VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ46173

⇱ IJ46173: IBMJCEPLUS, IBMJCEPLUSFIPS PROVIDERS THROW AN INCORRECT JAVA.SECURITY.SIGNATUREEXCEPTION

IJ46173: IBMJCEPLUS, IBMJCEPLUSFIPS PROVIDERS THROW AN INCORRECT JAVA.SECURITY.SIGNATUREEXCEPTION

APAR status

  • Closed as program error.

Error description

  • Error Message: During Signature update operations,
IBMJCEPlus,IBMJCEPlusFIPS provider throw an incorrect
java.security.SignatureException: Bad input parameters to
Signature update.
.
Stack Trace: java.security.SignatureException: Bad input
parameters to Signature update
 at
com.ibm.crypto.plus.provider.w.engineUpdate(w.java:14)
 at
java.security.Signature$Delegate.engineUpdate(Signature.java:138
1)
 at java.security.Signature.update(Signature.java:886)
.
The issue also occurs when RSASignature algorithm is used.
The exception message should be corrected to "parameters".

Local fix

  • Place IBMJCE ahead of IBMJCEPlus, IBMJCEPlusFIPS providers in
java.security file.

Problem summary

  • IBMJCEPlus, IBMJCEPlusFIPS providers throw an incorrect
java.security.SignatureException

The issue is caused by incorrect check of buffer lengths during
Signature update operations.

Problem conclusion

  • The JVM has been updated so that IBMJCEPlus,IBMJCEPlusFIPS
providers do not fail Signature update operations while using
RSASignature and ECDSASignature algorithms.
The exception message has been corrected.

The affected file: ibmjceplus.jar

The associated Java Security GIT issues: 521, 527

The associated RTC problem report is: 149032

The Java 8 build dates are:

FIPS140-2 - Build-Date: 20230321

FIPS140-3 - Build-Date: 20230322

The fix was delivered for: Java 8.0 SR8 FP5

The JVMs affected: Java 8, SR7 FP20 or later.
.
This APAR will be fixed in the following Releases:
.
IBM SDK, Java Technology Edition
 8 SR8 FP5 (8.0.8.5)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
maintenance can be found at:
 https://www.ibm.com/support/pages/java-sdk

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ46173
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-03-28
    • 

  • Closed date
    2023-03-28
    • 

  • Last modified date
    2023-03-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 29 March 2023