Prepend
2006-09-21
  Strange behavior in IBM JRE's JCE MD5 algorithm
I recently worked around a curious multithreading bug on IBM's AIX JRE. It was one of those painful, but interesting bugs that I thought I should share.

One of the developers I work with reported an issue with a piece of code that generates GUIDs. The error only manifested under heavy loads running in OAS and only on IBM's AIX JRE (build 1.4.1, J2RE 1.4.1 IBM AIX build ca1411-20030930). Everything ran fine on Sun Windows/Solaris/HPUX and IBM z/OS & Windows, only AIX's JRE had a problem.

The error was a pretty basic "'String index out of range:12'" that occurs when you try to substring a string without enough characters. But this wasn't the cause. The developer who wrote the code was using the MD5 algorithm from the JCE to hash up some random data and he was eating the real exception (of course really really bad, but that's another story).

Here's the defect:
java.security.NoSuchAlgorithmException: class configured for MessageDigest(provider: BootstrapProvider version 1.1)cannot be found.
com/ibm/security/bootstrap/MD5


It's doubly curious as this class does exist in the class loader (I can Class.forName it all day long) and I was explicitly using the BouncyCastle provider, not the bootstrap provider.

I tried three methods of getting an MD5 MessageDigest:

MessageDigest dm5Digest = MessageDigest.getInstance("MD5");


MessageDigest dm5Digest = MessageDigest.getInstance("MD5", BouncyCastleProvider.PROVIDER_NAME);


MessageDigest dm5Digest = MessageDigest.getInstance("MD5", new BouncyCastleProvider());


but all three of them still threw the error reporting from the IBM bootstrap provider. So it ends up that there is an error in the JRE so that it can't load the proper class under heavy load. When I explicitly called the BouncyCastle MD5 MessageDigest everything ran fine.

On a side note, since the original developer of this mangled piece of code that was causing the error is no longer with my employer, I rewrote the code so it doesn't use MD5 for a GUID. I'm also not sure why the original developer tried to write something himself rather than using the Jakarta Commons Sandbox Id project. "Not Invented Here" syndrome strikes again.
 
Comments:
Can you tell me how you implemented the explicit call to BouncyCastle MD5 MessageDigest? I am getting the same error in an agent that uses itext1.4.5.jar to produce PDF documents from the browser. It works on my Solaris 8 box with Domino 6.5.4 but not another server running 7.0.1 (I believe that box is Win2k). Thanks!!!
 
Post a Comment



<< Home
Technical and personal notes from Brian Lee, technologist/enterprise architect/software developer/soa guy.

ARCHIVES
February 2005 / March 2005 / April 2005 / May 2005 / June 2005 / July 2005 / August 2005 / September 2005 / October 2005 / November 2005 / December 2005 / January 2006 / February 2006 / March 2006 / April 2006 / May 2006 / June 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / May 2007 / June 2007 / August 2007 / September 2007 / October 2007 / April 2008 / July 2008 / January 2009 / May 2009 / June 2009 /
My Photo
Name: Brian Lee
Location: Atlanta, Georgia, United States

 
Web prepend.com






Powered by Blogger