APAR status
Closed as program error.
Error description
Error Message, as reported by customer: When loading PKCS12 keystore file which contains entries with no alias in Java 8, an IOException with message "DerInputStream.getLength(): lengthTag=127, too big" is thrown and the keystore load fails. Stack Trace, if applicable: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big. at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:724) at com.ibm.security.util.DerInputStream.getLength(DerInputStream.ja va:698) at com.ibm.security.util.DerValue.<init>(DerValue.java:254) at com.ibm.security.util.DerInputStream.readVector(DerInputStream.j ava:472) at com.ibm.security.util.DerInputStream.getSequence(DerInputStream. java:397) at com.ibm.crypto.provider.PKCS12KeyStoreOracle.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1456) Other Error Information, as reported by customer: N/A
Local fix
N/A
Problem summary
Cannot load PKCS12 keystore file in Java 8 ERROR DESCRIPTION: When loading PKCS12 keystore file which contains entries with no alias in Java 8, an IOException with message "DerInputStream.getLength(): lengthTag=127, too big" is thrown and the keystore load fails.
Problem conclusion
Issue in DerInputStream on handling constructed indefinite length data. The fix adds the correct logic to handle constructed indefinite length data. The associated RTC PR is 111440 The associated Austin CMVC defect is 117231 The associated Austin APAR is IV83669 JVMs affected : Java 6.0, Java 6.1, Java 7.0, java 7.1 and Java 8.0 The fix was delivered for Java 6.0 SR16 FP30, Java 6.1 SR8 FP30, Java 7.0 SR9 FP50, Java 7.1 SR3 FP50 and Java 8.0 SR3 FP10 The affected jar is "ibmpkcs.jar". The build level of this jar for the affected releases is "20160428"
Temporary fix
Comments
APAR Information
APAR number
IV83669
Reported component name
TIVOLI JAVA PKC
Reported component ID
TIVSECPKC
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-04-12
Closed date
2016-05-04
Last modified date
2016-05-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIVOLI JAVA PKC
Fixed component ID
TIVSECPKC
Applicable component levels
R100 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL45","label":"PKCS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 May 2016