lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jan 2017 14:27:50 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: Gilad Ben-Yossef <gilad@...yossef.com> CC: <herbert@...dor.apana.org.au>, <davem@...emloft.net>, <netdev@...r.kernel.org>, <ofir.drang@....com>, <gilad.benyossef@....com>, Alexander Alemayhu <alexander@...mayhu.com> Subject: Re: [PATCH ipsec-next v3 0/2] IPsec: do not ignore crypto err in ah input On Mon, Jan 16, 2017 at 01:17:54PM +0200, Gilad Ben-Yossef wrote: > ah input processing uses the asynchronous hash crypto API which > supplies an error code as part of the operation completion but > the error code was being ignored. > > Treat a crypto API error indication as a verification failure. > > While a crypto API reported error would almost certainly result > in a memcpy of the digest failing anyway and thus the security > risk seems minor, performing a memory compare on what might be > uninitialized memory is wrong. > > Signed-off-by: Gilad Ben-Yossef <gilad@...yossef.com> > CC: Alexander Alemayhu <alexander@...mayhu.com> Both applied to ipsec-next, thanks a lot!
Powered by blists - more mailing lists