VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ10491

⇱ IJ10491: AES/GCM CIPHER - AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )

IJ10491: AES/GCM CIPHER - AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: N/A
.
When the same AES/GCM cipher object is used to perform both the
encryption and the decryption of a piece of data, the customer
observed that if an AAD value with length=0 is supplied for
decryption, then the decryption operation would unexpectedly
succeed.

Local fix



Problem summary


    

  • The IBMJCE provider code was failing to reset the AAD value to
its uninitialized state within the AES/GCM cipher object state
during init( ) processing and doFinal( ) processing, as dictated
by the Cipher javadocs.
The Cipher framework updateAAD( ) method discards any AAD values
with length=0. Therefore, the AAD value supplied to the AES/GCM
cipher object for decryption was being discarded, and the AAD
value that had been supplied for encryption was retained and was
reused for decryption.



Problem conclusion


    

  • The AES/GCM cipher code of the IBMPKCS11Impl provider has been
modified to set the AAD value within the cipher object to its
uninitialized state during init( ) and doFinal( ) processing.
The GIT issue associated with this change is #1.
The RTC Problem report associated with this change is 139433.
The affected IBM JVM's are: 70sr10fp35, 7.1sr4fp35, and
80sr5fp25
The affected jar file is ibmjceprovider.jar.
The build level of the updated IBMJCE70 jar file is: build-169
The build level of the updated IBMJCE80 jar file is: build-170
.
This APAR will be fixed in the following Java Releases:
 8 SR5 FP25 (8.0.5.25)
 7 SR10 FP35 (7.0.10.35)
 7 R1 SR4 FP35 (7.1.4.35)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ10491
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-10-11
    • 

  • Closed date
    2018-10-15
    • 

  • Last modified date
    2018-10-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020