Skip to content

GH-856: Fix using BC-FIPS #857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tomaswolf merged 1 commit into from
Dec 4, 2025
Merged

GH-856: Fix using BC-FIPS #857

tomaswolf merged 1 commit into from
Dec 4, 2025
+263 −19

Conversation

@tomaswolf
Copy link
Member

@tomaswolf tomaswolf commented Dec 3, 2025

BC-FIPS is quite different from normal BC when it comes to ed25519 keys. FIPS 140-3 includes ed25519. (140-2 didn't.)

Back-port generic ed25519 operations from the 3.0.0 milestone branch and use them to get raw key bytes, or to construct keys from raw bytes. This avoids the need to use BC-specific classes that differ between BC-FIPS and normal BC.

Add a test run that executes a test using BC-FIPS instead of plain BC. The test exercises all kinds of public key types.

Fixes #856.

@tomaswolf
apacheGH-856: Fix using BC-FIPS
1ef64dc 
BC-FIPS is quite different from normal BC when it comes to ed25519 keys.
FIPS 140-3 includes ed25519. (140-2 didn't.)

Back-port generic ed25519 operations from the 3.0.0 milestone branch and
use them to get raw key bytes, or to construct keys from raw bytes. This
avoids the need to use BC-specific classes that differ between BC-FIPS
and normal BC.

Add a test run that executes a test using BC-FIPS instead of plain BC.
The test exercises all kinds of public key types.
@tomaswolf tomaswolf merged commit 1ef64dc into apache:master Dec 4, 2025
7 checks passed
@tomaswolf tomaswolf deleted the gh-856 branch December 4, 2025 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bouncy Castle Fips provider 2.0.0 usage with Apache Mina SSHD :: SCP » 2.15.0 can cause class not found exception for Ed25519 support

1 participant

@tomaswolf