IBM Support

IV88898: PKCS12 KEYSTORE NOSUCHALGORITHMEXCEPTION DURING PKCS12KEYSTOREORACLE.ENGINELOAD

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message, as reported by customer:
    
    PKCS12 Keystore NoSuchAlgorithmException "Cannot find any
    provider supporting 1.2.840.113549.1.12.1.1" during
    PKCS12KeyStoreOracle.engineLoad
    
    Stack Trace, if applicable:
    
    java.io.IOException: failed to decrypt safe contents entry:
    java.security.NoSuchAlgorithmException: Cannot find any
    provider supporting 1.2.840.113549.1.12.1.1
     at
    com.ibm.crypto.provider.PKCS12KeyStoreOracle.engineLoad(Unknown
    Source)
     at java.security.KeyStore.load(KeyStore.java:1456)
    Caused by: java.security.NoSuchAlgorithmException: Cannot find
    any provider supporting 1.2.840.113549.1.12.1.1
     at javax.crypto.Cipher.getInstance(Unknown Source)
     ... 3 more
    
    Other Error Information, as reported by customer:
    
    N/A
    

Local fix

  • N/A
    

Problem summary

  • A PKCS12 Keystore NoSuchAlgorithmException "Cannot find any
    provider supporting 1.2.840.113549.1.12.1.1" is thrown from a
    call to Cipher.getInstance() during
    PKCS12KeyStoreOracle.engineLoad(), because it is called using a
    cipher OID string instead of a cipher transform string.
    
    
    ERROR DESCRIPTION:
    
    The customer is experiencing a PKCS12 Keystore
    NoSuchAlgorithmException "Cannot find any provider supporting
    1.2.840.113549.1.12.1.1" during PKCS12KeyStoreOracle.engineLoad.
    

Problem conclusion

  • The fix adds a set of cipher OIDs to the cipher alias lists in
    IBMJCE.java, so that the matching cipher is correctly identified
     at search time.
    
    The associated RTC PR is 117733
    The associated Austin CMVC defect is 117452
    The associated Austin APAR is IV88898
    
    JVMs affected : Java 8.0
    
    The fix was delivered for: Java 8 SR3 FP20 (fix was additionally
    applied to:  Java 7.0 SR9 FP60, 7.1 SR3 FP60, Java6.0 SR16 FP35,
    and Java 6.1 SR8 FP35)
    
    The affected jars:  ibmjceprovider.jar
    
    The build level of this jar for the affected releases is
    "20160907"
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV88898

  • Reported component name

    TIV JAVA CRYPTO

  • Reported component ID

    TIVSECJCE

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-09-01

  • Closed date

    2016-09-21

  • Last modified date

    2016-09-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV JAVA CRYPTO

  • Fixed component ID

    TIVSECJCE

Applicable component levels

  • R100 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL42","label":"JCE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
21 September 2016