Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9609

Change hard-coded keysize from 512 to 1024

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.4, 7.0
    • Component/s: None
    • Security Level: Public (Default Security Level. Issues are Public)
    • Labels:
      None

      Description

      In order to configure our dataSource without requiring a plaintext password in the configuration file, we extended JdbcDataSource to create our own custom implementation. Our dataSource config now looks something like this:

      <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser" password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
      

      We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the password. However, this seems to cause an issue when we try use Solr in a Cloud Configuration (using Zookeeper). The error is "Strong key gen and multiprime gen require at least 1024-bit keysize." Full log attached.

      This seems to be due to the hard-coded value of 512 in the org.apache.solr.util.CryptoKeys$RSAKeyPair class:

      public RSAKeyPair() {
        KeyPairGenerator keyGen = null;
        try {
          keyGen = KeyPairGenerator.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
          throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
        }
        keyGen.initialize(512);
      

      I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it, and now everything seems to work great.

        Attachments

        1. SOLR-9609.patch
          2 kB
          Erick Erickson
        2. SOLR-9609.patch
          6 kB
          Erick Erickson
        3. SOLR-9609.patch
          0.7 kB
          Erick Erickson
        4. SOLR-9609.patch
          0.7 kB
          Jeremy Martini
        5. solr.log
          10 kB
          Jeremy Martini

          Activity

            People

            • Assignee:
              erickerickson Erick Erickson
              Reporter:
              jpm290 Jeremy Martini
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: