I'm working on a project where the BouncyCastle Crypto package (non-FIPS) is a dependency of some other 3rd party library. My task is to integrate the BouncyCastle FIPS library to use in our own code. However, the documentation (BC FIPS in 100 mini-book) at https://www.bouncycastle.org/fips-java/BCFipsIn100.pdf, page 11 says:
The provider jar itself has no external dependencies, but it cannot be used in the same JVM as the regular Bouncy Castle provider. The classes in the two jar files do not get along.
I searched for more info on this but didn't really find anything useful.
I've also checked https://github.com/bcgit/bc-java/issues/714, and SpongyCastle is not suitable for our use-case.
My project seems to be working so far with both the FIPS (bc-fips-1.0.2.3.jar) and non-FIPS (bcprov-jdk15on-1.64.jar) jars being present.
So my question is, what exactly should I expect to go wrong if both the FIPS and non-FIPS jars are present in the project?
Note that my project doesn't need to be FIPS compliant per se, just has to provide the user an option to use FIPS compliant cryptography.
