IBM Support

IV38135: UNSUPPORTEDOPERATIONEXCEPTION IS THROWN WHEN EXTRACTING INFORMAT ION FROM HARDWARE CRYPTO KEY.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: In JSSE2 build 20130109, new code was added to
SignatureAndHashAlgorithm.java to call KeyLength.getKeySize() in
order to retrieve the key size of a RSA private key.
KeyLength.getKeySize() uses RSA key's getModulus() method.
This works well for software RSA keys, but for JCECCA hardware
RSA keys, the getModulus() method is not supported.
.
Stack Trace: javax.net.ssl.SSLException:
java.lang.UnsupportedOperationException: Hardware error,
function getModulus has no meaning in hardware
HSServerH: client connection refused.
javax.net.ssl.SSLException: Received fatal alert: internal_error
javax.net.ssl.SSLException: Received fatal alert: internal_error
        at com.ibm.jsse2.Alerts.getSSLException(Alerts.java:203)
        at com.ibm.jsse2.Alerts.getSSLException(Alerts.java:149)
        at
com.ibm.jsse2.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2122)
        at
com.ibm.jsse2.SSLSocketImpl.readRecord(SSLSocketImpl.java:1199)
        at
com.ibm.jsse2.SSLSocketImpl.performInitialHandshake(SSLSocketImp
l.java:1453)
        at
com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:14
81)
        at
com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:14
64)
        at HSServerH.run(HSServerH.java:120)
.

Local fix

  • 



Problem summary


    

  • Information in hardware crypto key is non-extractable, and
KeyLength.getKeySize() code did not consider this situation.

    



Problem conclusion


    

  • This defect will be fixed in:
5.0.0 SR16FP1
6.0.0 SR13FP1
6.0.1 SR5FP1
7.0.0 SR4FP1
.
Catch UnsupportedOperationException in KeyLength.getKeySize()
and ignore it.
The associated Austin CMVC defect 113547.
The associated Hursley CMVC defect 196262.
The fix was delivered for Java 5.0 SR16FP1, Java 6.0 SR13FP1,
Java 6.26 SR5FP1, and Java 7.0 SR4FP1.
The fix will be available in ibmjsseprovider2.jar (level
20130226).

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV38135
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    600
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-03-18
    • 

  • Closed date
    2013-03-28
    • 

  • Last modified date
    2013-03-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV38134
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    

  • R600  PSY
       UP
    • 

  • R260  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback