APAR status
Closed as program error.
Error description
Error Message: When creating an AES AlgorithmParamaters object, purposely initializing it with an 8 byte initialization vector, the PKCS11Impl provider does not detect it as an exception. Creating and initializing the same object with either the IBMJCE provider or the IBMJCECCA provider, each provider throws an exception. . Stack Trace: N/A . N/A
Local fix
N/A
Problem summary
IBMPKCS11Impl doesn't check the IV length when creating AlgorithmParameters
Problem conclusion
The fix is to add the IV length check for different algorithms when creating AlgorithmParameters.The associated RTC PR is 78936The associated Austin CMVC defect is 116252The associated Hursley CMVC defect is 202665JVMs affected : Java 5.0, Java 6.0, Java 6.1, Java 7.0, Java 7.1 and Java 8.0The fix was delivered for Java 5.0 SR16FP10, Java 6.0 SR16FP4, Java 6.1 SR8FP4, Java 7.0 SR9, Java 7.1 SR3 and Java 8.0 SR1The affected jar is "ibmpkcs11impl.jar".The build level of this jar for the affected releases is "20150113" . This APAR will be fixed in the following Java Releases: 7 SR9 (7.0.9.0) 5.0 SR16 FP10 (5.0.16.10) 7 R1 SR3 (7.1.3.0) 6 SR16 FP4 (6.0.16.4) 6 R1 SR8 FP4 (6.1.8.4) 8 SR1 (8.0.1.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV68818
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-01-21
Closed date
2015-01-21
Last modified date
2015-03-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020