APAR status
Closed as program error.
Error description
Error Message: ProviderException: Failure in engineUpdate . Stack Trace: java.lang.IllegalStateException: Must use either different key or iv for GCM encryption. at com.ibm.crypto.plus.provider.AESGCMCipher.c(AESGCMCipher.java:45 8) at com.ibm.crypto.plus.provider.AESGCMCipher.engineDoFinal(AESGCMCi pher.java:236) at javax.crypto.Cipher.doFinal(Unknown Source at javax.crypto.CipherInputStream.close(Unknown Source) . JVMs impacted: Java 8, SR7 - Java 8, SR8 FP10 AESGCM update operation failure was not seen when java.Util.Deflate was disabled and compression was turned off in user's application.
Local fix
Problem summary
IBMJCEPlus/IBMJCEPlusFIPS providers, during AESGCM, throw an incorrect IllegalStateException:Cipher not initialized. The problem occurs when AESGCMUpdate crypto operation allocates an internal byte<OSB><CSB> array that is less than required, resulting in an incorrect providerException. As a result of the providerException, the internal states are also reset incorrectly. When subsequent AESGCM crypto operations are called, an IllegalStateException is thrown.
Problem conclusion
The JVM has been updated so that required internal byte<OSB><CSB> array is allocated. The updated JVM does not throw an incorrect providerException during AESGCMUpdate crypto operations. The internal states are also not reset incorrectly, allowing customer application, to continue with AESGCM crypto operations. The affected files: ibmjceplus.jar GIT issues: 566 RTC problem report: 149854 The Java 8 ibmjceplus.jar build dates: FIPS140-2 - Build-Date: 20230827 FIPS140-3 - Build-Date: 20230827 The fixes were delivered for: Java 8.0 SR8 FP15 JVMs impacted: Java 8, SR7 - Java 8, SR8 FP10 . . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 FP15 (8.0.8.15) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ48453
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-09-08
Closed date
2023-09-08
Last modified date
2023-09-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
09 September 2023