Intermittent RSA block problems

psearls55 · July 16th, 2007, 04:28 PM

I am encrypting values using 1024 bit RSA encryption using the bouncycastle provider. Both the encryption and decryption of data is working correctly, however, intermittently in our application server(WebSphere 6.0.2) I start getting "too much data for RSA block" errors when attempting to decrypt an encrypted value. I put in a trap for the error so that the data being decrypted would be dumped to the log. The data is a valid 128 byte string and when I copy and paste it into a stand-alone Test program it decrypts the value without a problem. We have clustered application servers and this problem is only occurring on one of the two servers. We recycle the application server and the problem will go away for 24 hours or so and then reappear.

Has anyone experienced anything like this? My hunch is that something else is corrupting the JVM in the application server which in turn is corrupting the Cipher used for the decryption. The Cipher is established in a Singleton which is called statically to decrypt the data.

Any help would be appreciated.

Peter Searls
Sr. Programmer Analyst
Holland America Line
206.298.5120

dgh · July 16th, 2007, 07:14 PM

It sounds like a synchronization issue. Cipher classes are not thread safe, are there any assumptions in the code that they could be?

Regards,

David

psearls55 · July 16th, 2007, 08:25 PM

Quote:

quote:Originally posted by dgh
It sounds like a synchronization issue. Cipher classes are not thread safe, are there any assumptions in the code that they could be?

Regards,

David

Hi David,

Good thought, we did make an assumption that the doFinal() was thread safe. It is the only method on the Cipher that is called to decode the data. But that still wouldn't account for the fact that this ran for almost 4 weeks without problem and now shows up infrequently and only on one server.

Pete

Peter Searls
Sr. Programmer Analyst
Holland America Line
206.298.5120

dgh · July 16th, 2007, 08:55 PM

doFinal is not thread safe - a thread can be interrupted while it's inside it, if this happens when the internal buffer has already been loaded, the next attempt will cause the exception.

Try fixing that first and see how it goes.

Regards,

David

psearls55 · July 16th, 2007, 09:15 PM

Quote:

quote:Originally posted by dgh
doFinal is not thread safe - a thread can be interrupted while it's inside it, if this happens when the internal buffer has already been loaded, the next attempt will cause the exception.

Try fixing that first and see how it goes.

Regards,

David

Thanks David I will give it a shot and see what happens. I'll post the results one way or the other.

Peter Searls
Sr. Programmer Analyst
Holland America Line
206.298.5120

psearls55 · July 17th, 2007, 07:54 PM

Quote:

quote:Originally posted by psearls55

Quote:

quote:Originally posted by dgh

Quote:

doFinal is not thread safe - a thread can be interrupted while it's inside it, if this happens when the internal buffer has already been loaded, the next attempt will cause the exception.

Try fixing that first and see how it goes.

Regards,

David

Hi David,

I was able to run concurrent threads in test mode and force the RSA error to occur. Then when I added synchronization around the doFinal() on the Cipher the errors went away. Thanks for the help.

Thanks David I will give it a shot and see what happens. I'll post the results one way or the other.

Peter Searls
Sr. Programmer Analyst
Holland America Line
206.298.5120

Peter Searls
Sr. Programmer Analyst
Holland America Line
206.298.5120