Skip to content

FIPS HmacSHA512 with small key #2288

Open
Open
FIPS HmacSHA512 with small key#2288
@tomjshore

Description

@tomjshore
tomjshore
opened on Apr 24, 2026

Hello I'm not sure if this a bug or not. But it feels like something the should be investigated.

The second test in the following test case fails. This is because when doing Mac.getInstance(HMAC_SHA_512) it makes an Mac object with no spi. So when doing mac.init(SMALL_KEY) It will check if there is a spi if there is not it will iterate over all the providers of Mac which does not throw an exception when doing engineInit

So ideally to fix this when doing Mac.getInstance(HMAC_SHA_512) it would populate the spi.

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.Security;

import static org.junit.jupiter.api.Assertions.assertThrows;

class MacTest
{
    private static final String HMAC_SHA_512 = "HmacSHA512";
    private static final Key SMALL_KEY = new SecretKeySpec("0".getBytes(), HMAC_SHA_512);

    @BeforeAll
    static void setup() {
        System.setProperty("org.bouncycastle.fips.approved_only", "true");
        Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
    }

    @Test
    void testMacWithBCFIPSProvider() throws Exception {
        Mac mac = Mac.getInstance(HMAC_SHA_512, "BCFIPS");
        assertThrows(Exception.class, () -> mac.init(SMALL_KEY));
    }

    @Test
    void testMacWithDefaultProvider() throws Exception {
        Mac mac = Mac.getInstance(HMAC_SHA_512);
        assertThrows(Exception.class, () -> mac.init(SMALL_KEY));
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.fips.fipsmac</groupId>
  <artifactId>FipsMac</artifactId>
  <version>1.0-SNAPSHOT</version>

  <properties>
    <maven.compiler.source>21</maven.compiler.source>
    <maven.compiler.target>21</maven.compiler.target>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  </properties>

  <dependencies>
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bctls-fips</artifactId>
      <version>2.1.23</version>
    </dependency>

    <dependency>
      <groupId>org.junit.jupiter</groupId>
      <artifactId>junit-jupiter</artifactId>
      <version>5.11.4</version>
      <scope>test</scope>
    </dependency>

  </dependencies>

</project>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions