lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 22 Apr 2008 00:47:27 -0700 (PDT)
From:	David Miller <>
Subject: Re: [IPSEC]: Fix catch-22 with algorithm IDs above 31

From: Herbert Xu <>
Date: Tue, 22 Apr 2008 15:43:04 +0800

> [IPSEC]: Fix catch-22 with algorithm IDs above 31
> As it stands it's impossible to use any authentication algorithms
> with an ID above 31 portably.  It just happens to work on x86 but
> fails miserably on ppc64.
> The reason is that we're using a bit mask to check the algorithm
> ID but the mask is only 32 bits wide.
> After looking at how this is used in the field, I have concluded
> that in the long term we should phase out state matching by IDs
> because this is made superfluous by the reqid feature.  For current
> applications, the best solution IMHO is to allow all algorithms when
> the bit masks are all ~0.
> The following patch does exactly that.
> This bug was identified by IBM when testing on the ppc64 platform
> using the NULL authentication algorithm which has an ID of 251.
> Signed-off-by: Herbert Xu <>

Applied, and I'll queue up for -stable, thanks Herbert!

> diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h

Please update your GIT index :-)
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists