VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ27251

⇱ IJ27251: SUPPORT DELAYED JCE PROVIDER SELECTION FOR RSAPSS AND OTHER CHANGES

IJ27251: SUPPORT DELAYED JCE PROVIDER SELECTION FOR RSAPSS AND OTHER CHANGES

APAR status

  • Closed as program error.

Error description

  • Error Message: An internal test program failed with a
NullPointerException when the following API was invoked with
NULL PSSParameterSpec value.
SharedSecrets.getJavaSecuritySignatureAccess().initSign(sig,
rsaKeyPair.getPrivate(), pssParameterSpec, null).
.
Stack Trace: java.lang.NullPointerException
 at
com.ibm.crypto.provider.RSAPSSSignature.encodeSignature(Unknown
Source)
 at
com.ibm.crypto.provider.RSAPSSSignature.engineSign(Unknown
Source)
 at
java.security.Signature$Delegate.engineSign(Signature.java:1382)
 at java.security.Signature.sign(Signature.java:698)
 at TestRSAPSS2.doSignature(TestRSAPSS2.java:3367)
 at TestRSAPSS2.testRSAPSS(TestRSAPSS2.java:634)
 at TestRSAPSS2.main(TestRSAPSS2.java:65)
java.lang.NullPointerException
 at
com.ibm.crypto.provider.RSAPSSSignature.encodeSignature(Unknown
Source)
 at
com.ibm.crypto.provider.RSAPSSSignature.engineSign(Unknown
Source)
 at
java.security.Signature$Delegate.engineSign(Signature.java:1382)
 at java.security.Signature.sign(Signature.java:698)
.

Local fix



Problem summary


    

  • Support delayed JCE provider selection for RSAPSS and other
changes



Problem conclusion


    

  • The JVM and the RSAPSS Signature was fixed to support delayed
JCE provider selection and calling with null PSSParameterSpec.
SharedSecrets.getJavaSecuritySignatureAccess().initSign(sig,
rsaKeyPair.getPrivate(), pssParameterSpec, null).
SharedSecrets.getJavaSecuritySignatureAccess().initVerify(sig,
rsaKeyPair.getPublic(), pssParameterSpec.
RSAPSS Signature was fixed not to allow mixing of SHA-512 and
SHA-512/224 or SHA512/256 truncated digests. The same digest
must be specified both for MGF1 ParameterSpec and
RSAPSSSIgnature.
The associated Hursley RTC Problem Report is 144147
The associated Austin GitHub tasks: 76, 79
Austin Build Levels: build_20200821-346
File affected: ibmjceprovider.jar
JVMs affected Java 8.0
The fix was delivered for Java 8.0 SR6, FP25
.
This APAR will be fixed in the following Java Releases:
 8 SR6 FP25 (8.0.6.25)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ27251
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-08-24
    • 

  • Closed date
    2020-08-24
    • 

  • Last modified date
    2020-11-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 24 November 2020