Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1417207 - Engine core dumps when using ssl
Summary: Engine core dumps when using ssl
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Backend.Core
Version: future
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ovirt-4.1.0-rc
: ---
Assignee: Martin Perina
QA Contact: Jiri Belka
URL:
Whiteboard:
Depends On: 1415137
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-27 14:25 UTC by Piotr Kliczewski
Modified: 2019-04-28 08:36 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-15 14:58:56 UTC
oVirt Team: Infra
Embargoed:
rule-engine: ovirt-4.1+


Attachments (Terms of Use)

Description Piotr Kliczewski 2017-01-27 14:25:57 UTC
On my fedora 24 I am using the latest updates:

Name        : java-1.8.0-openjdk
Arch        : x86_64
Epoch       : 1
Version     : 1.8.0.111
Release     : 5.b16.fc24

and

Name        : nss
Arch        : x86_64
Epoch       : 0
Version     : 3.28.1
Release     : 1.3.fc24

When I built the engine from master today I saw that the engine core dumped every
time I tried to login. I followed suggestion to update java.security

from
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

to
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH

This fixed sso but I saw core dump during host add:

2017-01-27 14:14:01,756+01 INFO
[org.apache.sshd.common.util.SecurityUtils] (default task-58)
BouncyCastle not registered, using the default JCE provider
2017-01-27 14:14:01,870+01 INFO
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[26c9f7da]-nio2-thread-1) Client session created
2017-01-27 14:14:01,885+01 INFO
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[26c9f7da]-nio2-thread-1) Server version string:
SSH-2.0-OpenSSH_7.2
2017-01-27 14:14:01,886+01 INFO
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: server->client
aes128-ctr hmac-sha2-256 none
2017-01-27 14:14:01,886+01 INFO
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: client->server
aes128-ctr hmac-sha2-256 none
2017-01-27 14:14:01,896+01 WARN
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[26c9f7da]-nio2-thread-1) Exception caught:
java.security.ProviderException: java.lang.NegativeArraySizeException
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
[rt.jar:1.8.0_111]
at org.apache.sshd.common.kex.ECDH.getE(ECDH.java:59)
at org.apache.sshd.client.kex.AbstractDHGClient.init(AbstractDHGClient.java:78)
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:359)
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) [rt.jar:1.8.0_111]
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
[rt.jar:1.8.0_111]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
[rt.jar:1.8.0_111]
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
[rt.jar:1.8.0_111]
at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
[rt.jar:1.8.0_111]
at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53)
at org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]
at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
[rt.jar:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
Caused by: java.lang.NegativeArraySizeException
at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
... 32 more

downgrading java did not help and I was not able to downgrade nss due to conflicts.

Comment 1 Martin Perina 2017-01-28 06:11:07 UTC
According to email thread the issue was cause by the bug in OpenJDK tracked by BZ1415137. As it's have been solved and JDK fix has been posted to stable F24 repositories, moving this to ON_QA.

Comment 2 Piotr Kliczewski 2017-01-28 18:43:12 UTC
Newer version of jdk (java-1.8.0-openjdk to 1:1.8.0.121-1.b14.fc24) from updates-testing fixes the issue.

Comment 3 Jiri Belka 2017-02-01 10:53:17 UTC
ok, works fine

# grep ^jdk.tls.disabledAlgo /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc24.x86_64/jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH

# rpm -q ovirt-engine-backend
ovirt-engine-backend-4.1.1-0.0.master.20170131101233.gitf71669f.fc24.noarch

# rpm -q java-1.8.0-openjdk
java-1.8.0-openjdk-1.8.0.121-1.b14.fc24.x86_64


Note You need to log in before you can comment on or make changes to this bug.