Commits July 2017

commits@lists.kronosnet.org

1 participants
11 discussions

[fabbione/kronosnet] f96d17: [nsscrypto] Refactor symmetric key importing

by GitHub

Branch: refs/heads/master Home: https://github.com/fabbione/kronosnet Commit: f96d170e28ac12717d834fe7bd45c223bf22c443 https://github.com/fabbione/kronosnet/commit/f96d170e28ac12717d834fe7bd45c2… Author: Jan Friesse <jfriesse(a)redhat.com> Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M libknet/nsscrypto.c Log Message: ----------- [nsscrypto] Refactor symmetric key importing Signed-off-by: Jan Friesse <jfriesse(a)redhat.com> Commit: fb5a4b41a3a4738f2b9957d826ced80a662eb4f3 https://github.com/fabbione/kronosnet/commit/fb5a4b41a3a4738f2b9957d826ced8… Author: Jan Friesse <jfriesse(a)redhat.com> Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M libknet/nsscrypto.c Log Message: ----------- [nsscrypto] Use different method to import key PK11_ImportSymKey doesn't work when FIPS is enabled because NSS is targeting to FIPS Level 2 where loading of unencrypted symmetric key is prohibited. FIPS Level 2 is hard to achieve without breaking compatibility so patch implements "workaround" to make NSS behave like FIPS Level 1 (where is allowed to load unencrypted symmetric key). Workaround is about using temporal key to encrypt corosync authkey in memory and then to unwrap it into valid NSS key. Also when FIPS is enabled, it's not currently (nss 3.30.2) possible to unwrap key larger than 256 bytes. Signed-off-by: Jan Friesse <jfriesse(a)redhat.com> Commit: 895209627154c6744a6f00954e3c305788779321 https://github.com/fabbione/kronosnet/commit/895209627154c6744a6f00954e3c30… Author: Jan Friesse <jfriesse(a)redhat.com> Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M libknet/libknet.h Log Message: ----------- [knet.h] Reduce KNET_MIN_KEY_LEN By reducing KNET_MIN_KEY_LEN we allow FIPS enabled system using NSS to import (unwrap) the key. Signed-off-by: Jan Friesse <jfriesse(a)redhat.com> Commit: 103975181770aa5ee0e698ab92661de5bd5f1e46 https://github.com/fabbione/kronosnet/commit/103975181770aa5ee0e698ab92661d… Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> Date: 2017-07-12 (Wed, 12 Jul 2017) Changed paths: M libknet/libknet.h M libknet/nsscrypto.c Log Message: ----------- Merge pull request #44 from jfriesse/fips-enable Fips enable Compare: https://github.com/fabbione/kronosnet/compare/d419549ffae5...103975181770

7 years, 5 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Commits July 2017