IZ81254: IMPROPERLY ENCODED MODULI IN AN RSAPUBLICKEY ARE NOT HANDLED BY IBMJCE.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Envt: IBM JDK 150 SR11
    
    Component: IBM JCE
    
    Description :
    
    Improperly encoded moduli in an RSAPublicKey are not handled by
    IBMJCE.
    
    JVM affected: 142, 50, 60
    
    JAR affected: ibmjceprovider.jar
    
    Additional Notes:
    
    Not a defect in IBM JCE code, but change warranted in order to
    align with other industry provider implementations (SUN, open
    SSL)
    
    Error message when processing public key in DER encoded
    certificate:
    
    java.lang.ArithmeticException: BigInteger: modulus not positive
            at java.math.BigInteger.modPow(BigInteger.java:1556)
            at com.ibm.crypto.provider.c.a(Unknown Source)
            at com.ibm.crypto.provider.c.a(Unknown Source)
            at com.ibm.crypto.provider.qc.engineVerify(Unknown
    Source)
            at
    java.security.Signature$Delegate.engineVerify(Signature.java:119
    4)
            at java.security.Signature.verify(Signature.java:647)
            at SignatureTest.main(SignatureTest.java:164)
    

Local fix

  • Use properly encoded RSA keypairs/certificates created using IBM
    providers.
    

Problem summary

  • Improperly encoded moduli in an RSAPublicKey are not handled by
    IBMJCE.
    

Problem conclusion

  • Affects ibmjceprovider.jar.  Hursley defect 168838.  Likely
    available in 1.4.2 SR13-FP8, 5.0 SR12-FP2, and 6.0 SR 9.  (Also
    affects JCEFIPS, which customer has not requested, but a fix
    will be made FIPS at next opportunity).
    
    SVN build date: 20100730_01
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ81254

  • Reported component name

    TIV JAVA CRYPTO

  • Reported component ID

    TIVSECJCE

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-31

  • Closed date

    2010-08-03

  • Last modified date

    2011-01-10

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV JAVA CRYPTO

  • Fixed component ID

    TIVSECJCE

Applicable component levels

  • R100 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Components - Java Security
JCE

Software version:

100

Reference #:

IZ81254

Modified date:

2011-01-10

Translate my page

Machine Translation

Content navigation