]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a49ba0) | patch
auth: check service key is valid before decryption
authorPatrick Donnelly <pdonnell@ibm.com>
Thu, 29 May 2025 15:57:55 +0000 (11:57 -0400)
committerPatrick Donnelly <pdonnell@ibm.com>
Wed, 1 Oct 2025 18:47:10 +0000 (14:47 -0400)
commit6a4bde2ff4ac33c4922e7e17141ad693a2866e39
treeb48aa3995ef3f9ae4a642d4dd7743419c8fba42ctree | snapshot
parent6a49ba02b745315566be48103df4f61eee7f4c2ccommit | diff
auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
src/auth/Crypto.h diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.