IBM Support

IV25925: SVT:ZOS:PKCS11:EXCEPTION WHILE USING /ECB/PKCS5PADDING

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: Test Cipher.transformation
    (Blowfish/CBC/PKCS5Padding):
    javax.crypto.NoSuchPaddingException: Padding: PKCS5Padding can
    not be verified for use. Use Pad instead.
            at
    com.ibm.crypto.pkcs11impl.provider.MechanismBuilderImpl.setPaddi
    ng(MechanismBuilder.java:159)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineSet
    Padding(GeneralPKCS11Cipher.java:126)
            at javax.crypto.Cipher$a_.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at blowfish_bala.test(blowfish_bala.java:61)
            at blowfish_bala.main(blowfish_bala.java:175)
    The exception messages should state: No such algorithm
    Blowfish/CBC/PKCS5Padding
    Test Cipher.transformation (Blowfish/CBC/NoPadding):
    com.ibm.pkcs11.PKCS11Exception: Mechanism parameter is invalid
            at
    com.ibm.pkcs11.nat.NativePKCS11Session.encryptInit(Native
    Method)
            at
    com.ibm.crypto.pkcs11impl.provider.Session.encryptInit(Session.j
    ava:290)
            at
    com.ibm.crypto.pkcs11impl.provider.PKCS11Cipher.engineInit(PKCS1
    1Cipher.java:149)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineIni
    t(GeneralPKCS11Cipher.java:423)
            at
    com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11Cipher.engineIni
    t(GeneralPKCS11Cipher.java:460)
            at javax.crypto.Cipher.init(Unknown Source)
            at javax.crypto.Cipher.init(Unknown Source)
            at blowfish_bala.test(blowfish_bala.java:71)
            at blowfish_bala.main(blowfish_bala.java:175)
    .
    Stack Trace: N/A
    .
    

Local fix

  • Mode and padding specifications are not applicable to "stream"
    ciphers and should not be used.
    

Problem summary

  • The customer was experiencing several unusual errors while
    attempting to supply the IBMPKCS11Impl security provider with a
    cipher transformation string which included a "stream" cipher,
    and a mode and padding specification.
    

Problem conclusion

  • This defect will be fixed in:
    5.0.0 SR14
    6.0.0 SR11
    7.0.0 SR2
    .
    Mode and padding specifications are not applicable to "stream"
    ciphers and should not be used.
    Defensive logic has been added to the IBMPKCS11Impl provider to
    report this user error more clearly.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV25925

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-08-09

  • Closed date

    2012-08-09

  • Last modified date

    2012-08-09

  • APAR is sysrouted FROM one or more of the following:

    IV25924

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R600 PSY

       UP

  • R260 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 6.0

Reference #: IV25925

Modified date: 09 August 2012