OCPBUGS-69902: Add panic recovery for SSH connection and signer validation #3701
Conversation
This commit introduces a func to perform a test signature operation to verify the key is functional. This will catch issues like: - Malformed key material - Corrupted private key data - Invalid key parameters
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
jira/severity-important
|
@jrvaldes: This pull request references Jira Issue OCPBUGS-69902, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/invalid-bug
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jrvaldes The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Add dialWithPanicRecovery() wrapper around ssh.Dial() to gracefully handle panics from crypto libraries (e.g., curve25519) when SSH keys are corrupted or malformed. Previously, corrupted SSH private keys could cause the operator to panic during the Curve25519 key exchange phase with errors like "curve25519: internal error: scalarBaseMult was not 32 bytes". This panic occurrs deep in golang.org/x/crypto/curve25519 and was not catchable through normal error handling. The new wrapper: - Recovers from panics during ssh.Dial() - Logs detailed diagnostic information (IP, username, key type) - Returns a descriptive error message with remediation steps - Prevents operator crashes due to key corruption This addresses scenarios where SSH private keys pass initial parsing validation but fail during actual cryptographic operations. Fixes: OCPBUGS-69902
jrvaldes
force-pushed
the
OCPBUGS-69902
branch
from
a9295b9 to
ca57648
Compare
|
/jira refresh |
openshift-ci-robot
added
the
jira/valid-bug
|
/test ? |
openshift-ci-robot
removed
the
jira/invalid-bug
|
@jrvaldes: This pull request references Jira Issue OCPBUGS-69902, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@jrvaldes: The following commands are available to trigger required jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test unit |
|
/test lint |
|
/test vsphere-e2e-operator |
|
@jrvaldes: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
This pull request introduces validation and error handling for SSH private keys, aiming to prevent cryptographic panics (such as those caused by corrupted or malformed keys) and to improve the reliability of SSH connectivity.
The changes include adding a key operation validation step during signer creation, implementing panic recovery during SSH dial operations, and providing comprehensive unit tests for these scenarios.