Nevermind, there is another error to fix.
New patch will follow.
Fabio
On 9/1/2014 10:00 PM, Fabio M. Di Nitto wrote:
> From: "Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx>
>
> libnss is "weird" in this respect as some block sizes are
> hardcoded, others need to be determined dynamically.
>
> For AES we need to use the values we know since GetBlockSize would
> return errors, for 3des (that hopefully nobody is using) the value
> returned by GetBlockSize is 8, but let's use the call into libnss
> to avoid possible conflicts with distro patching or older
> versions.
>
> Signed-off-by: Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> ---
> exec/totemcrypto.c | 15 ++++++++++++++- 1 file changed, 14
> insertions(+), 1 deletion(-)
>
> diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c index
> 69818b8..362ea82 100644 --- a/exec/totemcrypto.c +++
> b/exec/totemcrypto.c @@ -666,6 +666,7 @@ size_t
> crypto_sec_header_size( int crypto_cipher =
> string_to_crypto_cipher_type(crypto_cipher_type); int crypto_hash =
> string_to_crypto_hash_type(crypto_hash_type); size_t hdr_size = 0;
> + int block_size = 0;
>
> hdr_size = sizeof(struct crypto_config_header);
>
> @@ -675,7 +676,19 @@ size_t crypto_sec_header_size(
>
> if (crypto_cipher) { hdr_size += SALT_SIZE; - hdr_size +=
> cypher_block_len[crypto_cipher]; + if
> (cypher_block_len[crypto_cipher]) { + block_size =
> cypher_block_len[crypto_cipher]; + } else { + block_size =
> PK11_GetBlockSize(crypto_cipher, NULL); + if (block_size < 0) { +
> /* + * failsafe. we can potentially lose up to 63 + * byte
> per packet, but better than fragmenting + */ + block_size =
> 64; + } + } + hdr_size += block_size; }
>
> return hdr_size;
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
