VOOZH about

URL: https://www.ibm.com/support/pages/apar/PH08027

⇱ PH08027: REINITIALIZE IBMJCECCA CIPHER INSTANCE AFTER SUCCESSFUL CBC DOFINAL OPERATION

PH08027: REINITIALIZE IBMJCECCA CIPHER INSTANCE AFTER SUCCESSFUL CBC DOFINAL OPERATION

APAR status

  • Closed as program error.

Error description

  • Error Message: When IBMJCECCA is used to decrypt data using the
AES algorithm, and CBC mode, the decrypted data can be corrupt.
This error occurs when a Cipher instance is reused by making two
calls to the doFinal() method without initialing the Cipher
instance between the first and second call to doFinal(). No
error message is produced besides having corrupt decrypted data
produced by the second decrypt operation.
.
Stack Trace: N/A
.

Local fix

  • A workaround for this issue is to make use of the IBMJCE
provider for CBC cryptography operations.
This issue can also be worked around by initializing a Cipher
instance by using the init() method between subsequent calls to
the doFinal() method when decrypting data.

Problem summary

  • The DES, DESede, and AES ciphers of the IBMJCECCA provider do
not reinitialize the cipher instance correctly such that
subsequent operations to the doFinal() operation, using the same
cipher instance, are able to correctly decrypt data.

Problem conclusion

  • IBMJCECCA has been updated to correctly reinitialize its ciphers
when performing CBC mode decryption using AES, DES, and DESede
algorithms. The doFinal operation will reset the cipher instance
object to the state it was in when previously initialized via a
call to init(). That is, the object is reset and available to
decrypt more data.
.
This APAR will be fixed in the following Java Releases:
 8 SR5 FP31 (8.0.5.31)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    PH08027
    • 

  • Reported component name
    JAVA Z/OS 64
    • 

  • Reported component ID
    620700104
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-01-31
    • 

  • Closed date
    2019-01-31
    • 

  • Last modified date
    2019-01-31
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    JAVA Z/OS 64
    • 

  • Fixed component ID
    620700104
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"","label":""}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 09 August 2022