| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Apr 2008 00:47:27 -0700 (PDT) From: David Miller <davem@...emloft.net> To: herbert@...dor.apana.org.au Cc: netdev@...r.kernel.org, kuznet@....inr.ac.ru, latten@...ibm.com, tchicks@...ibm.com Subject: Re: [IPSEC]: Fix catch-22 with algorithm IDs above 31 From: Herbert Xu <herbert@...dor.apana.org.au> Date: Tue, 22 Apr 2008 15:43:04 +0800 > [IPSEC]: Fix catch-22 with algorithm IDs above 31 > > As it stands it's impossible to use any authentication algorithms > with an ID above 31 portably. It just happens to work on x86 but > fails miserably on ppc64. > > The reason is that we're using a bit mask to check the algorithm > ID but the mask is only 32 bits wide. > > After looking at how this is used in the field, I have concluded > that in the long term we should phase out state matching by IDs > because this is made superfluous by the reqid feature. For current > applications, the best solution IMHO is to allow all algorithms when > the bit masks are all ~0. > > The following patch does exactly that. > > This bug was identified by IBM when testing on the ppc64 platform > using the NULL authentication algorithm which has an ID of 251. > > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> Applied, and I'll queue up for -stable, thanks Herbert! > diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h > diff --git a/include/net/xfrm.h b/include/net/xfrm.h Please update your GIT index :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists