VOOZH about

URL: https://www.ibm.com/support/pages/apar/PH62784

⇱ PH62784: AES KEYLABEL CANNOT NOT BE USED AS A KEY VALUE.

PH62784: AES KEYLABEL CANNOT NOT BE USED AS A KEY VALUE.

APAR status

  • Closed as program error.

Error description

  • Error Message: Hardware error from call KMGCMD
java.lang.IllegalArgumentException: System Error: AES key length
must be 16, 24, or 32
.
Stack Trace: com.ibm.crypto.hdwrCCA.provider.JCEHdwrUtils
decrypt
java.lang.IllegalArgumentException: System Error: AES key length
must be 16, 24, or 32 bytes.
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.JCEHdwrUtils.
a(JCEHdwrUtils.java:1181)
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.JCEHdwrUtils.
a(JCEHdwrUtils.java:1214)
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.JCEHdwrUtils.
b(JCEHdwrUtils.java:1153)
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.AESCipher.a(A
ESCipher.java:306)
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.AESCipher.eng
ineDoFinal(AESCipher.java:453)
at
ibm.crypto.hdwrcca/com.ibm.crypto.hdwrCCA.provider.AESCipher.eng
ineDoFinal(AESCipher.java:758)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2263)
at
ibm.crypto.ibmjcehybrid/com.ibm.crypto.ibmjcehybrid.provider.Hyb
ridCipher.doFinal(HybridCipher.java:2532)
at
ibm.crypto.ibmjcehybrid/com.ibm.crypto.ibmjcehybrid.provider.Hyb
ridCipher.engineDoFinal(HybridCipher.java:2422)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
.

Local fix

  • Pass key value instead of ICSF keylabel.

Problem summary

  • An ICSF keylabel for a key stored in the CKDS was passed to
Cipher.init(). The IBMJCECCA code was incorrectly passing this
to a routine which only takes key values.

Problem conclusion

  • The code is modified to check for an ICSF keylabel and pass this
request to the correct interface.
.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
 17 17.0.13.0
 11 11.0.25.0
.
Downloads and supplementary documentation can be found at the
following locations:
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    PH62784
    • 

  • Reported component name
    JAVA Z/OS 64
    • 

  • Reported component ID
    620700104
    • 

  • Reported release
    H00
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-08-15
    • 

  • Closed date
    2024-08-29
    • 

  • Last modified date
    2024-08-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA Z/OS 64
    • 

  • Fixed component ID
    620700104
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"H00","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 29 August 2024