java.lang.StackOverflowError after upgrading bc-fips from 1.0.2.5 to 2.0.0

[RaghuramEttaboina]

We recently upgraded our bc-fips jar from 1.0.2.5 to 2.0.0 after that we are facing below issue on starting of tomcat server or when I ran command "java -cp bc-fips-2.0.0.jar org.bouncycastle.util.DumpInfo" :
Exception in thread "main" java.lang.StackOverflowError
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getCoreSecureRandom(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.access$900(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultEntropySource(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$1.get(Unknown Source)
at org.bouncycastle.crypto.CryptoServicesRegistrar.getSecureRandomIfSet(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
at org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(ProvRandom.java:28)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:296)
at java.base/java.security.SecureRandom.(SecureRandom.java:225)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getCoreSecureRandom(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.access$900(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultEntropySource(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$1.get(Unknown Source)
at org.bouncycastle.crypto.CryptoServicesRegistrar.getSecureRandomIfSet(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
at org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(ProvRandom.java:28)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:296)
at java.base/java.security.SecureRandom.(SecureRandom.java:225)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$3.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)

We are trying this in a Redhat VM and below is the FIPS provider order :
fips.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
fips.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
fips.provider.3=sun.security.provider.SUN
fips.provider.4=XMLDSig

I tried solutions provided in #1800 but didn't help.

Any quick support will be appreciated.

[dghgit]

You could try -Djava.security.debug=provider and see what it tells you. My guess is it will tell you the securerandom.strongAlgorithms isn't pointing at anything that exists. With the Redhat VM, from memory I think they do do something a bit weird with the SecureRandom settings in FIPS mode, I'd check to see what the valid hardware RNG is for the VM as well.