Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TENTATIVE: setup: Use a FIPS-compatible padding to encrypt OVN password #668

Closed
wants to merge 1 commit into from
Closed

TENTATIVE: setup: Use a FIPS-compatible padding to encrypt OVN password #668

wants to merge 1 commit into from

Conversation

mz-pdm
Copy link
Member

@mz-pdm mz-pdm commented Sep 21, 2022
edited
Loading

The current padding results in encryption error if FIPS crypto policy is enabled on CentOS Stream 9.

@mz-pdm
Copy link
Member Author

mz-pdm commented Sep 21, 2022

/ost

@mz-pdm
Copy link
Member Author

mz-pdm commented Sep 21, 2022

/ost

@mz-pdm @michalskrivanek
TENTATIVE: setup: Use a FIPS-compatible padding to encrypt OVN password
8ef61b8 
The current padding results in encryption error if FIPS crypto policy
is enabled on CentOS Stream 9.
@michalskrivanek
Copy link
Member

/ost

@mz-pdm mz-pdm requested review from almusil and erav September 22, 2022 10:56
@mz-pdm
Copy link
Member Author

mz-pdm commented Sep 22, 2022
edited
Loading

@erav, @almusil, engine-setup fails in OVN setup when FIPS is enabled on el9. The problem is apparently that the current padding algorithm used in OVN password encryption is not FIPS compatible. When switched to a different algorithm, as demonstrated by this patch, engine-setup succeeds. But there are failures later (see the OST run), clearly more things must be adjusted with such a change. You may know (definitely better than I) what is related and needs to be fixed; would you like to expand the patch accordingly?

@erav
Copy link
Member

erav commented Sep 22, 2022

Just as not to mess up this PR, created another PR #671 with what I think might be the next step.

@erav
Copy link
Member

erav commented Sep 23, 2022

/ost basic-suite-master el9stream

@michalskrivanek
Copy link
Member

superseded by #683

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalskrivanek michalskrivanek Awaiting requested review from michalskrivanek

@mwperina mwperina Awaiting requested review from mwperina

@almusil almusil Awaiting requested review from almusil

@erav erav Awaiting requested review from erav

@didib didib Awaiting requested review from didib didib will be requested when the pull request is marked ready for review didib is a code owner

@sandrobonazzola sandrobonazzola Awaiting requested review from sandrobonazzola sandrobonazzola will be requested when the pull request is marked ready for review sandrobonazzola is a code owner

Assignees

@erav erav

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mz-pdm @michalskrivanek @erav