APAR status
Closed as program error.
Error description
Error Message: None . Stack Trace: at com/ibm/crypto/plus/provider/icc/NativeInterface.SIGNATURE_sign( Native Method) at com/ibm/crypto/plus/provider/icc/Signature.sign(Signature.java:5 (Compiled Code)) com/ibm/crypto/plus/provider/icc/Signature@0x0000000643ACC270, entry count: 1) at com/ibm/crypto/plus/provider/y.engineSign(y.java:7(Compiled Code)) at java/security/Signature$Delegate.engineSign(Signature.java:1391( Compiled Code)) at java/security/Signature.sign(Signature.java:704(Compiled Code)) ) . The java core may occur during Digest, Signature or Cipher crypto operations randomly.
Local fix
Place IBMJCE provider ahead of IBMJCEPlus in JRE_HOME/lib/security/java.security
Problem summary
IBMJCEPlus/IBMJCEPlusFIPS providers cause Java heap corruption during symmetric key cipher crypto operations. The behavior of providers after memory corruption is dependent on the nature of memory corrupted but often results in Java cores during subsequent crypto operations such as Digest, Signature or Cipher crypto operations randomly. The memory corruption is caused by IBMJCEPlus/IBMJCEPlusFIPS , during Symmetric key encryption and decryption operations, passing a byte array as an argument that is less than required by IBM GSKit Crypto for C library.
Problem conclusion
The JVM has been updated, during symmetric key cipher encryption and decryption operations, to pass a required sized byte array. The affected files: JRE_HOME\fips140-2\lib\ext\ibmjceplus.jar JRE_HOME\fips140-3\lib\ext\ibmjceplus.jar The associated Java Security GIT issue: 553 The associated RTC problem report is: 149 The Java 8 build dates are: FIPS140-2 - Build-Date: 20230619 FIPS140-3 - Build-Date: 20230619 The fix was delivered for: Java 8.0 SR8 FP10 The JVMs affected: Java 8 SR5 FP10 ? Java 8 SR8 FP5 . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 FP10 (8.0.8.10) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ47379
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-06-28
Closed date
2023-07-15
Last modified date
2023-07-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
16 July 2023