FIPS: errors with using JENT as suggested in BC-FJA-UserGuide-2.0.0.pdf #2187
Unanswered
Raveena1318
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We have an application built on top of tomcat, Updated to make it FIPS compliant. In java.security file bcfips, bcjsse providers are set as 1st and 2nd priority in java.security file.
jdk version : JDK 17.0.3+7
Tomcat: 10.1.44
jars for fips : bcfips-2.0.1, bctls-fips-2.0.20, bcutil-fips-2.0.3 and bcpkix-fips-2.0.8 jars.
platform: Linux oe-tf-1-O6SO62 4.18.0-553.66.1.el8_10.x86_64 #1 SMP Fri Aug 8 17:25:17 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
As suggested in 2.3.1 Additional Entropy Resources.
with starting application, we see below errors:
Provider: SecureRandom.null algorithm from: BCFHEP
Oct 24, 2025 7:29:25 AM org.bouncycastle.entropy.provider.BouncyCastleEntropyProvider$RngService newInstance
WARNING: unable to invoke JENT RNG
Provider: SecureRandom.ENTROPY algorithm from: BCRNG
25-10-24T07:29:25.730-04:00 ERROR [Catalina-utility-1] o.a.c.c.StandardContext - The session manager failed to start
org.apache.catalina.LifecycleException: Failed to start component [org.apache.catalina.util.StandardSessionIdGenerator@1e90ea39]
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:406)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:179)
at org.apache.catalina.session.ManagerBase.startInternal(ManagerBase.java:660)
at org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:341)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4491)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:599)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:571)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:654)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1126)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1925)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1037)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:422)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1621)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:303)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:109)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:389)
at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:336)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:776)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:772)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1203)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1193)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Unable to invoke creator for DEFAULT: JENT RNG failed
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:300)
at java.base/java.security.SecureRandom.(SecureRandom.java:225)
at org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom(SessionIdGeneratorBase.java:242)
at org.apache.catalina.util.SessionIdGeneratorBase.getRandomBytes(SessionIdGeneratorBase.java:186)
at org.apache.catalina.util.StandardSessionIdGenerator.generateSessionId(StandardSessionIdGenerator.java:34)
at org.apache.catalina.util.SessionIdGeneratorBase.generateSessionId(SessionIdGeneratorBase.java:178)
at org.apache.catalina.util.SessionIdGeneratorBase.startInternal(SessionIdGeneratorBase.java:265)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
... 32 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: Unable to invoke creator for DEFAULT: JENT RNG failed
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:296)
... 39 common frames omitted
Caused by: org.bouncycastle.entropy.provider.EntropyProviderOperationException: JENT RNG failed
at [email protected]/org.bouncycastle.entropy.provider.FailedRNG.engineGenerateSeed(Unknown Source)
at java.base/java.security.SecureRandom.generateSeed(SecureRandom.java:867)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$HybridSecureRandom.(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultEntropySource(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$1.get(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.crypto.CryptoServicesRegistrar.getSecureRandomIfSet(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(ProvRandom.java:28)
... 41 common frames omitted
2025-10-24T07:29:25.731-04:00 ERROR [Catalina-utility-1] o.a.c.c.StandardContext - Context [] startup failed due to previous errors
2025-10-24T07:29:25.830-04:00 ERROR [main] o.a.c.u.LifecycleBase - Failed to start component [Connector["https-jsse-nio-8811"]]
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1106)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:425)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:870)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:164)
at org.apache.catalina.startup.Catalina.start(Catalina.java:761)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
Caused by: java.lang.IllegalStateException: unable to create JcaTlsCrypto: Unable to invoke creator for DEFAULT: JENT RNG failed
at org.bouncycastle.fips.tls/org.bouncycastle.tls.crypto.impl.jcajce.Exceptions.illegalStateException(Exceptions.java:10)
at org.bouncycastle.fips.tls/org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider.create(JcaTlsCryptoProvider.java:82)
at org.bouncycastle.fips.tls/org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(ProvSSLContextSpi.java:631)
at java.base/javax.net.ssl.SSLContext.init(SSLContext.java:314)
at org.apache.tomcat.util.net.jsse.JSSESSLContext.init(JSSESSLContext.java:52)
at org.apache.tomcat.util.net.jsse.JSSEUtil.initialise(JSSEUtil.java:105)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getImplementedProtocols(JSSEUtil.java:73)
at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:97)
at org.apache.tomcat.util.net.jsse.JSSEUtil.(JSSEUtil.java:61)
at org.apache.tomcat.util.net.jsse.JSSEUtil.(JSSEUtil.java:56)
at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(JSSEImplementation.java:52)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:88)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:70)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:226)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1399)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1482)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:644)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1103)
... 12 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: Unable to invoke creator for DEFAULT: JENT RNG failed
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.base/java.security.SecureRandom.getInstance(SecureRandom.java:475)
at org.bouncycastle.fips.tls/org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider.create(JcaTlsCryptoProvider.java:74)
... 28 common frames omitted
Caused by: org.bouncycastle.entropy.provider.EntropyProviderOperationException: JENT RNG failed
at [email protected]/org.bouncycastle.entropy.provider.FailedRNG.engineGenerateSeed(Unknown Source)
at java.base/java.security.SecureRandom.generateSeed(SecureRandom.java:867)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$HybridSecureRandom.(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultEntropySource(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$1.get(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.crypto.CryptoServicesRegistrar.getSecureRandomIfSet(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(ProvRandom.java:28)
... 33 common frames omitted
NOTE: Application starts fine when updated back to securerandom.strongAlgorithms=NativePRNGBlocking:SUN,DRBG:SUN
Observed similar issues already posted but expecting it to be working currently as it's mentioned in BC-FJA-UserGuide-2.0.0.pdf
Beta Was this translation helpful? Give feedback.
All reactions