APAR status
Closed as program error.
Error description
Error Message: Failure 1: Performing cryptographic operations using AESGCM fails and creates Java Core. None Failure 2: The error "An unexpected exception occurred :java.lang.RuntimeException: java.security.ProviderException: Failure in engineUpdate". . Stack Trace: Failure 1: at com/ibm/crypto/plus/provider/icc/NativeInterface.free_GCM_ctx(Na tive Method) at com/ibm/crypto/plus/provider/icc/e.finalize(e.java:10(Compiled Code)) (entered lock: com/ibm/crypto/plus/provider/icc/e@0x00007FF5D86165D0, entry count: 1) at java/lang/J9VMInternals.runFinalize(J9VMInternals.java:281(Compi led Code)) Native callstack: N_lib_init+0xb7f73 (0x00007FF8C6D99AD6 <OSB>icclib085+0xb9ad6<CSB>) JCC_EVP_EncodeInit+0x42e3 (0x00007FF8CA415DE2 <OSB>jgsk8iccs_64+0x5de2<CSB>) Java_com_ibm_crypto_plus_provider_icc_NativeInterface_free_1GCM_ 1ctx+0x50 (0x00007FF8CA2DA090 <OSB>jgskit+0xa090<CSB>) Failure 2: None . Failure 1: The customer application was down. Failure 2: None
Local fix
Place IBMJCE ahead of IBMJCEPlus in JRE_HOME/lib/security/java.security file.
Problem summary
IBMJCEPlus provider failures (two) with AESGCM algorithm. Failure 1: IBMJCEPlus was freeing memory associated with internal structures, while they were still in use. Failure 2: IBMJCEPlus was setting the internal state incorrectly causing a failure during Update.
Problem conclusion
The JVM has been updated so that performing AESGCM crypto operations does not result in exception. AESGCM algorithm, does not free internal memory while it is still being used. AESGCM performs additional IV and Key uniqueness checks during doFinal and engineUpdate operations. The affected files: ibmjceplus.jar and native libraries(libjgskit.so and jgskit.dll) The associated Java Security GIT issues: 474, 479 The associated RTC problem report is: 148388 The Java 8 build dates are: FIPS140-2 - Build-Date: 20221123 FIPS140-3 - Build-Date: 20221124 The fixes were delivered for: Java 8.0 sr8 The JVMs affected: Java 8, SR7 FP10 or later. . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 (8.0.8.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ45201
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-02-02
Closed date
2023-02-02
Last modified date
2023-02-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
08 February 2023