Details
-
Task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test failures on openj9 that are related to https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of the key. This causes bad padding exceptions. One example being:
FAILED: org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair Error Message: org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed Stack Trace: org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed at __randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0) at app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308) at app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47) at app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
The code previously took the given input byte array and just tried to encrypt it. For OpenJDK, this works since the input byte array is expanded out to the size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits would be a 256 byte array. In OpenJ9, the input byte array must be the same size as the key size in bytes. I think this is a limitation of using NoPadding for the algorithm here. The fix is to ensure the byte array is always the size of the key size in bytes.
Attachments
Issue Links
- relates to
-
SOLR-7849 Secure Inter-node communication in a standard mechanism
-
- Closed
-
-
SOLR-14223 PublicKeyHandler consumes a lot of entropy during tests
-
- Closed
-
- links to
