APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
Modifications are required to the Java 8 PKCS provider as part of a larger collection of updates to fix an issue with RSA-PSS signatures and delayed provider selection. RSA-PSS signature requires Signature.setParameter() to be done prior to Signature.initSign(PrivateKey). Signature.setParameter() will cause the first provider that accepts RSA-PSS to be chosen which may not be acceptable for the privateKey being used in the Signature.initSign(PrivateKey).
Problem conclusion
Modifications have been made to the Java 8 PKCS provider to replace internal calls to Signature.initSign(PrivateKey) and Signature.initVerify(PublicKey) with Signature.initSignWithParam(PrivateKey, ParameterSpec) and Signature.initVerifyWithParam(PublicKey, ParameterSpec) to match the keys and parameters for a given provider selection. The jar affected by this apar is ibmpkcs.jar. The associated Hursley RTC Problem Report is 144168. The associated Austin Git issue is Issue# 68 for PKCS. JVMs affected include: Java 8.0. The fix was delivered for Java 8.0 SR6 FP25. The build level of the ibmpkcs.jar delivered for Java 8.0 is build_20200827-235. . This APAR will be fixed in the following Java Releases: 8 SR6 FP25 (8.0.6.25) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ27399
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-08-31
Closed date
2020-08-31
Last modified date
2020-11-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
24 November 2020