Change in ovirt-engine[ovirt-engine-3.5]: utils: allow spaces within encrypted fields

tnisan at redhat.com tnisan at redhat.com
Tue Sep 8 09:53:31 UTC 2015 

Tal Nisan has submitted this change and it was merged.

Change subject: utils: allow spaces within encrypted fields
......................................................................


utils: allow spaces within encrypted fields

Ever since 3.0 (probably even before) the encryption of database fields
that was used is invalid, it uses RSA to encrypt blobs instead of using
ciphers within envelope.

It also stores null and empty strings as plain, and to make it even
better it trims spaces out of the input for some reason.

To conclude security... if decryption fails it falls back to use the
blob as plain text.

This logic was untouched, under the hope that we slowly remove usages of
it.

AAA does not use it any more, we should remove all.

For now, we remove the trim() as if the password of trim() actually
works so far it will keep working, new passwords with leading/trailing
spaces will be rejected.

The risk is if for some reason we have " "* in database field it will be
rejected as valid password, fixing it will be re-set password by user to
empty one.

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1258867
Change-Id: I2ca15519ec245efd82e71f2ec39abd4ca1fe81c2
Signed-off-by: Alon Bar-Lev <alonbl at redhat.com>
---
M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/crypt/EngineEncryptionUtils.java
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Alon Bar-Lev: Verified
  Jenkins CI: Passed CI tests
  Moti Asayag: Looks good to me, approved



-- 
To view, visit https://gerrit.ovirt.org/45818
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2ca15519ec245efd82e71f2ec39abd4ca1fe81c2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Moti Asayag <masayag at redhat.com>
Gerrit-Reviewer: Tal Nisan <tnisan at redhat.com>
Gerrit-Reviewer: automation at ovirt.org

More information about the Engine-commits mailing list