[jira] [Updated] (SOLR-16613) CryptoKeys should handle RSA padding for OpenJ9

Tue, 10 Jan 2023 08:53:08 -0800 


     [ 
https://issues.apache.org/jira/browse/SOLR-16613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden updated SOLR-16613:
--------------------------------
    Fix Version/s: main (10.0)

> CryptoKeys should handle RSA padding for OpenJ9
> -----------------------------------------------
>
>                 Key: SOLR-16613
>                 URL: https://issues.apache.org/jira/browse/SOLR-16613
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: main (10.0)
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test 
> failures on openj9 that are related to 
> https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
> OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of 
> the key. This causes bad padding exceptions. One example being:
> {code:java}
> FAILED:  org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair
> Error Message:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA 
> private key operation failed
> Stack Trace:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA 
> private key operation failed
>         at 
> __randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0)
>         at 
> app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308)
>         at 
> app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47)
>         at 
> app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
> {code}
> The code previously took the given input byte array and just tried to encrypt 
> it. For OpenJDK, this works since the input byte array is expanded out to the 
> size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits 
> would be a 256 byte array. In OpenJ9, the input byte array must be the same 
> size as the key size in bytes. I think this is a limitation of using 
> NoPadding for the algorithm here. The fix is to ensure the byte array is 
> always the size of the key size in bytes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to