You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/01/10 16:53:00 UTC

[jira] [Commented] (SOLR-16613) CryptoKeys should handle RSA padding for OpenJ9

    [ https://issues.apache.org/jira/browse/SOLR-16613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17656709#comment-17656709 ] 

ASF subversion and git services commented on SOLR-16613:
--------------------------------------------------------

Commit 248dc3c354269e49fce556906b7505164ab9f065 in solr's branch refs/heads/main from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=248dc3c3542 ]

SOLR-16613: CryptoKeys should handle RSA padding for OpenJ9 (#1279)



> CryptoKeys should handle RSA padding for OpenJ9
> -----------------------------------------------
>
>                 Key: SOLR-16613
>                 URL: https://issues.apache.org/jira/browse/SOLR-16613
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test failures on openj9 that are related to https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
> OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of the key. This causes bad padding exceptions. One example being:
> {code:java}
> FAILED:  org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair
> Error Message:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed
> Stack Trace:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed
>         at __randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0)
>         at app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308)
>         at app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47)
>         at app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
> {code}
> The code previously took the given input byte array and just tried to encrypt it. For OpenJDK, this works since the input byte array is expanded out to the size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits would be a 256 byte array. In OpenJ9, the input byte array must be the same size as the key size in bytes. I think this is a limitation of using NoPadding for the algorithm here. The fix is to ensure the byte array is always the size of the key size in bytes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org