Just spotted a couple of mistakes.. can fix at merge time.
On 10/13/2012 12:21 PM, Fabio M. Di Nitto wrote:
> - |kv "crypto_type" /nss|aes256/
> - |kv "crypto_cipher" /none|nss|aes256/
> + |kv "crypto_type" /nss|aes256|aes192|aes128|3des/
> + |kv "crypto_cipher" /none|nss|aes256|aes192|aes128/3des/
there is a typo here between aes128 and 3des. should be |
> size_t cipher_key_len[] = {
> - 0, /* CRYPTO_CIPHER_TYPE_NONE */
> - 32, /* CRYPTO_CIPHER_TYPE_AES256 */
> + 0, /* CRYPTO_CIPHER_TYPE_NONE */
> + AES_256_KEY_LENGTH, /* CRYPTO_CIPHER_TYPE_AES256 */
> + AES_192_KEY_LENGTH, /* CRYPTO_CIPHER_TYPE_AES192 */
> + AES_128_KEY_LENGTH, /* CRYPTO_CIPHER_TYPE_AES128 */
> + 16 /* CRYPTO_CIPHER_TYPE_3DES - no magic in nss headers */
3des max key len is 24 bytes and not 16.
I also found a call in nss that we might want to use at load time to
avoid hardcoding all those info and could allow full dynamic config.
Is it something we might be interested in?
Fabio
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
