lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 22 Jan 2018 15:40:39 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     sd@...asysnail.net
Cc:     netdev@...r.kernel.org, felix.walter@...udandheat.com,
        dcaratti@...hat.com
Subject: Re: [PATCH net-next] macsec: restore uAPI after addition of
 GCM-AES-256

From: Sabrina Dubroca <sd@...asysnail.net>
Date: Thu, 18 Jan 2018 17:48:18 +0100

> Commit ccfdec908922 ("macsec: Add support for GCM-AES-256 cipher suite")
> changed a few values in the uapi headers for MACsec.
> 
> Because of existing userspace implementations, we need to preserve the
> value of MACSEC_DEFAULT_CIPHER_ID. Not doing that resulted in
> wpa_supplicant segfaults when a secure channel was created using the
> default cipher. Thus, swap MACSEC_DEFAULT_CIPHER_{ID,ALT} back to their
> original values.
> 
> Changing the maximum length of the MACSEC_SA_ATTR_KEY attribute is
> unnecessary, as the previous value (MACSEC_MAX_KEY_LEN, which was 128B)
> is large enough to carry 32-bytes keys. This patch reverts
> MACSEC_MAX_KEY_LEN to 128B and restores the old length check on
> MACSEC_SA_ATTR_KEY.
> 
> Fixes: ccfdec908922 ("macsec: Add support for GCM-AES-256 cipher suite")
> Signed-off-by: Davide Caratti <dcaratti@...hat.com>
> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>

Good catch, applied, thanks Sabrina.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ