Hi,
dCache uses bouncycastle (BC) java crypto library.
When we updated to BC version 1.5 we started to see occasional
(about 1 in 200) exceptions:
javax.crypto.BadPaddingException: pad block corrupted
when using xrdcp with gsi security against dCache xrootd server.
(secure handshake fails).
We have tracked down the problem to the padding the secret with leading
zeroes when converting number to to byte array that has been introduced
in BC based on RFC 2631 (2.1.2) specification and the use of DH_compute_key in XrdCryptosslCipher in xrdcp client.
We replaced DH_compute_key with DH_compute_key_padded calls and do not
observe the issue anymore.
DH_compute_key_padded appears in openssl in version 1.0.2h [25 Aug 2016]:
"""
*) New function DH_compute_key_padded() to compute a DH key and pad with
leading zeroes if needed: this complies with SP800-56A et al.
[Steve Henson]
"""
Are there principal objections/considerations of not using DH_compute_key_padded in XrdCryptosslCipher? (beyond compatibility issue - obviously a client implemented w/ DH_compute_key_padded would not work against server implemented w/ DH_compute_key).
If turns out there are no objections we could think of some backward-compatible way
of introducing these functions.
Thank you,
Dmitry
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
