APAR status
Closed as program error.
Error description
The first error condition occurs during the computation of a Diffie-Hellman shared secret and IBMJCEPlus attempts to use a previously freed pointer, which causes the JVM to crash. The second error condition occurs during encoding and decoding of EC parameters resulting in a JNI error produced by the JVM: JVMJNCK055E JNI error in ReleasePrimitiveArrayCritical: Pointer 0x00000000FFE2C092 was not returned by any JNI function, or was already released JVMJNCK077E Error detected in com/ibm/crypto/plus/provider/icc/NativeInterface.ECKEY_createPub licKey(J[B[B)J STACK TRACE: Stack Trace for the first error condition that results in java core files: at com/ibm/crypto/plus/provider/icc/NativeInterface.DHKEY_computeDH Secret(Native Method) at com/ibm/crypto/plus/provider/icc/DHKey.computeDHSecret(DHKey.jav a:9) at com/ibm/crypto/plus/provider/DHKeyAgreement.engineGenerateSecret (DHKeyAgreement.java:43) com/ibm/crypto/plus/provider/icc/DHKey@0x00000007DF82FB30, entry count: 1) com/ibm/crypto/plus/provider/icc/DHKey@0x00000007DF838878, entry count: 1) Stack Trace for the second error condition: at com/ibm/crypto/plus/provider/icc/NativeInterface.ECKEY_createPub licKey(Native Method) at com/ibm/crypto/plus/provider/icc/ECKey.createPublicKey(ECKey.jav a:64) at com/ibm/crypto/plus/provider/ECPublicKey.(ECPublicKey.java:57) at com/ibm/crypto/plus/provider/ECKeyFactory.engineGeneratePublic(E CKeyFactory.java:9) at java/security/KeyFactory.generatePublic(KeyFactory.java:345) OTHER While using IBMJCEPlus as the provider, JVM crashes while computing Diffie-Hellman secrets. The error condition causes java core files to be generated. The second error condition occurs when java programs are run with JNI checking enabled with -Xcheck:jni:pedantic,valist,nowarn,noadvice flags. JVMs affected: The Java 8, SR7. The second error does not occur with Java 8, SR6FP36.
Local fix
Problem summary
This APAR documents two related error conditions that occur while using IBMJCEPlus. The first error condition occurs during the computation of a Diffie-Hellman shared secret and IBMJCEPlus attempts to use a previously freed pointer, which causes the JVM to crash. The second error condition occurs while encoding and decoding EC parameters. Both the errors are due to reuse of previously freed pointers.
Problem conclusion
The JVM has been updated so that encoding and decoding of Elliptic curve parameters and computing Diffie-Hellman secret complete successfully. The RSAPSS algorithm was also updated to prevent a potential JNI error. The associated Hursley RTC Problem Report: 147094 The associated Austin Git issue:IBMJCEPlus - 417 The fix was delivered for Java 8, SR7FP10 The files affected for Java 8 SR7 FP10 are: ibmjceplus.jar (Build-Date: 20220204) jgskit.dll (win32, win64) llibjgskit.so on AIX (ppc, ppc64) libjgskit.so - Linux platforms . This APAR will be fixed in the following Java Releases: 8 SR7 FP10 (8.0.7.10) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ37785
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-10
Closed date
2022-02-10
Last modified date
2022-05-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
12 May 2022