APAR status
Closed as program error.
Error description
Error Message: An internal test program failed with a NullPointerException when the following API was invoked with NULL PSSParameterSpec value. SharedSecrets.getJavaSecuritySignatureAccess().initSign(sig, rsaKeyPair.getPrivate(), pssParameterSpec, null). . Stack Trace: java.lang.NullPointerException at com.ibm.crypto.provider.RSAPSSSignature.encodeSignature(Unknown Source) at com.ibm.crypto.provider.RSAPSSSignature.engineSign(Unknown Source) at java.security.Signature$Delegate.engineSign(Signature.java:1382) at java.security.Signature.sign(Signature.java:698) at TestRSAPSS2.doSignature(TestRSAPSS2.java:3367) at TestRSAPSS2.testRSAPSS(TestRSAPSS2.java:634) at TestRSAPSS2.main(TestRSAPSS2.java:65) java.lang.NullPointerException at com.ibm.crypto.provider.RSAPSSSignature.encodeSignature(Unknown Source) at com.ibm.crypto.provider.RSAPSSSignature.engineSign(Unknown Source) at java.security.Signature$Delegate.engineSign(Signature.java:1382) at java.security.Signature.sign(Signature.java:698) .
Local fix
Problem summary
Support delayed JCE provider selection for RSAPSS and other changes
Problem conclusion
The JVM and the RSAPSS Signature was fixed to support delayed JCE provider selection and calling with null PSSParameterSpec. SharedSecrets.getJavaSecuritySignatureAccess().initSign(sig, rsaKeyPair.getPrivate(), pssParameterSpec, null). SharedSecrets.getJavaSecuritySignatureAccess().initVerify(sig, rsaKeyPair.getPublic(), pssParameterSpec. RSAPSS Signature was fixed not to allow mixing of SHA-512 and SHA-512/224 or SHA512/256 truncated digests. The same digest must be specified both for MGF1 ParameterSpec and RSAPSSSIgnature. The associated Hursley RTC Problem Report is 144147 The associated Austin GitHub tasks: 76, 79 Austin Build Levels: build_20200821-346 File affected: ibmjceprovider.jar JVMs affected Java 8.0 The fix was delivered for Java 8.0 SR6, FP25 . This APAR will be fixed in the following Java Releases: 8 SR6 FP25 (8.0.6.25) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ27251
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-08-24
Closed date
2020-08-24
Last modified date
2020-11-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
24 November 2020