VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ56792

⇱ IJ56792: USING RSA KEY PAIRS ACROSS PROVIDERS (IBMJCEPLUS, IBMJCEPLUSFIPS) CAN CAUSE SEGMENTATION FAULT

IJ56792: USING RSA KEY PAIRS ACROSS PROVIDERS (IBMJCEPLUS, IBMJCEPLUSFIPS) CAN CAUSE SEGMENTATION FAULT

APAR status

  • Closed as program error.

Error description

  • Error Message: None
.
Stack Trace: at
com/ibm/crypto/plus/provider/icc/NativeInterface.RSACIPHER_publi
c_encrypt(NativeMethod)
 at
com/ibm/crypto/plus/provider/icc/RSACipher.publicEncrypt(RSACiph
er.java:31)
 (entered lock:
com/ibm/crypto/plus/provider/icc/RSACipher@0x00000007FCA9C430,
entrycount: 1)
 at
com/ibm/crypto/plus/provider/RSA.engineDoFinal(RSA.java:246)
 at
com/ibm/crypto/plus/provider/RSA.engineDoFinal(RSA.java:175)
 at javax/crypto/Cipher.doFinal(Bytecode PC:35)
.
The issue was found in Java 8 SR8 FP20 or later.

Local fix

  • When using the IBMJCEPlusFIPS provider, ensure that the same
provider is used for both key pair generation and all subsequent
cryptographic operations?such as encryption, decryption,
signing, and verification to maintain FIPS compliance.
 Do not mix providers. Key pairs generated by
IBMJCEPlusFIPS must not be used with IBMJCEPlus for encryption,
decryption, signing, or verification.

Problem summary

  • Using public-private key pairs across providers such as keys
generated with IBMJCEPlus used with IBMJCEPlusFIPS, or vice
versa can lead to segmentation faults.

Problem conclusion

  • The JVM has been updated to throw an InvalidKeyException when
key pairs generated with IBMJCEPlus are used with
IBMJCEPlusFIPS. Conversely, when key pairs generated by
IBMJCEPlusFIPS are used with IBMJCEPlus, the JVM performs the
necessary key transformation to prevent segmentation faults.
 Updated algorithms:
 RSA, DSA, ECDSA, DH, EdDSA.
 GIT issues: IBMJCEPlus: 762
 RTC problem report: 153107
 The associated Austin APAR is IJ53002
 The affected files:
 ibmjceplus.jar
 ibmjceplus.jar build dates:
 FIPS140-2 - Build-Date:20251031
 FIPS140-3 - Build-Date:20251031
 Build for FIPS140-2: 8.0 build_20251031-548
 Build for FIPS140-3: 8.0 build_20251031-549
 The fixes were delivered for: Java 8.0 SR8 FP60

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP60 (8.0.8.60)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ56792
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-11-20
    • 

  • Closed date
    2025-11-20
    • 

  • Last modified date
    2025-11-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 20 November 2025