cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wido den Hollander (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (CLOUDSTACK-2039) Improve console access security with 128-bit AES encryption and securely-randomized key generation
Date Wed, 15 May 2013 18:17:16 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Wido den Hollander reopened CLOUDSTACK-2039:
--------------------------------------------


I think I encountered a bug with this.

My management server is 4.1 and my Console Proxy as well. The problem is that when I try to
open a Console session I get this in my systemvm.log:

2013-05-15 12:05:21,908 ERROR [cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor] (Thread-43:)
Unexpected exception
javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at com.cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor.decryptText(ConsoleProxyPasswordBasedEncryptor.java:97)
        at com.cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor.decryptObject(ConsoleProxyPasswordBasedEncryptor.java:129)
        at com.cloud.consoleproxy.ConsoleProxyHttpHandlerHelper.getQueryMap(ConsoleProxyHttpHandlerHelper.java:53)
        at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:69)
        at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:47)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
        at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
        at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
        at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:525)
        at java.lang.Thread.run(Thread.java:662)
2013-05-15 12:05:21,910 WARN  [cloud.consoleproxy.ConsoleProxyAjaxHandler] (Thread-43:) Exception,
java.lang.IllegalArgumentException
        at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:90)
        at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:47)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
        at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
        at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
        at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:525)
        at java.lang.Thread.run(Thread.java:662)

Line 97 is:
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));

That throws a "BadPaddingException: Given final block not properly padded"

I'm not so familiar with this, so any ideas what this could be?
                
> Improve console access security with 128-bit AES encryption and securely-randomized key
generation
> --------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2039
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2039
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.1.0, 4.2.0
>            Reporter: Kelven Yang
>            Assignee: Kelven Yang
>             Fix For: 4.1.0, 4.2.0
>
>
> Improve console access security with 128-bit AES encryption and securely-randomized key
generation

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message