IBM Support

IV62318: IBMPKCS11IMPL PROVIDER UPDATES FOR 'MEMORY LEAK'

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
    .
    Stack Trace: N/A
    .
    When an IBMPKCS11impl key is no longer required, the
    IBMPKCS11Impl provider currently requires the caller to
    explicity free a hardware object which is logically associated
    with the following IBMPKCS11Impl key
    types:?RSAPrivateKey?RSAPublicKey?DSAPrivateKey?DSAPublicKey?DHP
    KCS11PrivateKey?DHPKCS11PublicKey?PKCS11ECPrivateKey?PKCS11ECPub
    licKeyThis is accomplished by invoking the key's "rm()"
    method.If the caller fails to do this, it will have the effect
    of leaking memory on the crypto adapter (or crypto appliance).
    

Local fix

Problem summary

  • When an IBMPKCS11impl key is no longer required, the
    IBMPKCS11Impl provider currently requires the caller to
    explicity free a hardware object which is logically associated
    with the following IBMPKCS11Impl key
    types:?RSAPrivateKey?RSAPublicKey?DSAPrivateKey?DSAPublicKey?DHP
    KCS11PrivateKey?DHPKCS11PublicKey?PKCS11ECPrivateKey?PKCS11ECPub
    licKeyThis is accomplished by invoking the key's "rm()"
    method.If the caller fails to do this, it will have the effect
    of leaking memory on the crypto adapter (or crypto appliance).
    

Problem conclusion

  • The following new Java system property is now recognized by the
    IBMPKCS11Impl
    provider:-Dibm.pkcs11.memorymanagement=true/falseIf this system
    property is not defined, a default value of"true" is
    assumed.When this Java system property is set to true,the Java
    finalize method of each of the listed keys will invoke the key's
    rm() method to free the associated hardware object.  This
    relieves the caller of the responsibility.The key's finalize
    method will invoke rm()for "session keys only".  The caller is
    still responsible for explicitly invoking the rm() method for
    "token keys".
    .
    This APAR will be fixed in the following Java Releases:
       6    SR16 FP1  (6.0.16.1)
       7    SR7 FP1   (7.0.7.1)
       7 R1 SR1 FP1   (7.1.1.1)
       6 R1 SR8 FP1   (6.1.8.1)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, Java maintenance is available
    from:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV62318

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-07-08

  • Closed date

    2014-09-08

  • Last modified date

    2014-09-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R600 PSY

       UP

  • R260 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020