"Input length must be multiple of 16 when decrypting with padded cipher" error when trying to log into our Private Cloud - Forum - Rollbase - Progress Community

"Input length must be multiple of 16 when decrypting with padded cipher" error when trying to log into our Private Cloud

 Forum

"Input length must be multiple of 16 when decrypting with padded cipher" error when trying to log into our Private Cloud

This question is not answered

We had previously been running fine behind Apache 2.2 redirecting to tomcat 7 and Rollbase under http.


We changed the configuration to run SSL and were able to access the pages via https but when I try to log in I get the error but am not sure if it's something in Rollbase I need to adjust or something with our Apache configuration.

Our SSL is being accomplished by a "Rewrite" of the http URLs to https and then a "proxypass" to our AJP connector.

Any suggestions about what may be the issue?  Thanks everyone!

All Replies
  • Hi Jbeisch,

    Can you try using Apache's Base64 for encoding/decoding?

    Hope this will help.

    Thanks,

    Orchid

  • Orchid, sorry if I'm not understanding but is this a setting in Rollbase or Apache?

  • Hi Jbeisch,

    This is not something to do with Rollbase settings but we still tried to address this issue.

    Found something similar to your issue and hope this may help, please refer on the link below.

    stackoverflow.com/.../illegal-block-size-exception-input-length-must-be-multiple-of-16-when-decrypting

    Thanks,

    Orchid

  • I actually had reviewed that link and many like it yesterday but they all point to changing the code which I take to mean Rollbase to use the lib.  That's something I cannot change, either Apache or Rollbase as far as I know.  I did drop this the commons-codec lib file into Rollbase's lib directory as there's no mention of putting the lib into Apache.  Not sure where to go next though.  Is there something I can change in Rollbase to get it to use the Base64 library?

  • In the main.log I see this so maybe it's Tomcat that's the one which can be adjusted:

    [2014-07-01 13:49:21,443] ===> Error in thread ajp-bio-8009-exec-8 at 07/01/2014 01:49 PM

    [2014-07-01 13:49:21,444] javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

           at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:750)

           at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

           at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

           at javax.crypto.Cipher.doFinal(Cipher.java:1922)

           at com.rb.util.system.a158.decryptNew(a158.java:107)

           at com.rb.util.system.a158.decrypt(a158.java:92)

           at p4.LoginController.login(LoginController.java:51)

           at com.rb.core.logics.servlet.LoginServlet.doGet(LoginServlet.java:53)

           at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

           at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)

           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

           at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

           at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)

           at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

           at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)

           at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

           at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

           at java.lang.Thread.run(Thread.java:744)

  • Yes most probably it was tomcat.

    Just in case it is not yet fixed, please send us the steps to replicate on how you adjust your configuration to help us investigate further.

    Thanks,

    Orchid

  • I cannot find a way to tell Tomcat to pad or unpad the encryption unless Tomcat is told to do SSL.  From our configuration and reading we should not have to have Tomcat do any SSL as Apache has is handling all that.  Can you convert this into a case so I can send you our httpd.conf, ssl.com, workers.properties, and Tomcat's server.xml and index.html to see how we have this setup?

  • Hi Jeff,

    Here is a link where you can file/find support cases, there you can attach file(s) for further investigation.

    progresslink.progress.com/.../Default.aspx

    Let me know if you have any concerns, so I can help.

    Regards,

    Orchid

  • Orchid, my apologies, I thought you worked for a "progress" company like a former Rollbase Philippines guy seems now and that's why I asked you to convert the thread.  A coworker of min already did that.  Thanks for your input!