PK25433: IBM JCE BUILD 040219 INCORRECTLY IMPOSES A RESTRICTION OF MINIMUM 512 KEYSIZE.

APAR status
Closed as program error.

Error description
The IBM JCE build 040219 incorrectly imposes a restriction
of minimum 512 keysize.

Keysizes must be multiple of 64, and can range from 256 to
1024, inclusive.

Problems can therefore be seen if you are using a keysize
smaller than 512. (InvalidAlgorithmParameterException occurs).

An example exception:

java.security.InvalidAlgorithmParameterException is caught when
initializing EncryptionManager 'Prime size must be multiple of
64,
and can only range from 512 to 1024 (inclusive)'
        at com.ibm.db2.jcc.a.x.<init>(x.java:107)
        at com.ibm.db2.jcc.c.b.fc(b.java:2190)
        at com.ibm.db2.jcc.c.b.u(b.java:1057)
        at com.ibm.db2.jcc.c.b.b(b.java:723)
        at com.ibm.db2.jcc.c.b.a(b.java:700)
        at com.ibm.db2.jcc.c.b.a(b.java:412)
        at com.ibm.db2.jcc.c.b.<init>(b.java:357)
        at com.ibm.db2.jcc.DB2PooledConnection.<init>
        at ...

IBM JCE build 051104 resolves this problem.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server version 5.0.x   *
*                 users who are using DB2 database.            *
****************************************************************
* PROBLEM DESCRIPTION: ibmjceprovidor.jar build 040219 has a   *
*                      problem of incorrectly imposing a       *
*                      restriction of minimum 512 keysize.     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
ibmjceprovider.jar shipped in 
PK23458 (build 040219) does have
a problem of incorrectly imposing a restriction of minimum 512
keysize.
This is affecting customer who have been using a keysize < 512.
DB2 JCC with ENCRYPTED_USER_AND_PASSWORD_SECURITY is an
example.
When this problem happens, the following exception is thrown:

java.security.InvalidAlgorithmParameterException: Prime size
must be multiple of 64, and can only range from 512 to 1024
(inclusive):
at com.ibm.crypto.provider.DHKeyPairGenerator.initialize(Unkn
own Source)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPair
Generator.j
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.
java:309)
at com.ibm.db2.jcc.c.w.<init>(w.java:76)
at com.ibm.db2.jcc.b.b.cc(b.java:2091)
at com.ibm.db2.jcc.b.b.u(b.java:1005)
at com.ibm.db2.jcc.b.b.a(b.java:714)
at com.ibm.db2.jcc.b.b.<init>(b.java:305)
at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:162)
at java.sql.DriverManager.getConnection(DriverManager.java:543)
at java.sql.DriverManager.getConnection(DriverManager.java:163)
at ConnectDB.main(ConnectDB.java:29)
Problem conclusion
Replaced the affected modules by newer versions.
Temporary fix
A test fix PK25433_50.jar has been released.
Comments
APAR information
APAR number PK25433
Reported component name WEBSPHERE BASE
Reported component ID 5630A3600
Reported release 00A
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-05-24
Closed date 2006-07-31
Last modified date 2006-07-31

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
JCE          

Publications Referenced

Fix information
Fixed component name WEBSPHERE BASE
Fixed component ID 5630A3600

Applicable component levels
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00S PSY    UP
R00W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 00A
Software edition:
Reference #: PK25433
IBM Group: Software Group
Modified date: Jul 31, 2006