IBM Support

IV68282: MISCELLANEOUS PKCS11KEYSTORE FIXES

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: Two errors were identified within the
    PKCS11KeyStore.1) While replacing a hardware key with another
    keyhaving a few modified attributes, the
    PKCS11KeyStore.convertPrivKeyObj( ) method was failing to clean
    up the hardware key being replaced ifthe system property
    "ibm.pkcs11.memorymanagement"is set to "false".  Ordinarily
    hardware keys are cleaned up automatically by the finalizer
    method of the key.  However, when "ibm.pkcs11.memorymanagement"
    is set to "false", it is the responsibility of the application
    to clean up the key.  In this case, the PKCS11KeyStore class was
    the responsibie application.2) A debug trace statement within
    the PKCS11KeyStore.deleteCert() method was throwing an
    unexpected NullPointerException when debug tracing was enabled.
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • Two errors were identified within the PKCS11KeyStore.1) While
    replacing a hardware key with another keyhaving a few modified
    attributes, the PKCS11KeyStore class was failing to clean up the
    old hardware key ifthe system property
    "ibm.pkcs11.memorymanagement"is set to "false".  Ordinarily
    hardware keys are cleaned up automatically by the finalizer
    method of the key.  However, when "ibm.pkcs11.memorymanagement"
    is set to "false", it is the responsibility of the application
    to clean up the key.  In this case, the PKCS11KeyStore class was
    the responsibie application.2) A debug trace statement within
    the PKCS11KeyStore.deleteCert() method was throwing an
    unexpected NullPointerException when debug tracing was enabled.
    

Problem conclusion

  • For 1), logic was added to clean up the hardware key that was
    being replaced.For 2), the debug trace statement was updated so
    that it will no longer attempt to print an object which is
    potentially null.
    .
    This APAR will be fixed in the following Java Releases:
       6    SR16 FP4  (6.0.16.4)
       7    SR9       (7.0.9.0)
       6 R1 SR8 FP4   (6.1.8.4)
       7 R1 SR3       (7.1.3.0)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, information about the Service
    Refreshes and Fix Packs can be found at:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV68282

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-01-05

  • Closed date

    2015-01-09

  • Last modified date

    2015-01-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R600 PSY

       UP

  • R260 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 6.0

Reference #: IV68282

Modified date: 09 January 2015