[ https://issues.apache.org/jira/browse/SOLR-16613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden updated SOLR-16613: -------------------------------- Status: Patch Available (was: Open) > CryptoKeys should handle RSA padding for OpenJ9 > ----------------------------------------------- > > Key: SOLR-16613 > URL: https://issues.apache.org/jira/browse/SOLR-16613 > Project: Solr > Issue Type: Task > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Kevin Risden > Assignee: Kevin Risden > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test > failures on openj9 that are related to > https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6 > OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of > the key. This causes bad padding exceptions. One example being: > {code:java} > FAILED: org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair > Error Message: > org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA > private key operation failed > Stack Trace: > org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA > private key operation failed > at > __randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0) > at > app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308) > at > app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47) > at > app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32) > {code} > The code previously took the given input byte array and just tried to encrypt > it. For OpenJDK, this works since the input byte array is expanded out to the > size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits > would be a 256 byte array. In OpenJ9, the input byte array must be the same > size as the key size in bytes. I think this is a limitation of using > NoPadding for the algorithm here. The fix is to ensure the byte array is > always the size of the key size in bytes. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org