TaylorCFrey opened a new issue, #7158: URL: https://github.com/apache/trafficcontrol/issues/7158
<!-- ************ STOP!! ************ If this issue identifies a security vulnerability, DO NOT submit it! Instead, contact the Apache Traffic Control Security Team at secur...@trafficcontrol.apache.org and follow the guidelines at https://apache.org/security regarding vulnerability disclosure. - For *SUPPORT QUESTIONS*, use the #traffic-control channel on the ASF slack (https://s.apache.org/tc-slack-request) or the Traffic Control Users mailing list (send an email to users-subscr...@trafficcontrol.apache.org to subscribe). - Before submitting, please **SEARCH GITHUB** for a similar issue or PR * https://github.com/apache/trafficcontrol/issues * https://github.com/apache/trafficcontrol/pulls --> <!-- Do not submit security vulnerabilities or support requests here - see above --> ## This Bug Report affects these Traffic Control components: <!-- delete all those that don't apply --> - Traffic Vault ## Current behavior: <!-- Describe how the bug happens --> When running the `reencrypt` utility located at `trafficcontrol/traffic_ops/app/db/reencrypt/reencrypt.go` for SSL Keys (misnomer) all versions of the SSL Keys entries are replaced by a single entry multiple times. As an example, if a delivery service has multiple "versions" of SSL Key data information, all of them are reencrypted into a single data blob for every version. Before running `reencrypt`: DeliveryServiceXMLId | Version | Data ---|---|--- sampleDS1 | latest | \xa0f3d800... sampleDS1 | 2 | \x93c7b213... sampleDS1 | 1 | \x7418e801... sampleDS2 | latest | \x48b1c9ff... sampleDS2 | 3 | \x88b7a3dd... sampleDS2 | 2 | \x1967c3b9... sampleDS2 | 1 | \x19f3a2bb... After running `reencrypt` (notice the data columns have the same value for each DS, regardless of the version): DeliveryServiceXMLId | Version | Data ---|---|--- sampleDS1 | latest | \xc4f1a823... sampleDS1 | 2 | \xc4f1a823... sampleDS1 | 1 | \xc4f1a823... sampleDS2 | latest | \xaa45b8f1... sampleDS2 | 3 | \xaa45b8f1... sampleDS2 | 2 | \xaa45b8f1... sampleDS2 | 1 | \xaa45b8f1... ## Expected behavior: <!-- Describe what the behavior would be without the bug --> Each row should be uniquely decrypted and reencrypted resulting in a different correctly encrypted _data_ for each delivery service ssl key version. ## Steps to reproduce: <!-- If the current behavior is a bug, please provide the *STEPS TO REPRODUCE* and include the applicable TC version. --> Execute the `reencrypt` utility on a Traffic Vault dump with a delivery service that has 3 or more entries (2 or more versions plus 'latest') for SSL Keys. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
