You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Hoss Man (JIRA)" <ji...@apache.org> on 2016/05/06 23:32:12 UTC
[jira] [Updated] (SOLR-9068) BadPaddingException when running SSL
test using NullSecureRandom
[ https://issues.apache.org/jira/browse/SOLR-9068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hoss Man updated SOLR-9068:
---------------------------
Description:
In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig was refactored so that both client & server would use it to prevent blocked threads waiting for entropy.
Since those commits to master & branch_6x, all Solaris jenkins builds got failures at the same spots in TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs the root cause appears to be intranode communication failures due to "javax.crypto.BadPaddingException"
Initial speculation was that perhaps the Solaris SSL impl has bugs in it's padding code that are tickled when the SecureRandom instance returns long strings of null bytes, but subsequently we got reports of similar, less frequently occuring, bugs on other OSs (see SOLR-9082).
was:
In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig was refactored so that both client & server would use it to prevent blocked threads waiting for entropy.
Since those commits to master & branch_6x, both Solaris jenkins builds have seen failures at the same spots in TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs the root cause appears to be intranode communication failures due to "javax.crypto.BadPaddingException"
Perhaps the Solaris SSL impl has bugs in it's padding code that are tickeled when the SecureRandom instance returns long strings of null bytes?
Summary: BadPaddingException when running SSL test using NullSecureRandom (was: Solaris SSL test failures when using NullSecureRandom?)
revised summary & description based on new evidence of this popping up on other operating systems (see SOLR-9082) ... although much less often then on Solaris.
I plan to rollback the conditional logic i added in my last commit and just complely replace "NullSecureRandom" with the code Uwe already beasted for me and rename it "NotSecurePsuedoRandom" (since NullSecureRandom as a name really won't apply anymore)
> BadPaddingException when running SSL test using NullSecureRandom
> ----------------------------------------------------------------
>
> Key: SOLR-9068
> URL: https://issues.apache.org/jira/browse/SOLR-9068
> Project: Solr
> Issue Type: Sub-task
> Reporter: Hoss Man
> Fix For: 4.9, master
>
> Attachments: SOLR-9068.Lucene-Solr-6.x-Solaris_110.log, SOLR-9068.Lucene-Solr-master-Solaris_558.log, SOLR-9068.patch, SOLR-9068.patch
>
>
> In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig was refactored so that both client & server would use it to prevent blocked threads waiting for entropy.
> Since those commits to master & branch_6x, all Solaris jenkins builds got failures at the same spots in TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs the root cause appears to be intranode communication failures due to "javax.crypto.BadPaddingException"
> Initial speculation was that perhaps the Solaris SSL impl has bugs in it's padding code that are tickled when the SecureRandom instance returns long strings of null bytes, but subsequently we got reports of similar, less frequently occuring, bugs on other OSs (see SOLR-9082).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org