Branch: refs/heads/stable1-proposed Home: https://github.com/kronosnet/kronosnet Commit: 49ef95aea3bb5a223ec12c2e33e855c8948c0204 https://github.com/kronosnet/kronosnet/commit/49ef95aea3bb5a223ec12c2e33e855... Author: Jan Friesse jfriesse@redhat.com Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths: M libknet/crypto.c
Log Message: ----------- [crypto] Try crypt and decrypt on crypto_init
Crypt (or decrypt) operation might fail in some cases even when initialization succeeded. This problem is known to happen when FIPS mode is enabled and combination of openssl/aes192 and md5 is used. This was not caught during crypto_init so knet user (corosync) was not aware of non-working crypto so it couldn't handle it - and couldn't send/receive any packets.
Solution is to try crypt, decrypt and compare of result buffer right after new crypto_instance is created. If any of these operation fails, whole crypto_init fails, crypto_instance is freed and knet user is notified by receiving non-zero return code.
Signed-off-by: Jan Friesse jfriesse@redhat.com