Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix padding issue when decrypting OVN provider password #683

Merged
merged 2 commits into from
Sep 27, 2022
Merged

Fix padding issue when decrypting OVN provider password #683

merged 2 commits into from
Sep 27, 2022

Conversation

mwperina
Copy link
Member

We have added new encryption/decryption method for OVN provider password
as a part of #677
Unfortunately there was an error during password decryptio due to the
implementation differencies between Python and OpenJDK.

Signed-off-by: Martin Perina mperina@redhat.com

@mwperina
Fix padding issue when decrypting OVN provider password
21d2d8d 
We have added new encryption/decryption method for OVN provider password
as a part of oVirt#677
Unfortunately there was an error during password decryptio due to the
implementation differencies between Python and OpenJDK.

Signed-off-by: Martin Perina <mperina@redhat.com>
@mwperina mwperina requested review from tinez, erav and mz-pdm and removed request for smelamud, bennyz, didib, emesika, sgratch, oliel and ljelinkova September 27, 2022 13:59
@mwperina
Copy link
Member Author

/ost

This was referenced Sep 27, 2022
Closed
Closed
@almusil
Copy link
Member

almusil commented Sep 27, 2022

Don't we still need the change in ovirtproviderovn.py? Shouldn't it store the password with the $ since this change?

@michalskrivanek
Copy link
Member

Don't we still need the change in ovirtproviderovn.py? Shouldn't it store the password with the $ since this change?

that's been merged already:)

mz-pdm
mz-pdm reviewed Sep 27, 2022
View reviewed changes
Copy link
Member

@mz-pdm mz-pdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, AFAICT, except for the typo in the source comment.

...ger/modules/utils/src/main/java/org/ovirt/engine/core/utils/crypt/EngineEncryptionUtils.java Outdated
if (newCipher) {
cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
// By default Oracle standard security provider uses MFG1 instantiated with SHA-1, SHA-256 is used only
// ti has the label, so we need to enforce using SHA-256
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"ti"?

@almusil
Copy link
Member

almusil commented Sep 27, 2022

Don't we still need the change in ovirtproviderovn.py? Shouldn't it store the password with the $ since this change?

that's been merged already:)

Ah nevermind then :)

@michalskrivanek
Copy link
Member

verified no more provider errors in engine.log

@michalskrivanek
Copy link
Member

tested on el9 with oVirt/ovirt-system-tests#279

@michalskrivanek michalskrivanek merged commit 891d72b into oVirt:master Sep 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mz-pdm mz-pdm mz-pdm approved these changes

@michalskrivanek michalskrivanek michalskrivanek approved these changes

@ahadas ahadas Awaiting requested review from ahadas ahadas is a code owner

@tinez tinez Awaiting requested review from tinez

@erav erav Awaiting requested review from erav

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mwperina @almusil @michalskrivanek @mz-pdm