IBM Support

PH08027: REINITIALIZE IBMJCECCA CIPHER INSTANCE AFTER SUCCESSFUL CBC DOFINAL OPERATION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: When IBMJCECCA is used to decrypt data using the
AES algorithm, and CBC mode, the decrypted data can be corrupt.
This error occurs when a Cipher instance is reused by making two
calls to the doFinal() method without initialing the Cipher
instance between the first and second call to doFinal(). No
error message is produced besides having corrupt decrypted data
produced by the second decrypt operation.
.
Stack Trace: N/A
.

Local fix

  • A workaround for this issue is to make use of the IBMJCE
provider for CBC cryptography operations.
This issue can also be worked around by initializing a Cipher
instance by using the init() method between subsequent calls to
the doFinal() method when decrypting data.

Problem summary

  • The DES, DESede, and AES ciphers of the IBMJCECCA provider do
not reinitialize the cipher instance correctly such that
subsequent operations to the doFinal() operation, using the same
cipher instance, are able to correctly decrypt data.

Problem conclusion

  • IBMJCECCA has been updated to correctly reinitialize its ciphers
when performing CBC mode decryption using AES, DES, and DESede
algorithms. The doFinal operation will reset the cipher instance
object to the state it was in when previously initialized via a
call to init(). That is, the object is reset and available to
decrypt more data.
.
This APAR will be fixed in the following Java Releases:
   8    SR5 FP31  (8.0.5.31)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH08027
    • 

  • Reported component name
    JAVA Z/OS 64
    • 

  • Reported component ID
    620700104
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-01-31
    • 

  • Closed date
    2019-01-31
    • 

  • Last modified date
    2019-01-31
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA Z/OS 64
    • 

  • Fixed component ID
    620700104
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 August 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback