IBM Support

IV70544: CIPHERSPI CALLED ENGINEUPDATE() WHICH IS NOT SUPPORTED FOR AES/G CM

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Error Message: engineUpdate not supported for AES/GCM; only
    engineDoFinal is supported
    .
    Stack Trace: at
    com.ibm.crypto.provider.AESGCMCipherInHardware.engineUpdate(Unkn
    own Source)at javax.crypto.CipherSpi.a(Unknown Source)at
    javax.crypto.CipherSpi.engineDoFinal(Unknown Source)at
    javax.crypto.Cipher.doFinal(Unknown Source)
    .
    

Local fix

  • Use ByteBuffer which was backed by an accessible byte array.
    

Problem summary

  • The problem happens when AES/GCM cipher doFinal(ByteBuffer,
    ByteBuffer) was used with large ByteBuffer which is not backed
    by an accessible byte array.
    

Problem conclusion

  • A fix is made to JCE frameworkThe associated Hursley RTC Problem
    Report is 85846The associated Austin CMVC defect is 116422JVMs
    affected: Java 7.0, Java 727 and Java 8The fix was delivered for
    Java 7.0 SR9, Java 727 SR3 Java 8 SR1The affected jar is
    "ibmjcefw.jar".The build level of this jar for the affected
    releases is "20150302"
    .
    This APAR will be fixed in the following Java Releases:
       8    SR1       (8.0.1.0)
       7 R1 SR3       (7.1.3.0)
       7    SR9       (7.0.9.0)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, information about the Service
    Refreshes and Fix Packs can be found at:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV70544

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    270

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-03-04

  • Closed date

    2015-03-04

  • Last modified date

    2015-03-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R270 PSY

       UP

  • R260 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 270

Reference #: IV70544

Modified date: 04 March 2015