APAR status
Closed as program error.
Error description
Error Message: See below . Stack Trace: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA2DRBG, provider: IBMJCEFIPS, class: com.ibm.crypto.fips.provider.SHA2DRBG) at java.security.Provider$Service.newInstance(Provider.java:1273) at sun.security.jca.GetInstance.getInstance(GetInstance.java:248) at sun.security.jca.GetInstance.getInstance(GetInstance.java:218) at java.security.SecureRandom.getInstance(SecureRandom.java:330) at TestFIPSSHA2DRBG.main(TestFIPSSHA2DRBG.java:16) Caused by: java.lang.IllegalAccessException: Class java/security/Provider$Service illegally accessing "package private" class com/ibm/crypto/fips/provider/SHA2DRBG at java.lang.J9VMInternals.newInstanceImpl(Native Method) at java.lang.Class.newInstance(Class.java:1505) at java.security.Provider$Service.newInstance(Provider.java:1249) ... 4 more . The problem happens on JDKs which shipped with the new IBMJCEFIPS provider: 6.0sr12, 6.26sr4, 7.0sr3 Besides, the SHA2DRBG and SHA5DRBG can be used with IBMJCE provider.
Local fix
1. Use SHA2DRBG and SHA5DRBG in IBMJCE provider. 2. Use algorithm name "HASHDRBG" to use the default SHA2DRBG in IBMJCEFIPS provider.
Problem summary
The problem happens because SecureRandom classes SHA2DRBG and SHA5DRBG in IBMJCEFIPS provider are not public
Problem conclusion
This defect will be fixed in: 7.0.0 SR4FP1 6.0.1 SR5FP1 6.0.0 SR13FP1 . A fix is made to IBMJCEFIPS provider to make SHA2DRBG and SHA5DRBG classes public. The fix to circumvent this problem in JSSE (IV36810) is reverted. The associated Hursley CMVC defect is 196266 The associated Austin CMVC defect is 113538 JVMs affected: Java 6.0 SR12, Java 6 R26 SR4, Java 7.0 SR3. The fix was delivered for Java 7 SR4 FP1, Java 6 R26 SR5 FP1, Java 6 SR13 FP1 The affected jar is "ibmjcefips.jar" and "ibmjsseprovider2.jar" The build level of "ibmjcefips.jar" for the affected releases is "20130219" The build level of "ibmjsseprovider2.jar" for the affected releases is "20130226"
Temporary fix
Comments
APAR Information
APAR number
IV37346
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-28
Closed date
2013-03-18
Last modified date
2013-03-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020