Closed Bug 810491 Opened 12 years ago Closed 3 years ago

NSS 3.14: No such algorithm: AES/GCM/NoPadding

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ilya_sokolov, Assigned: glenbeasley)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Steps to reproduce: I'm trying to use NSS as JCE provider (PKCS#11) According to NSS 3.14 release notes AES-GCM is supported, but library returns "no such algorithm" exception when attempted to use. Actual results: Caused by: org.apache.xml.security.encryption.XMLEncryptionException: No such algorithm: AES/GCM/NoPadding at org.apache.xml.security.encryption.XMLCipher.constructCipher(XMLCipher.java:1559) ~[xmlsec-1.5.2.jar:1.5.2] at org.apache.xml.security.encryption.XMLCipher.<init>(XMLCipher.java:320) ~[xmlsec-1.5.2.jar:1.5.2] at org.apache.xml.security.encryption.XMLCipher.getProviderInstance(XMLCipher.java:465) ~[xmlsec-1.5.2.jar:1.5.2] at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:439) ~[xmltooling-1.3.4.jar:na] ... 73 common frames omitted Caused by: java.security.NoSuchAlgorithmException: No such algorithm: AES/GCM/NoPadding at javax.crypto.Cipher.getInstance(Cipher.java:589) ~[na:1.6.0_24] at javax.crypto.Cipher.getInstance(Cipher.java:510) ~[na:1.6.0_24] at org.apache.xml.security.encryption.XMLCipher.constructCipher(XMLCipher.java:1541) ~[xmlsec-1.5.2.jar:1.5.2] ... 76 common frames omitted Expected results: Encryption should work. The same exception is for AES/CBC/ISO10126Padding Not sure if it supported thou
Moving this to the JSS package, rather than NSS. While NSS supports PKCS#11, you will likely want to use a JCE provider that knows how to recognize this. According to http://download.java.net/jdk8/docs/technotes/guides/security/p11guide.html#ALG , the SunPKCS11Provider does NOT recognize CKM_AES_GCM (or AES/CBC/[any other padding]) The JSS provider is likely your better bet, and that's a JSS issue.
Assignee: nobody → glenbeasley
Component: Libraries → Library
Product: NSS → JSS
Version: 3.14 → unspecified
JSS development has moved from the Mozilla community to the Dogtag PKI community. Please re-file this bug at https://github.com/dogtagpki/jss if it is still relevant. Thank you!
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.