VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ54991

⇱ IJ54991: MESSAGEDIGEST.UPDATE API DOES NOT THROW THE CORRECT EXCEPTION.

IJ54991: MESSAGEDIGEST.UPDATE API DOES NOT THROW THE CORRECT EXCEPTION.

APAR status

  • Closed as program error.

Error description

  • Error Message: None
.
Stack Trace: Exception in thread "main"
 java.security.ProviderException: Failure in
engineUpdate
 at
com.ibm.crypto.plus.provider.IBMJCEPlus.a(IBMJCEPlus.java:128)
 at
com.ibm.crypto.plus.provider.v.engineUpdate(v.java:39)
 at
java.security.MessageDigest$Delegate.engineUpdate(MessageDigest.
java:612)
 at
java.security.MessageDigest.update(MessageDigest.java:336)
 at MD.getDigestWithNegativeLength(MD.java:45) at
MD.main(MD.java:22
.
None

Local fix



Problem summary


    

  • IBMJCEPlus and IBMJCE does not throw the
 correct exception when a negative length parameter
is passed to the
 MessageDigest.update(byteArray, offset, length) API.



Problem conclusion


    

  • The JVM has been updated to throw the correct
 ArrayIndexOutOfBoundsException when a negative
length parameter is
 passed during a Message Digest update operation for
both component
 IBMJCE and IBMJCEPlus
 GIT issues: IBMJCE:294, IBMJCEPlus:783
 RTC
 problem report: 152710
 The affected files:
 ibmjceprovider.jar and ibmjceplus.jar
 ibmjceprovider.jar build dates:
 ibmjceprovider.jar - 20250501
 Build: Java 8 - build_20250501-391
 ibmjceplus.jar build dates:
 FIPS140-2 - Build-Date: 20250430
 FIPS140-3 - Build-Date:20250430
 Build for FIPS140-2: Java 8 - build_20250430
 Build for FIPS140-3: Java 8 - build_20250430
 The fixes were delivered for: Java 8.0 SR8 FP50.

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP50 (8.0.8.50)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ54991
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-06-09
    • 

  • Closed date
    2025-06-09
    • 

  • Last modified date
    2025-06-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 09 June 2025