IBM Support

IV33475: RAW KEY DATA IS ZEROED OUT BY THE FINALIZER BEFORE GETENCODED() COMPLETES.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Refer to the stack tract below.
.
Stack Trace: java.security.UnrecoverableKeyException: Given
final block not properly padded
    at com.ibm.crypto.provider.y.a(Unknown Source)
    at
com.ibm.crypto.provider.PKCS12KeyStore.engineGetKey(Unknown
Source)
    at java.security.KeyStore.getKey(KeyStore.java:191)
    at com.ibm.jsse2.xc.<init>(xc.java:40)
    at com.ibm.jsse2.jc$a_.engineInit(jc$a_.java:10)
    at
javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:9)
    at
com.ibm.ws.ssl.provider.AbstractJSSEProvider.getKeyTrustManagers
(AbstractJSSEProvider.java:489)
    at
com.ibm.ws.ssl.provider.AbstractJSSEProvider.generateNewSSLConte
xt(AbstractJSSEProvider.java:204)
    at
com.ibm.ws.ssl.provider.AbstractJSSEProvider.getSSLContext(Abstr
actJSSEProvider.java:186)
    at
com.ibm.ws.ssl.provider.AbstractJSSEProvider.getSSLSocketFactory
(AbstractJSSEProvider.java:893)
    at
com.ibm.websphere.ssl.JSSEHelper.getSSLSocketFactory(JSSEHelper.
java:605)
    at
com.ibm.websphere.ssl.protocol.SSLSocketFactory.<init>(SSLSocket
Factory.java:96)
    at java.lang.J9VMInternals.newInstanceImpl(Native Method)
    at java.lang.Class.newInstance(Class.java:1345)
.

Local fix

  • 



Problem summary


    

  • Raw key data is zeroed out by finalizer when being referenced by
caller code.

    



Problem conclusion


    

  • This defect will be fixed in:
7.0.0 SR4
6.0.1 SR5
6.0.0 SR13
5.0.0 SR16
1.4.2 SR14
.
Added "synchronized" declaration for methods that referencs the
raw key data.
JVMs affected: 1.4.2 SR14, 5.0 SR16, 6.0 SR13, 6.26 SR5, and 7.0
SR4.
Jars affected: ibmjceprovider.jar.
Hursley defect 195261
Austin defect 113420

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV33475
    • 

  • Reported component name
    JAVA 5 SECURITY
    • 

  • Reported component ID
    620500125
    • 

  • Reported release
    500
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-12-13
    • 

  • Closed date
    2013-01-03
    • 

  • Last modified date
    2013-01-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV33474
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA 5 SECURITY
    • 

  • Fixed component ID
    620500125
    • 



Applicable component levels


    

  • R500  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback