APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
Enhance the SHA1PRNG SecureRandom functionality for the IBMJCE and IBMSecureRandom providers to support a customizable source for seed data. Introduce new SecureRandom implementations which use a mix of blocking and non-blocking system calls to generate cryptographically secure random numbers and seed values.
Problem conclusion
The SHA1PRNG implementation for the IBMJCE and IBMSecureRandom providers has been updated to support a customizable source for seed data. By default, an attempt is made to use the entropy gathering device that is specified by the securerandom.source security property in the java.security file. The entropy gathering device can also be specified with the system property java.security.egd. Specifying this system property overrides the securerandom.source security property. For operating systems like AIX and Linux, three new SecureRandom implementations that provide a mix of blocking and non-blocking behavior are introduced for the IBMJCE provider. The new implementations that have been added are NativePRNG, NativePRNGBlocking, and NativePRNGNonBlocking. The java.security file has been updated to specify a default value of ?file:/dev/urandom? for the ?securerandom.source? Security property. NOTE: The performance and quality of randomness of obtaining seed material by SHA1PRNG is dependent on the configured source for seed data. Better quality random data may be obtained on some systems by using /dev/random over /dev/urandom, although performance may be strongly impacted as the system might block until sufficiently random bytes can be returned. Performance may also be affected if the seed source is undefined, in which case will cause the traditional system/thread activity algorithm to be used. Users who use their own customized java.security file should ensure that they are specifying an appropriate seed source and also be aware that earlier Java versions had the ?securerandom.source? Security property unset, set to ?file:/dev/random? or set to ?file:/dev/urandom?. For more information, refer to the IBM SDK documentation. . This APAR will be fixed in the following Java Releases: 8 SR1 FP10 (8.0.1.10) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV75079
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-07-13
Closed date
2015-07-13
Last modified date
2015-07-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R270 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020