On 01/29/2013 10:00 AM, Eli Mesika wrote:
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Eli Mesika" <emesika@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Tuesday, January 29, 2013 10:40:59 AM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Tuesday, January 29, 2013 10:33:04 AM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Eli Mesika" <emesika@redhat.com> Cc: "users" <users@ovirt.org>, "Dead Horse" <deadhorseconsulting@gmail.com> Sent: Monday, January 28, 2013 11:20:30 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Eli Mesika" <emesika@redhat.com> To: "Dead Horse" <deadhorseconsulting@gmail.com> Cc: "users" <users@ovirt.org>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, January 28, 2013 11:16:16 PM Subject: Re: [Users] engine Failed to decrypt Data error
----- Original Message -----
From: "Dead Horse" <deadhorseconsulting@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org>, "Eli Mesika" <emesika@redhat.com> Sent: Monday, January 28, 2013 11:04:53 PM Subject: Re: [Users] engine Failed to decrypt Data error
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');" option_id | option_name |
option_value
| version -----------+--------------------+----------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -----------------------------------------------------------+--------- 127 | LocalAdminPassword | KiG8670o1qXVX6omYsiCdaaXtQc/mGmr0qgLHqc8yykoRz OwbfZzU9AxBYwYrJEwyqdq8c2ZwfGVvQ1YVIfGRspKLKogl59gBnwcQuk3al1K4Vtmr2hgWDtm5FBYd5 Nac4WIly4efjMCRjwrpPVkpAX55N8tGJ9LNzX8eRszQ4iVs8zivl0eu9SVhrB8tbHkA/+U5/vss26za8 X+AV67dtDzoD7ZS0eOT1Vx9vrOGHvDYU8tANEb29Et79CJ0whLOOEeuwTpkK1yZdF3PaWRbnTwXZUsB1 hMs9NLdo2ZxZOVSIK1E2mPh1WLybgIX1YB0Ra3BZvjAR9wPZz+jdfZng== | general 7 | AdminPassword | AakmoHu69RmCWkSoVXLOv0cwzwGscXaM+HJAONRtSdECEA VL+bjc1Lis6PHR1vBwdmhITxAvo2998pTJNusvtuTCODra40MTC+9p9+Oev4jWIbkncHH8gRdIKyvHuz O6fNda50VXeWYhGNFIMavw15PlslutUWEpyNAasjEWyZ7cNyjKK2eFKNDZ3F5PCv9RcQXfXkKSveWm6M 40zUVOx1ZjCnptNUpB4VYf5vW8LOpSL5NJpfJQmu36QbBRDDo3+3XPb4ELXA4t1rbPYw9Z7hRbk5Mbtq qvOA7q4+G4nPtxHB7d6dYT2QJ58wgXUSIIoz/odvz5yVYeazIFS3Faww== | general (2 rows)
Too long , supported values for encryption should be < 127 characters
Why too long? it should be 2048 RSA key. And it is exactly 256 decoded. OK Didn't you say that practically it should be < 256 ?
The encrypted blob is exactly 256 (keysize/8). The plain text within that blob is at same length. The PKCS#5 padding that we should use (or should have used) takes at lease one byte from suffix, hence the <256, but this applies to the plain text. From the exception we see that the java crypto provider complains we provide a block >256 and key size of 2048, so there is something wrong with the buffer we pass as it must be =256 bytes.
That raises the chance of bug in the EncryptionUtils code , can you take a look ?
As the exceptions are coming from several different threads that are running in parallel I would look for a concurrency problem. In particular I would check the "Encoding" class. It seems to me that it uses the "Base64.decode(...)" method from multiple threads in an unsafe way.
On Mon, Jan 28, 2013 at 2:38 PM, Alon Bar-Lev < alonbl@redhat.com > wrote:
----- Original Message ----- > From: "Dead Horse" < deadhorseconsulting@gmail.com > > To: "Alon Bar-Lev" < alonbl@redhat.com > > Cc: "users" < users@ovirt.org >, "Eli Mesika" < > emesika@redhat.com >>
> Sent: Monday, January 28, 2013 10:35:34 PM > Subject: Re: [Users] engine Failed to decrypt Data error > > >
> was in the middle of a fresh engine setup which did not > exhibit > the > symptom. However after running: "engine-config -s > AdminPassword=interactive" and restarting the engine > service > on > the > clean setup the error message now shows up. > > - DHC > > >
OK, at least it is related to the admin password.
Please send me the output of:
psql -U engine -d engine -c "select * from vdc_options where option_name in ('LocalAdminPassword', 'AdminPassword');"
Thanks!
> > On Mon, Jan 28, 2013 at 1:55 PM, Alon Bar-Lev < > alonbl@redhat.com >> > wrote: > > > > > > ----- Original Message ----- >> From: "Dead Horse" < deadhorseconsulting@gmail.com > >> To: "Alon Bar-Lev" < alonbl@redhat.com > >> Cc: "users" < users@ovirt.org >, "Eli Mesika" < >> emesika@redhat.com >>> > >> Sent: Monday, January 28, 2013 9:46:53 PM >> Subject: Re: [Users] engine Failed to decrypt Data error >> >> >> >> > >> Current running engine build --> commit: >> 61c11aecc40e755d08b6c34c6fe1c0a07fa94de8 >> >> ran engine upgrade against the built rpms from that >> commit. >> >> >> Thus I applied it as an upgrade against prior running >> build >> --> >> commit: >> 1eb895355239bbcb7a7ceda172405f0b68f18f35 > > [Please use plain text mails in lists.] > > > Can you please patch EncryptionUtils.decrypt() with the > following, > so > I can see what source is? source is encrypted blob, should > not > be > a > problem to send it. > > if (!StringHelper.isNullOrEmpty(source.trim())) { > KeyStore store = EncryptionUtils.getKeyStore(keyFile, > passwd, > certType); > Key key = store.getKey(alias, passwd.toCharArray()); > + log.info ("DEBUG001 " + source);
> result = decrypt(source, key); > > > } > > >> >> >> >> On Mon, Jan 28, 2013 at 1:28 PM, Alon Bar-Lev < >> alonbl@redhat.com >>> >> wrote: >> >> >> How do you installed the engine? you built? >> Which exact version? >> >> >> ----- Original Message ----- >>> From: "Dead Horse" < deadhorseconsulting@gmail.com > >> >> >>> To: "Alon Bar-Lev" < alonbl@redhat.com > >>> Cc: "users" < users@ovirt.org >, "Eli Mesika" < >>> emesika@redhat.com >>>> >>> Sent: Monday, January 28, 2013 9:26:44 PM >>> Subject: Re: [Users] engine Failed to decrypt Data >>> error >>> >>> >>> Password length is 11 characters and consists of Upper, >>> Lower >>> case >>> and one special character. >>> >>> >>> >>> >>> On Mon, Jan 28, 2013 at 1:20 PM, Alon Bar-Lev < >>> alonbl@redhat.com >>>> >>> wrote: >>> >>> >>> We tried to reproduce this. >>> What password do you use? is there one with some great >>> length? >>> If not, Eli, we should send a debug patch for this. >>> >>> >>> >>> ----- Original Message ----- >>>> From: "Dead Horse" < deadhorseconsulting@gmail.com > >>>> To: "< users@ovirt.org >" < users@ovirt.org > >>>> Sent: Monday, January 28, 2013 9:16:20 PM >>>> Subject: [Users] engine Failed to decrypt Data error >>>> >>>> >>>> >>>> I see this repeating error in the engine logs quite a >>>> bit, >>>> any >>>> ideas >>>> on what causes it? >>>> >>>> >>>> 2013-01-28 13:13:40,483 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-23) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> 2013-01-28 13:13:52,747 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-81) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> 2013-01-28 13:13:52,747 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-84) Failed to decrypt >>>> Blocktype >>>> mismatch: >>>> 0 >>>> 2013-01-28 13:13:52,761 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-85) Failed to decrypt Data >>>> must >>>> start >>>> with >>>> zero >>>> 2013-01-28 13:14:00,964 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-23) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> 2013-01-28 13:14:00,964 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-20) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> 2013-01-28 13:14:02,983 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-29) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> 2013-01-28 13:14:02,983 ERROR >>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] >>>> (QuartzScheduler_Worker-34) Failed to decrypt Data >>>> must >>>> not >>>> be >>>> longer than 256 bytes >>>> >>>> >>>> - DHC >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>> >>> >> >> > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.