Branch: refs/heads/main
Home: https://github.com/kronosnet/kronosnet
Commit: ec10e550a09cfd30ce5e94ecde041a31f871e204
https://github.com/kronosnet/kronosnet/commit/ec10e550a09cfd30ce5e94ecde041…
Author: Jan Friesse <jfriesse(a)redhat.com>
Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths:
M libknet/crypto.c
Log Message:
-----------
[crypto] Try crypt and decrypt on crypto_init
Crypt (or decrypt) operation might fail in some cases even when
initialization succeeded. This problem is known to happen when
FIPS mode is enabled and combination of openssl/aes192 and md5 is used.
This was not caught during crypto_init so knet user (corosync) was
not aware of non-working crypto so it couldn't handle it - and couldn't
send/receive any packets.
Solution is to try crypt, decrypt and compare of result buffer right
after new crypto_instance is created. If any of these operation fails,
whole crypto_init fails, crypto_instance is freed and knet user is
notified by receiving non-zero return code.
Signed-off-by: Jan Friesse <jfriesse(a)redhat.com>
Commit: 31cec7382f20b5bdd7fa22c0cc9eaa0f4526de4f
https://github.com/kronosnet/kronosnet/commit/31cec7382f20b5bdd7fa22c0cc9ea…
Author: Fabio M. Di Nitto <fdinitto(a)redhat.com>
Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths:
M libknet/crypto.c
Log Message:
-----------
Merge pull request #412 from jfriesse/try_encrypt_on_crypto_init
[crypto] Try crypt and decrypt on crypto_init
Compare: https://github.com/kronosnet/kronosnet/compare/683d10883622...31cec7382f20