APAR status
Closed as program error.
Error description
Error Message: Buffer too short to hold shared secret . Stack Trace: javax.crypto.ShortBufferException: Buffer too short to hold shared secret at com.ibm.crypto.provider.DHKeyAgreement.engineGenerateSecret(Unkn own Source) at javax.crypto.KeyAgreement.generateSecret(Unknown Source) . When generating the DHKeyAgreement with DHKeyAgreement.generateSecret(byte<OSB><CSB>, int), with very low probability, the leading zero of the result shared secret might not be trimmed.
Local fix
Use DHKeyAgreement.generateSecret() to generate the shared secret.
Problem summary
The problem happens because the leading zero of the result shared secret is not trimmed by DHKeyAgreement.
Problem conclusion
This defect will be fixed in: 7.0.0 SR6 6.0.1 SR7 6.0.0 SR15 5.0.0 SR16 FP4 . A fix is made to IBMJCE to trim the leading zero of the result shared secret The associated Hursley CMVC defect is 199525 The associated Austin CMVC defect is 114527 JVMs affected: Java 5.0, Java 6.0, Java 626, and Java 7.0. The fix was delivered for Java 5.0 SR16FP4, Java 6.0 SR15, Java 626 SR7, and Java 7.0 SR6. The affected jar is "ibmjceprovider.jar". The build level of this jar for the fixed releases is "20130909"
Temporary fix
Comments
APAR Information
APAR number
IV48095
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-09-10
Closed date
2013-09-11
Last modified date
2013-09-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020