APAR status
Closed as program error.
Error description
Error Message: The customer experienced a "mechanism does not exist" exception while trying to perform a KeyStore.load( ) operation upon a PKCS11 keystore that contained only a single RSA PrivateKeyEntry. . Stack Trace: N/A . The customer was using a Thales Luna 7 HSM configured to operate in FIPS mode.
Local fix
Problem summary
The PKCS11KeyStore.doesPublicKeyMatchPrivateKey( ) method within the IBMPKCS11Impl provider uses SHA1xxxxx signature mechanisms to match private and public HSM keys. SHA1xxxxx signature mechanisms are not available when a Luna 7 HSM is configured to operate in FIPS mode.
Problem conclusion
The PKCS11KeyStore.doesPublicKeyMatchPrivateKey( ) method has been updated to use the signature algorithms below instead to match private and public keys for the following key types: RSA => SHA256withRSA DSA => SHA256wthDSA EC => SHA256withECDSA The affected jar file is: ibmpkcs11impl.jar The associated GIT issue is: 61 The associated RTC problem report is:148264 The Java 8 build is: 227 The Java 7 build is: 230 The fixes were delivered for: Java 8.0 sr7 FP25 Java 7.1 sr5 fp25 . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 (8.0.8.0) 7 R1 SR5 FP25 (7.1.5.25) (restricted access) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ44075
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-11-01
Closed date
2022-11-05
Last modified date
2023-04-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
11 April 2023