IBM Support

IJ52919: REUSING A PBE CIPHER INSTANCE WITHOUT PROVIDING ALGORITHMPARAMETERS THROWS INVALIDALGORITHMPARAMETEREXCEPTION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Unexpected error:
java.security.InvalidKeyException:

java.security.InvalidAlgorithmParameterException: Parameters
                missing
.
Stack Trace: Caused by:
java.security.InvalidAlgorithmParameterException:
                Parameters missing at

com.ibm.crypto.plus.provider.PBE2Cipher.engineInit(PBE2Cipher.ja
va:111)
                at

com.ibm.crypto.plus.provider.PBE2Cipher.engineInit(PBE2Cipher.ja
va:192)
.

Local fix

  • Get the AlgorithmParameters from the Cipher instance after the
first
            init call. Provide those AlgorithmParameters to the
subsequent init
            calls.

Problem summary

  • The problem is caused when an instance of a PBE2 cipher is
            initialized to encrypt and then the same instance is
initialized
            again without providing the algorithm parameters.

Problem conclusion

  • The PBE2 cipher has been corrected to use the algorithm
parameters
            provided or generated during the first
initialization of the
            instance when the same instance is initialized for
decryption and no
            algorithm parameters.
            IBMJCEPlus.jar was updated so PBE2 cipher instances
will use the
            initial algorithm parmeters during subsequent
initializations when
            those parameters are not provided by the caller The
associated
            Hursley RTC Problem Report is 151927 The associated
Austin GIT
            defect is IBMJCEPlus#716 The associated Austin APAR
is IJ52595 JVMs
            affected: Java 8.0 The fix was delivered for Java 8
sr8 fp40 The
            affected jar is "ibmjceplus.jar". The build level of
this jar for
            the affected releases is Java 8 20241017

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
   8    SR8 FP40  (8.0.8.40)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
  - IBM Semeru Runtimes, Version 11 and later
    https://www.ibm.com/semeru-runtimes/downloads/
  - IBM SDK, Java Technology Edition, Version 8
    https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
  - Java SDK Products on z/OS
    https://www.ibm.com/support/pages/java-sdk-products-zos

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ52919
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-10-25
    • 

  • Closed date
    2024-10-30
    • 

  • Last modified date
    2024-10-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 October 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback