Branch: refs/heads/main Home: https://github.com/kronosnet/kronosnet Commit: ec10e550a09cfd30ce5e94ecde041a31f871e204 https://github.com/kronosnet/kronosnet/commit/ec10e550a09cfd30ce5e94ecde041a... Author: Jan Friesse jfriesse@redhat.com Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths: M libknet/crypto.c
Log Message: ----------- [crypto] Try crypt and decrypt on crypto_init
Crypt (or decrypt) operation might fail in some cases even when initialization succeeded. This problem is known to happen when FIPS mode is enabled and combination of openssl/aes192 and md5 is used. This was not caught during crypto_init so knet user (corosync) was not aware of non-working crypto so it couldn't handle it - and couldn't send/receive any packets.
Solution is to try crypt, decrypt and compare of result buffer right after new crypto_instance is created. If any of these operation fails, whole crypto_init fails, crypto_instance is freed and knet user is notified by receiving non-zero return code.
Signed-off-by: Jan Friesse jfriesse@redhat.com
Commit: 31cec7382f20b5bdd7fa22c0cc9eaa0f4526de4f https://github.com/kronosnet/kronosnet/commit/31cec7382f20b5bdd7fa22c0cc9eaa... Author: Fabio M. Di Nitto fdinitto@redhat.com Date: 2023-08-14 (Mon, 14 Aug 2023)
Changed paths: M libknet/crypto.c
Log Message: ----------- Merge pull request #412 from jfriesse/try_encrypt_on_crypto_init
[crypto] Try crypt and decrypt on crypto_init
Compare: https://github.com/kronosnet/kronosnet/compare/683d10883622...31cec7382f20
-
Fabio M. Di Nitto