IJ10491: AES/GCM CIPHER - AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )
Closed as program error.
Error Message: N/A . Stack Trace: N/A . When the same AES/GCM cipher object is used to perform both the encryption and the decryption of a piece of data, the customer observed that if an AAD value with length=0 is supplied for decryption, then the decryption operation would unexpectedly succeed.
The IBMJCE provider code was failing to reset the AAD value to its uninitialized state within the AES/GCM cipher object state during init( ) processing and doFinal( ) processing, as dictated by the Cipher javadocs. The Cipher framework updateAAD( ) method discards any AAD values with length=0. Therefore, the AAD value supplied to the AES/GCM cipher object for decryption was being discarded, and the AAD value that had been supplied for encryption was retained and was reused for decryption.
The AES/GCM cipher code of the IBMPKCS11Impl provider has been modified to set the AAD value within the cipher object to its uninitialized state during init( ) and doFinal( ) processing. The GIT issue associated with this change is #1. The RTC Problem report associated with this change is 139433. The affected IBM JVM's are: 70sr10fp35, 7.1sr4fp35, and 80sr5fp25 The affected jar file is ibmjceprovider.jar. The build level of the updated IBMJCE70 jar file is: build-169 The build level of the updated IBMJCE80 jar file is: build-170 . This APAR will be fixed in the following Java Releases: 8 SR5 FP25 (18.104.22.168) 7 SR10 FP35 (22.214.171.124) 7 R1 SR4 FP35 (126.96.36.199) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID