Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25937

"Given final block not properly padded" after deleting master.key after Java security update

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Recently core tests have started failing:

      https://jenkins.ci.cloudbees.com/job/core/job/jenkins-core-validated-merge/307/testReport/junit/jenkins.security/DefaultConfidentialStoreTest/roundtrip/

      java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded
      	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
      	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
      	at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
      	at javax.crypto.Cipher.doFinal(Cipher.java:1970)
      	at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:112)
      	at javax.crypto.CipherInputStream.read(CipherInputStream.java:233)
      	at javax.crypto.CipherInputStream.read(CipherInputStream.java:209)
      	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1792)
      	at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
      	at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
      	at org.apache.commons.io.IOUtils.toByteArray(IOUtils.java:462)
      	at jenkins.security.DefaultConfidentialStore.load(DefaultConfidentialStore.java:106)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:606)
      	at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:230)
      	at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
      	at jenkins.security.DefaultConfidentialStoreTest.roundtrip(DefaultConfidentialStoreTest.groovy:52)
      

      This is reproducible when the test is run on Java 8, but not 7. It looks like a real bug, not just a test failure; this part of the test checks what happens when master.key is deleted and recreated, which presumably is a rare event, so it is not surprising if this was never noticed by users.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/jenkins/security/DefaultConfidentialStore.java
          http://jenkins-ci.org/commit/jenkins/5ded56a8288dfcfb9e389ea85edc13cf49981a2a
          Log:
          [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue.

          (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad)

          Conflicts:
          changelog.html

          Compare: https://github.com/jenkinsci/jenkins/compare/23e0d6ad1964...5ded56a8288d

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/jenkins/security/DefaultConfidentialStore.java http://jenkins-ci.org/commit/jenkins/5ded56a8288dfcfb9e389ea85edc13cf49981a2a Log: [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad) Conflicts: changelog.html Compare: https://github.com/jenkinsci/jenkins/compare/23e0d6ad1964...5ded56a8288d
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/jenkins/security/DefaultConfidentialStore.java
          http://jenkins-ci.org/commit/jenkins/16afb73b254504d0f0f1246e34cce1fb5bd65c35
          Log:
          [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue.

          (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad)

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/jenkins/security/DefaultConfidentialStore.java http://jenkins-ci.org/commit/jenkins/16afb73b254504d0f0f1246e34cce1fb5bd65c35 Log: [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad)
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/jenkins/security/DefaultConfidentialStore.java
          http://jenkins-ci.org/commit/jenkins/16afb73b254504d0f0f1246e34cce1fb5bd65c35
          Log:
          [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue.

          (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad)

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/jenkins/security/DefaultConfidentialStore.java http://jenkins-ci.org/commit/jenkins/16afb73b254504d0f0f1246e34cce1fb5bd65c35 Log: [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (cherry picked from commit 6318b8d800abdf8b280f4e1b8ce8bf22e49242ad)
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #3989
          [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (Revision 16afb73b254504d0f0f1246e34cce1fb5bd65c35)

          Result = SUCCESS
          jesse glick : 16afb73b254504d0f0f1246e34cce1fb5bd65c35
          Files :

          • core/src/main/java/jenkins/security/DefaultConfidentialStore.java
          • changelog.html
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3989 [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (Revision 16afb73b254504d0f0f1246e34cce1fb5bd65c35) Result = SUCCESS jesse glick : 16afb73b254504d0f0f1246e34cce1fb5bd65c35 Files : core/src/main/java/jenkins/security/DefaultConfidentialStore.java changelog.html
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #4292
          [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (Revision 5ded56a8288dfcfb9e389ea85edc13cf49981a2a)

          Result = UNSTABLE
          ogondza : 5ded56a8288dfcfb9e389ea85edc13cf49981a2a
          Files :

          • core/src/main/java/jenkins/security/DefaultConfidentialStore.java
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #4292 [FIXED JENKINS-25937] Treat BadPaddingException as an unloadable key and continue. (Revision 5ded56a8288dfcfb9e389ea85edc13cf49981a2a) Result = UNSTABLE ogondza : 5ded56a8288dfcfb9e389ea85edc13cf49981a2a Files : core/src/main/java/jenkins/security/DefaultConfidentialStore.java

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: