Commits

commits@lists.kronosnet.org

2 participants
41823 discussions

[jenkins] anvil-build-functional-testing (build 475) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Started by upstream project "anvil/anvil-build-cron" build number 47 Total runtime: 2 hr 40 min Full log: https://ci.kronosnet.org/job/anvil/job/anvil-build-functional-testing/475/c…

1 0

[jenkins] anvil-build-functional-testing (build 478) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Started by upstream project "anvil/anvil-build-cron" build number 47 Total runtime: 2 hr 27 min Full log: https://ci.kronosnet.org/job/anvil/job/anvil-build-functional-testing/478/c…

1 0

[jenkins] anvil-build-functional-testing (build 479) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Started by upstream project "anvil/anvil-build-cron" build number 47 Total runtime: 2 hr 18 min Full log: https://ci.kronosnet.org/job/anvil/job/anvil-build-functional-testing/479/c…

1 0

[jenkins] anvil-build-functional-testing (build 477) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Started by upstream project "anvil/anvil-build-cron" build number 47 Total runtime: 2 hr 16 min Full log: https://ci.kronosnet.org/job/anvil/job/anvil-build-functional-testing/477/c…

1 0

[kronosnet/kronosnet] 97b717: Add API to enumerate supported cipher modes and ha...
by Fabio M. Di Nitto 07 May '26

07 May '26

Branch: refs/heads/add-crypto-enumeration-api Home: https://github.com/kronosnet/kronosnet Commit: 97b717b709dc834082915520371f47b655c64892 https://github.com/kronosnet/kronosnet/commit/97b717b709dc834082915520371f4… Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> Date: 2026-05-07 (Thu, 07 May 2026) Changed paths: M libknet/crypto.c M libknet/libknet.h M libknet/libknet_exported_syms M libknet/tests/api-check.mk A libknet/tests/api_knet_get_crypto_cipher_list.c A libknet/tests/api_knet_get_crypto_hash_list.c M man/Makefile.am Log Message: ----------- Add API to enumerate supported cipher modes and hash algorithms Implements issue #478 by introducing two new API functions: - knet_get_crypto_cipher_list(): Returns AES cipher modes (CBC/CTR) supported across all crypto backends - knet_get_crypto_hash_list(): Returns hash algorithms supported across all crypto backends The functions return the intersection of capabilities across OpenSSL, NSS, and libgcrypt backends, ensuring applications can reliably use any returned cipher/hash combination regardless of which crypto module is loaded at runtime. Key implementation decisions: - Uses hardcoded lists to avoid loading all crypto modules unconditionally - Flattened cipher list includes both OpenSSL (hyphenated) and NSS/gcrypt (non-hyphenated) naming conventions as separate entries to simplify application logic - Cipher list: 12 entries covering AES-128/192/256 in CBC and CTR modes - Hash list: 5 entries covering md5, sha1, sha256, sha384, sha512 New structures: - knet_crypto_cipher_info: name, mode, key_bits - knet_crypto_hash_info: name, hash_bits Includes comprehensive API tests following existing patterns. Signed-off-by: Fabio M. Di Nitto <fabbione(a)kronosnet.org> Co-Authored-By: Claude Sonnet 4.5 <noreply(a)anthropic.com> To unsubscribe from these emails, change your notification settings at https://github.com/kronosnet/kronosnet/settings/notifications

1 0

[jenkins] fence-agents PR-651 (build 2) completed with state: failure
by jenkins＠kronosnet.org 07 May '26

07 May '26

41/41 Non-voting fails: debian-12-x86-64(nonvoting-clang: Run tests) rhel-8-s390x(nonvoting-clang: Run tests) ubuntu-22-04-lts-x86-64(nonvoting-clang: Run tests) rhel-8-x86-64(nonvoting-clang: Run tests) rhel-8-power9-ppc64le(nonvoting-clang: Run tests) centos-9-x86-64(nonvoting-clang: Run tests) centos-9-s390x(nonvoting-clang: Run tests) freebsd-15-x86-64(nonvoting-clang: Run tests) freebsd-devel-x86-64(nonvoting: Run tests) freebsd-devel-x86-64(nonvoting-clang: Run tests) freebsd-13-x86-64(nonvoting-clang: Run tests) freebsd-14-x86-64(nonvoting-clang: Run tests) debian-unstable-x86-64(nonvoting: Run tests) debian-unstable-x86-64(nonvoting-clang: Run tests) debian-testing-x86-64(nonvoting-clang: Run tests) debian-experimental-x86-64(nonvoting: Run tests) ubuntu-devel-x86-64(nonvoting: Run tests) debian-experimental-x86-64(nonvoting-clang: Run tests) ubuntu-devel-x86-64(nonvoting-clang: Run tests) debian-13-x86-64(nonvoting-clang: Run tests) rhel-10-power9-ppc64le(nonvoting-clang: Run tests) ubuntu-25-10-x86-64(nonvoting-clang: Run tests) rhel-10-s390x(nonvoting-clang: Run tests) centos-10-s390x(nonvoting-clang: Run tests) ubuntu-24-04-lts-x86-64(nonvoting-clang: Run tests) fedora-rawhide-power9-ppc64le(nonvoting: Run tests) fedora-rawhide-power9-ppc64le(nonvoting-clang: Run tests) alpine-x86-64(nonvoting: Run tests) centos-10-x86-64(nonvoting-clang: Run tests) alpine-x86-64(nonvoting-clang: Run tests) rhel-10-x86-64(nonvoting-clang: Run tests) fedora-42-x86-64(nonvoting-clang: Run tests) rhel-9-x86-64(nonvoting-clang: Run tests) fedora-43-power9-ppc64le(nonvoting-clang: Run tests) fedora-rawhide-x86-64(nonvoting: Run tests) fedora-rawhide-x86-64(nonvoting-clang: Run tests) fedora-43-x86-64(nonvoting-clang: Run tests) rhel-9-s390x(nonvoting-clang: Run tests) fedora-43-s390x(nonvoting-clang: Run tests) fedora-rawhide-s390x(nonvoting: Run tests) fedora-rawhide-s390x(nonvoting-clang: Run tests) 28/50 Voting fails: rhel-8-coverity-x86-64(voting: Run tests) debian-12-x86-64(voting: Run tests) ubuntu-22-04-lts-x86-64(voting: Run tests) rhel-8-s390x(voting: Run tests) rhel-8-x86-64(voting: Run tests) rhel-8-power9-ppc64le(voting: Run tests) centos-9-x86-64(voting: Run tests) centos-9-s390x(voting: Run tests) freebsd-15-x86-64(voting: Run tests) freebsd-13-x86-64(voting: Run tests) freebsd-14-x86-64(voting: Run tests) rhel-9-coverity-x86-64(voting: Run tests) rhel-10-coverity-x86-64(voting: Run tests) debian-testing-x86-64(voting: Run tests) debian-13-x86-64(voting: Run tests) rhel-10-power9-ppc64le(voting: Run tests) ubuntu-25-10-x86-64(voting: Run tests) rhel-10-s390x(voting: Run tests) centos-10-s390x(voting: Run tests) ubuntu-24-04-lts-x86-64(voting: Run tests) centos-10-x86-64(voting: Run tests) rhel-10-x86-64(voting: Run tests) fedora-42-x86-64(voting: Run tests) rhel-9-x86-64(voting: Run tests) fedora-43-power9-ppc64le(voting: Run tests) fedora-43-x86-64(voting: Run tests) rhel-9-s390x(voting: Run tests) fedora-43-s390x(voting: Run tests) Run reason: Pull request #651 updated Total runtime: 22 hr Split logs: https://ci.kronosnet.org/job/fence-agents/job/fence-agents-pipeline/job/PR-… Full log: https://ci.kronosnet.org/job/fence-agents/job/fence-agents-pipeline/job/PR-… Full Coverity results: http://ci.kronosnet.org/coverity/fence-agents/rhel-8-coverity-x86-64/pr651/… http://ci.kronosnet.org/coverity/fence-agents/rhel-9-coverity-x86-64/pr651/… http://ci.kronosnet.org/coverity/fence-agents/rhel-10-coverity-x86-64/pr651…

1 0

[jenkins] pcs PR-1120 (build 2) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Pull request #1120 updated Total runtime: 2 hr 27 min Split logs: https://ci.kronosnet.org/job/pcs/job/pcs-pipeline/job/PR-1120/2/artifact/ Full log: https://ci.kronosnet.org/job/pcs/job/pcs-pipeline/job/PR-1120/2/consoleText Full Coverity results: http://ci.kronosnet.org/coverity/pcs/rhel-10-coverity-x86-64/pr1120/pacemak… http://ci.kronosnet.org/coverity/pcs/rhel-9-coverity-x86-64/pr1120/pacemake… http://ci.kronosnet.org/coverity/pcs/rhel-9-coverity-x86-64/pr1120/pacemake… http://ci.kronosnet.org/coverity/pcs/rhel-10-coverity-x86-64/pr1120/pacemak…

1 0

[kronosnet/kronosnet] ad7029: Add AES-CTR mode support with cross-backend cipher...
by Fabio M. Di Nitto 07 May '26

07 May '26

Branch: refs/heads/main Home: https://github.com/kronosnet/kronosnet Commit: ad7029948c74a26c42a9ac3e1c5dff458dd8cbd4 https://github.com/kronosnet/kronosnet/commit/ad7029948c74a26c42a9ac3e1c5df… Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> Date: 2026-05-07 (Thu, 07 May 2026) Changed paths: M libknet/crypto_gcrypt.c M libknet/crypto_nss.c M libknet/crypto_openssl.c M libknet/onwire.c M libknet/tests/Makefile.am M libknet/tests/api_knet_handle_crypto_set_config.c A libknet/tests/fun_config_crypto_ctr_test.c Log Message: ----------- Add AES-CTR mode support with cross-backend cipher name compatibility Implements AES-128-CTR, AES-192-CTR, and AES-256-CTR cipher modes for OpenSSL, NSS, and libgcrypt crypto backends. CTR (Counter) mode is a stream cipher that doesn't require padding and offers better performance for parallel encryption/decryption. Key changes: 1. Crypto backend implementations (crypto_nss.c, crypto_gcrypt.c, crypto_openssl.c): - Added CTR cipher type enums and mode detection - Implemented CTR-specific parameter handling (NSS CK_AES_CTR_PARAMS) - Accepts both cipher name formats: aes128-ctr and aes-128-ctr - Sets sec_block_size appropriately for each mode: * CTR mode: sec_block_size = 0 (no padding overhead) * CBC mode: sec_block_size = 16 (PKCS padding overhead) 2. Mode validation: - Added explicit validation for cipher modes - Only CBC and CTR modes are supported - Rejects unsupported modes (GCM, OFB, CFB, ECB, XTS) with clear error - Uses whitelist approach (check for supported) vs blacklist 3. OpenSSL improvements: - Use EVP_CIPHER_fetch() for OpenSSL 3.x (avoids refetching) - Use EVP_CIPHER_get_block_size() for OpenSSL 3.x - Maintain OpenSSL 1.x compatibility for RHEL 8 (EOL 2029) - Added comprehensive version support policy documentation 4. sec_block_size rationale (extensive documentation): - sec_block_size represents PADDING OVERHEAD, not cipher block size - CTR mode: Stream cipher, no padding (100 bytes → 100 bytes) * Library APIs return 1 or 16 for block size * But CTR adds NO padding overhead * Setting sec_block_size=0 correctly represents "no padding" * The if (sec_block_size) check in onwire.c skips padding calculation - CBC mode: Block cipher, PKCS padding required * Block size is 16 for AES * Adds padding to align to block boundaries * Example: 100 bytes → 112 bytes (12 bytes padding) - Documented in all crypto modules and onwire.c 5. New test: fun_config_crypto_ctr_test.c: - Uses knet_get_crypto_list() for runtime crypto module detection - Validates CTR mode support across all available backends - Tests both cipher naming conventions (hyphenated and non-hyphenated) - Performs actual encrypted data transmission via loopback - Verifies send/recv with CTR encryption works correctly - Tests buffer integrity after encryption/decryption - Ensures cross-backend compatibility 6. Extended test: api_knet_handle_crypto_set_config_test: - Added tests for unsupported cipher mode rejection - Tests GCM, OFB, ECB, XTS modes (all should fail with ENXIO) - Tests CTR mode in both naming formats (should succeed) - Verifies config preservation after rejecting bad modes MTU optimization: CTR mode sets sec_block_size = 0 (instead of 16 for CBC) because it doesn't require padding. This: - Allows up to 16 more bytes of payload per packet vs CBC mode - Fixes MTU/PMTUD calculations in onwire.c and threads_pmtud.c - Prevents wasted overhead for padding that CTR mode doesn't need This allows users to configure any backend with either naming format: - OpenSSL native: aes-128-ctr, aes-192-ctr, aes-256-ctr - NSS/gcrypt native: aes128-ctr, aes192-ctr, aes256-ctr Both formats work on all backends for seamless configuration portability. CTR mode maintains backward compatibility - same on-wire format as CBC, just different encryption algorithm. All tests pass. Addresses all PR #477 review feedback: - Mode validation and error handling - sec_block_size rationale extensively documented - OpenSSL 3.x API improvements (EVP_CIPHER_fetch, EVP_CIPHER_get_block_size) - OpenSSL 1.x support policy documented Resolves: #460 Signed-off-by: Fabio M. Di Nitto <fdinitto(a)redhat.com> Co-Authored-By: Claude Sonnet 4.5 <noreply(a)anthropic.com> Commit: f227fc63efd3799a6f9248c973bc8e5be26e9265 https://github.com/kronosnet/kronosnet/commit/f227fc63efd3799a6f9248c973bc8… Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> Date: 2026-05-07 (Thu, 07 May 2026) Changed paths: M libknet/crypto_gcrypt.c M libknet/crypto_nss.c M libknet/crypto_openssl.c M libknet/onwire.c M libknet/tests/Makefile.am M libknet/tests/api_knet_handle_crypto_set_config.c A libknet/tests/fun_config_crypto_ctr_test.c Log Message: ----------- Merge pull request #477 from kronosnet/add-aes-ctr-support Add AES-CTR mode support with cross-backend compatibility Compare: https://github.com/kronosnet/kronosnet/compare/602320f4c32a...f227fc63efd3 To unsubscribe from these emails, change your notification settings at https://github.com/kronosnet/kronosnet/settings/notifications

1 0

[jenkins] kronosnet PR-477 (build 4) succeeded but with 2/86 non-voting fails
by jenkins＠kronosnet.org 07 May '26

07 May '26

Failed jobs: alpine-x86-64(nonvoting-clang: Build source) alpine-x86-64(nonvoting-clang_debug: Build source) Run reason: Pull request #477 updated Total runtime: 1 hr 19 min Split logs: https://ci.kronosnet.org/job/kronosnet/job/kronosnet-pipeline/job/PR-477/4/… Full log: https://ci.kronosnet.org/job/kronosnet/job/kronosnet-pipeline/job/PR-477/4/… Failed logs: https://ci.kronosnet.org/job/kronosnet/job/kronosnet-pipeline/job/PR-477/4/… https://ci.kronosnet.org/job/kronosnet/job/kronosnet-pipeline/job/PR-477/4/… Full Coverity results: http://ci.kronosnet.org/coverity/kronosnet/rhel-8-coverity-x86-64/pr477//4 http://ci.kronosnet.org/coverity/kronosnet/rhel-9-coverity-x86-64/pr477//4 http://ci.kronosnet.org/coverity/kronosnet/rhel-10-coverity-x86-64/pr477//4 Duplicate job killed: kronosnet/kronosnet-pipeline/PR-477 (3)

1 0

[jenkins] anvil kmods (build 550) success
by jenkins＠kronosnet.org 07 May '26

07 May '26

Run reason: Started by upstream project "anvil/anvil-build-cron" build number 47 Total runtime: 9 min 8 sec Full log: https://ci.kronosnet.org/job/anvil/job/anvil-build-all-kmods/550/consoleText

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Commits