IV25919: SVT:ZOS:PKCS11:EXCEPTION WHILE USING /ECB/PKCS5PADDING

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: Test Cipher.transformation
    (Blowfish/CBC/PKCS5Padding):
    javax.crypto.NoSuchPaddingException: Padding: PKCS5Padding can
    not be verified for use. Use Pad instead.
            at
    com.ibm.crypto.pkcs11impl.provider.MechanismBuilderImpl.setPaddi
    ng(MechanismBuilder.java:159)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineSet
    Padding(GeneralPKCS11Cipher.java:126)
            at javax.crypto.Cipher$a_.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at blowfish_bala.test(blowfish_bala.java:61)
            at blowfish_bala.main(blowfish_bala.java:175)
    The exception messages should state: No such algorithm
    Blowfish/CBC/PKCS5Padding
    Test Cipher.transformation (Blowfish/CBC/NoPadding):
    com.ibm.pkcs11.PKCS11Exception: Mechanism parameter is invalid
            at
    com.ibm.pkcs11.nat.NativePKCS11Session.encryptInit(Native
    Method)
            at
    com.ibm.crypto.pkcs11impl.provider.Session.encryptInit(Session.j
    ava:290)
            at
    com.ibm.crypto.pkcs11impl.provider.PKCS11Cipher.engineInit(PKCS1
    1Cipher.java:149)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineIni
    t(GeneralPKCS11Cipher.java:423)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineIni
    t(GeneralPKCS11Cipher.java:460)
            at javax.crypto.Cipher.init(Unknown Source)
            at javax.crypto.Cipher.init(Unknown Source)
            at blowfish_bala.test(blowfish_bala.java:71)
            at blowfish_bala.main(blowfish_bala.java:175)
    .
    Stack Trace: N/A
    .
    

Local fix

  • Mode and padding specifications are not applicable to "stream"
    ciphers and should not be used.
    

Problem summary

  • The customer was experiencing several unusual errors while
    attempting to supply the IBMPKCS11Impl security provider with a
    cipher transformation string which included a "stream" cipher,
    and a mode and padding specification.
    

Problem conclusion

  • This defect will be fixed in:
    5.0.0 SR14
    6.0.0 SR11
    7.0.0 SR2
    .
    Mode and padding specifications are not applicable to "stream"
    ciphers and should not be used.
    Defensive logic has been added to the IBMPKCS11Impl provider to
    report this user error more clearly.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV25919

  • Reported component name

    JAVA 5 SECURITY

  • Reported component ID

    620500125

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-08-09

  • Closed date

    2012-08-09

  • Last modified date

    2012-08-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IV25920

Fix information

  • Fixed component name

    JAVA 5 SECURITY

  • Fixed component ID

    620500125

Applicable component levels

  • R500 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Runtimes for Java Technology
Security

Software version:

5.0

Reference #:

IV25919

Modified date:

2012-08-09

Translate my page

Machine Translation

Content navigation