IBM Support

IV33474: RAW KEY DATA IS ZEROED OUT BY THE FINALIZER BEFORE GETENCODED() COMPLETES.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: Refer to the stack tract below.
    .
    Stack Trace: java.security.UnrecoverableKeyException: Given
    final block not properly padded
        at com.ibm.crypto.provider.y.a(Unknown Source)
        at
    com.ibm.crypto.provider.PKCS12KeyStore.engineGetKey(Unknown
    Source)
        at java.security.KeyStore.getKey(KeyStore.java:191)
        at com.ibm.jsse2.xc.<init>(xc.java:40)
        at com.ibm.jsse2.jc$a_.engineInit(jc$a_.java:10)
        at
    javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:9)
        at
    com.ibm.ws.ssl.provider.AbstractJSSEProvider.getKeyTrustManagers
    (AbstractJSSEProvider.java:489)
        at
    com.ibm.ws.ssl.provider.AbstractJSSEProvider.generateNewSSLConte
    xt(AbstractJSSEProvider.java:204)
        at
    com.ibm.ws.ssl.provider.AbstractJSSEProvider.getSSLContext(Abstr
    actJSSEProvider.java:186)
        at
    com.ibm.ws.ssl.provider.AbstractJSSEProvider.getSSLSocketFactory
    (AbstractJSSEProvider.java:893)
        at
    com.ibm.websphere.ssl.JSSEHelper.getSSLSocketFactory(JSSEHelper.
    java:605)
        at
    com.ibm.websphere.ssl.protocol.SSLSocketFactory.<init>(SSLSocket
    Factory.java:96)
        at java.lang.J9VMInternals.newInstanceImpl(Native Method)
        at java.lang.Class.newInstance(Class.java:1345)
    .
    

Local fix

Problem summary

  • Raw key data is zeroed out by finalizer when being referenced by
    caller code.
    

Problem conclusion

  • This defect will be fixed in:
    7.0.0 SR4
    6.0.1 SR5
    6.0.0 SR13
    5.0.0 SR16
    1.4.2 SR13 FP15
    .
    Added "synchronized" declaration for methods that referencs the
    raw key data.
    
    Jars affected: ibmjceprovider.jar.
    Hursley defect 195261
    Austin defect 113420
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV33474

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    260

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-13

  • Closed date

    2013-01-03

  • Last modified date

    2013-02-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IV33475 PM79176

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R260 PSY

       UP

  • R600 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 260

Reference #: IV33474

Modified date: 28 February 2013