BouncycastleProvider throws java.lang.NoSuchFieldError: id_hmacWithSHA3_224

Question

I am learning Bouncycastle and facing some problems. Is it possible to combine multiple security provider, such as I have modified my java.security like:

security.provider.11=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.12=org.bouncycastle.jce.provider.BouncyCastleProvider 
security.provider.13=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider

Then in my server side I have written:

...    
SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance(
                "PKIX", "BCJSSE");
keyMgrFact.init(Utils.createServerKeyStore(), Utils.SERVER_PASSWORD);
...

It will throw an error in:

public static KeyPair generateRootKeyPair()
            throws Exception {

        KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
        return new KeyPair(
                kFact.generatePublic(new X509EncodedKeySpec(rootPublicKey)),
                kFact.generatePrivate(new PKCS8EncodedKeySpec(rootPrivateKey)));
    }

Error msg:

Exception in thread "main" java.lang.NoSuchFieldError: id_hmacWithSHA3_224
    at org.bouncycastle.jcajce.provider.digest.SHA3$Mappings.configure(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
    at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at java.lang.Class.newInstance(Class.java:442)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
    at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
    at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
    at sun.security.jca.GetInstance.getService(GetInstance.java:81)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
    at java.security.KeyFactory.getInstance(KeyFactory.java:211)
    at Utils.generateRootKeyPair(Utils.java:103)
    at Utils.createRootCredential(Utils.java:199)
    at Utils.createServerKeyStore(Utils.java:273)
    at TLSServerExample.main(TLSServerExample.java:19)

I have researched it for couples of days, I thought the reason for this problem is there is some collisions between packages:

bc-fips-1.0.0
bcprov-jdk15on-158.jar
bctls-fips-1.0.2.jar

How to fix that? Thx in advancee!

I am having the exact same problem. were you able to find a solution for this? — Nawar Khoury, Sep 10 '18 at 11:16

score 2 · Answer 1 · answered Jan 03 '19 at 21:05

It is mostly because when your application is starting up, the old version of bouncy castle classes are loaded based on the class loading sequence in java.

You can check from which jar bouncy castle classes are loading by adding -verbose:class to command line as mentioned in https://stackoverflow.com/a/6686792 when you start your app. It will print a lot of lines so you will have to search for terms like bcp, com.bouncycastle etc.

For me, it was because of bouncy castle related jars were present in java lib directory (/path/to/java/jdk/jre/lib/ext/). Go to /path/to/java/jdk/jre/ and run below command on terminal if you are using linux.

find . -type f -name "*.jar*" | grep bcp

which will tell us if bouncy castle jars are present or not. If present you will see below output

./lib/ext/bcprov-jdk15on-1.50.jar

You can either upgrade it or remove it (if it does not affect your/other services on the same box)

score 0 · Answer 2 · answered Jan 04 '18 at 08:05

0

I was getting similar error with bouncycastle, my case was mismatch or its version

answered Jan 04 '18 at 08:05

niraj.nijju

616
1
8
17

Can you expand on your root cause? I'm getting a similar problem, I'm trying to use these two dependencies: ` org.bouncycastle bcprov-jdk15on 1.58 org.bouncycastle bcpkix-jdk15on 1.58 ` But I haven't been able to instantiate BouncyCastle: ` Security.addProvider(new BouncyCastleProvider()); ` It just cannot instantiate it and fails with java.lang.NoSuchFieldError: id_hmacWithSHA3_224 – Jose Cifuentes Feb 08 '18 at 00:30

BouncycastleProvider throws java.lang.NoSuchFieldError: id_hmacWithSHA3_224

2 Answers2