APAR status
Closed as program error.
Error description
Error Message: The user experienced intermittent failures when they had IBMJCEHYBRID configured while using the AES/GCM mode of encryption. Customer failures were visible when a trace was taken using -Djavax.net.debug=true and -Djava.security.auth.debug=all. The failure was seen as a javax.crypto.ShortBufferException within the trace similar to what is listed below in the stack trace. The problem would also manifest itself occasionally with a "Bad record MAC" error being reported by JSSE. . Stack Trace: Exception#0 javax.crypto.ShortBufferException: Output buffer too short for GCM mode encryption because it must accommodate padding characters and the Authentication Tag. 4096 bytes given, 4102 bytes needed. Stack Trace: at com.ibm.crypto.hdwrCCA.provider.AESCipher.engineDoFinal(AESCiphe r.java:1343) at javax.crypto.Cipher.doFinal(Unknown Source) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:2921) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:3079) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:3079) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.engineDoFinal( HybridCipher.java:2793) at javax.crypto.CipherSpi.a(Unknown Source) at javax.crypto.CipherSpi.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(Unknown Source) ... ... Exception#1 javax.crypto.ShortBufferException: Output buffer too small Stack Trace: at com.ibm.crypto.provider.aH.a(Unknown Source) at com.ibm.crypto.provider.AESGCMCipher.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(Unknown Source) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:2921) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:3079) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:3079) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.doFinal(Hybrid Cipher.java:3079) at com.ibm.crypto.ibmjcehybrid.provider.HybridCipher.engineDoFinal( HybridCipher.java:2793) at javax.crypto.CipherSpi.a(Unknown Source) at javax.crypto.CipherSpi.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(Unknown Source) ... ... .
Local fix
Users can either remove the IBMJCEHYBRID provider from their environment or they can avoid use of the AES/GCM mode of encryption.
Problem summary
The problem occurs when the JCE framework did not adjust the size of the buffer used for GCM crypto operations correctly. This resulted in a javax.crypto.ShortBufferException being thrown.
Problem conclusion
A change has been made to the IBMJCEHYBRID provider in the IBM Java SDK such that the path that was executed in the JCE framework correctly accounted for the buffer size when executing GCM crypto operations. . This APAR will be fixed in the following Java Releases: 8 SR5 FP22 (8.0.5.22) 7 R1 SR4 FP35 (7.1.4.35) 7 SR10 FP35 (7.0.10.35) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
PH01244
Reported component name
JAVA Z/OS 64
Reported component ID
620700104
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-08-02
Closed date
2018-08-16
Last modified date
2018-09-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA Z/OS 64
Fixed component ID
620700104
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
09 August 2022