APAR status
Closed as program error.
Error description
Error Message: IBMJCEHybridException: Failover exhausted, all registered providers attempted and failed. Exception.getMessage() returns: Exception#0 java.lang.UnsupportedOperationException: Hardware error, function engineGenerateSeed has no meaning in hardware OR Caused by: IBMJCEHybridException: Failover exhausted, all registered providers attempted and failed. Exception#0 com.ibm.crypto.hdwrCCA.provider.JCECCARuntimeException: Hardware error from call CSNBRNG returnCode 12 reasonCode 0 . Stack Trace: java.security.SecureRandom.generateSeed() does not work any longer, it throws an: IBMJCEHybridException: Failover exhausted, all registered providers attempted and failed. Exception.getMessage() returns: Exception#0 java.lang.UnsupportedOperationException: Hardware error, function engineGenerateSeed has no meaning in hardware OR Caused by: IBMJCEHybridException: Failover exhausted, all registered providers attempted and failed. Exception#0 com.ibm.crypto.hdwrCCA.provider.JCECCARuntimeException: Hardware error from call CSNBRNG returnCode 12 reasonCode 0 Stack Trace: at com.ibm.crypto.hdwrCCA.provider.SecureRandom.engineNextBytes(Sec ureRandom.java:127) at java.base/java.security.SecureRandom.nextBytes(SecureRandom.java :790) at com.ibm.crypto.ibmjcehybrid.provider.HybridSecureRandom.nextByte s(HybridSecureRandom.java:497) at com.ibm.crypto.ibmjcehybrid.provider.HybridSecureRandom.nextByte s(HybridSecureRandom.java:556) at com.ibm.crypto.ibmjcehybrid.provider.HybridSecureRandom.engineNe xtBytes(HybridSecureRandom.java:459) at com.ibm.crypto.ibmjcehybrid.provider.IBMSecureRandomHybrid.engin eNextBytes(IBMSecureRandomHybrid.java:25) at java.base/java.security.SecureRandom.nextBytes(SecureRandom.java :790) at java.base/java.util.UUID.randomUUID(UUID.java:153) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl$ ServerIdHolder$1.run(WsLocationAdminImpl.java:510) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl$ ServerIdHolder$1.run(WsLocationAdminImpl.java:489) at java.base/java.security.AccessController.doPrivileged(AccessCont roller.java:692) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl$ ServerIdHolder.readOrWriteId(WsLocationAdminImpl.java:489) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl$ ServerIdHolder.getServerId(WsLocationAdminImpl.java:465) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl$ ServerIdHolder.<clinit>(WsLocationAdminImpl.java:446) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl. getServerId(WsLocationAdminImpl.java:575) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl. <init>(WsLocationAdminImpl.java:344) at com.ibm.ws.kernel.service.location.internal.WsLocationAdminImpl. createLocations(WsLocationAdminImpl.java:109) at com.ibm.ws.kernel.service.location.internal.Activator.start(Acti vator.java:69) at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(Bund leContextImpl.java:818) at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(Bund leContextImpl.java:1) at java.base/java.security.AccessController.doPrivileged(AccessCont roller.java:748) at org.eclipse.osgi.internal.framework.BundleContextImpl.startActiv ator(BundleContextImpl.java:810) at org.eclipse.osgi.internal.framework.BundleContextImpl.start(Bund leContextImpl.java:767) at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(E quinoxBundle.java:1032) at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule. startWorker(EquinoxBundle.java:371) at org.eclipse.osgi.container.Module.doStart(Module.java:605) at org.eclipse.osgi.container.Module.start(Module.java:468) at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$2 .run(ModuleContainer.java:1852) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Thre adPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Thr eadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1595) . The issue happens only if ICSF is unavailable and IBMJCEHYBRID is the first provider.
Local fix
The error can be skipped by removing the IBMJCEHYBRID from the provider list.
Problem summary
If IBMJCEHYBRID is the first security provider list and the ICSF is not available, users may see an IBMJCEHYBRID failover exhausted exception regarding SecureRandom.
Problem conclusion
The IBMJCEHYBRID has been updated to handle the SecureRandom selection process when ICSF is unavailable. . This APAR will be fixed in the following Releases: . IBM Semeru Runtimes 21 21.0.6.0 . Downloads and supplementary documentation can be found at the following locations: - For the z/OS operating system: - Java SDK Products on z/OS https://www.ibm.com/support/pages/java-sdk-products-zos
Temporary fix
Comments
APAR Information
APAR number
PH64354
Reported component name
JAVA Z/OS 64
Reported component ID
620700104
Reported release
L00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-11-29
Closed date
2024-11-30
Last modified date
2024-11-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA Z/OS 64
Fixed component ID
620700104
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"L00","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
30 November 2024