[jboss-jira] [JBoss JIRA] (JGRP-2315) ASYNC_ENCRYPT: Race condition in cipher queue usage can cause message decryption failures

Paul Ferraro (Jira) issues at jboss.org
Thu Nov 29 12:06:00 EST 2018 

     [ https://issues.jboss.org/browse/JGRP-2315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Ferraro updated JGRP-2315:
-------------------------------
    Description: 
If a message is received that needs to be decrypted, or if a message need to be encrypted, a cipher is taken from the queue.  However, if a new coordinator concurrently sends a new secret key, it will clear and recreate the cipher queues.  If the previous operation then puts its cipher back on the queue, the queue will now contain a cipher with the old secret key.  This will result in random message decryption failures when a message encryption/decryption pulls the outdated cipher from the queue.

While this is mitigated somewhat by the caching of old cipher versions, newly joined members do not have the ability to read messages encrypted by outdated ciphers.

  was:If a message is received that needs to be decrypted, or if a message need to be encrypted, a cipher is taken from the queue.  However, if a new coordinator concurrently sends a new secret key, it will clear and recreate the cipher queues.  If the previous operation then puts its cipher back on the queue, the queue will now contain a cipher with the old secret key.  This will result in random message decryption failures when a message encryption/decryption pulls the outdated cipher from the queue.



> ASYNC_ENCRYPT: Race condition in cipher queue usage can cause message decryption failures
> -----------------------------------------------------------------------------------------
>
>                 Key: JGRP-2315
>                 URL: https://issues.jboss.org/browse/JGRP-2315
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 4.0.15
>            Reporter: Paul Ferraro
>            Assignee: Bela Ban
>            Priority: Major
>
> If a message is received that needs to be decrypted, or if a message need to be encrypted, a cipher is taken from the queue.  However, if a new coordinator concurrently sends a new secret key, it will clear and recreate the cipher queues.  If the previous operation then puts its cipher back on the queue, the queue will now contain a cipher with the old secret key.  This will result in random message decryption failures when a message encryption/decryption pulls the outdated cipher from the queue.
> While this is mitigated somewhat by the caching of old cipher versions, newly joined members do not have the ability to read messages encrypted by outdated ciphers.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list