[7.x] Gracefully handle exceptions from Security Providers (#65464)#65553
Merged
jkakavas merged 1 commit intoelastic:7.xfrom Nov 26, 2020
Merged
[7.x] Gracefully handle exceptions from Security Providers (#65464)#65553jkakavas merged 1 commit intoelastic:7.xfrom
jkakavas merged 1 commit intoelastic:7.xfrom
Conversation
In certain situations, such as when configured in FIPS 140 mode, the Java security provider in use might throw a subclass of java.lang.Error. We currently do not catch these and as a result the JVM exits, shutting down elasticsearch. This commit attempts to address this by catching subclasses of Error that might be thrown for instance when a PBKDF2 implementation is used from a Security Provider in FIPS 140 mode, with the password input being less than 14 bytes (112 bits). - In our PBKDF2 family of hashers, we catch the Error and throw an ElasticsearchException while creating or verifying the hash. We throw on verification instead of simply returning false on purpose so that the message bubbles up and the cause becomes obvious (otherwise it would be indistinguishable from a wrong password). - In KeyStoreWrapper, we catch the Error in order to wrap and re-throw a GeneralSecurityException with a helpful message. This can happen when using any of the keystore CLI commands, when the node starts or when we attempt to reload secure settings. - In the `elasticsearch-users` tool, we catch the ElasticsearchException that the Hasher class re-throws and throw an appropriate UserException. Tests are missing because it's not trivial to set CI in fips approved mode right now, and thus any tests would need to be muted. There is a parallel effort in elastic#64024 to enable that and tests will be added in a followup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports the following commits to 7.x: