble to use MySQL client in FIPS-enabled environment as
RSA/ECB/OAEPWithSHA-1AndMGF1Padding
set in the https://github.com/eclipse-vertx/vertx-sql-client/blob/master/vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/util/RsaPublicKeyEncryptor.java#L59 is in OpenJDK provided bySunJCE
provider in non-FIPS mode. But the provier is not present by default in FIPS-enabled env.Version
Vert.X 4.5.7.
Context
I'd expect that if the cipher has to be hardcoded, the default cipher is such that I can actually use in FIPS-enabled environment. with the RH OpenJDK without doing any extra work and have it working. For example
RSA/ECB/PKCS1Padding
could be used.Do you have a reproducer?
Yes. Run it in FIPS-enabled environment.
Steps to reproduce
git clone git@github.com:michalvavrik/quarkus-test-suite.git
cd quarkus-test-suite/security/webauthn
git checkout feature/fix-webauth-fips
mvn clean verify -Dreruns=0
(if you don't have Quarkus 999-SNAPSHOT I guess you can also use-Dquarkus.platform.version=3.9.4
or some other version)Extra
registry.access.redhat.com/rhscl/mysql-80-rhel7
The text was updated successfully, but these errors were encountered: