VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ28335

⇱ IJ28335: JAVA 8 IBMPKCS11IMPL PROVIDER UPDATES FOR SHA-512/256 AND SHA-512/224

IJ28335: JAVA 8 IBMPKCS11IMPL PROVIDER UPDATES FOR SHA-512/256 AND SHA-512/224

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: N/A
.
N/A

Local fix

  • N/A

Problem summary

  • The IBMPKCS11Impl provider cannot process requests for
SHA-512/256 or SHA-512/224 message digests. Therefore, it must
be modified to ensure that these requests are handled
appropriately when received.
Calls to the IBMPKCS11Impl provider which could potentially
utilize these digests include:
- SHA-512/256 or SHA-512/224 message digests
- SHA-512/256withRSA and SHA-512/224withRSA signatures
- RSA//OAEP cipher calls where the OAEP parameters carry
 SHA-512/256 or SHA-512/224 message digests, or
 SHA-512/256 or SHA-512/224 MGF1ParameterSpec's, or both.
- RSAPSS signature calls where the PSSParameters carry
 SHA-512/256 or SHA-512/224 message digests, or
 SHA-512/256 or SHA-512/224 MGF1ParameterSpec's, or both.

Problem conclusion

  • SHA-512/256 and SHA-512/224 message digests are already handled
correctly by the IBMPKCS11Impl provider because service
definitions do not exist for them.
Similarly, SHA-512/256withRSA and SHA-512/224withRSA signatures
are already handled correctly by the IBMPKCS11Impl provider
because service definitions do not exist for them.

Defensive logic has been added to IBMPKCS11Impl code that
processes RSA//OAEP ciphers. An appropriate exception will be
thrown if the OAEP parameters carry
SHA-512/256 or SHA-512/224 message digests, or SHA-512/256 or
SHA-512/224 MGF1ParameterSpec's, or both.
Defensive logic has been added to IBMPKCS11Impl code that
processes RSAPSS signatures. An appropriate exception will be
thrown if the PSSParameters carry SHA-512/256 or SHA-512/224
message digests, or SHA-512/256 or SHA-512/224
MGF1ParameterSpec's, or both.
The affected jar is: ibmpkcs11impl.jar
The associated Hursley RTC Problem Report is: 144310.
The associated Austin Git issue is: Issue#24 for IBMPKCS11Impl.
JVMs affected: Java 8.0.
The fix was delivered for Java 8.0 sr6 fp25.
The build level of the ibmpkcs11impl.jar is build-118.
.
This APAR will be fixed in the following Java Releases:
 8 SR6 FP25 (8.0.6.25)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ28335
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-09-23
    • 

  • Closed date
    2020-09-28
    • 

  • Last modified date
    2020-11-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 24 November 2020