[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130124123210.GK9147@secunet.com>
Date: Thu, 24 Jan 2013 13:32:10 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Jussi Kivilinna <jussi.kivilinna@...et.fi>
Cc: Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
Tom St Denis <tstdenis@...iptictech.com>,
David Miller <davem@...emloft.net>
Subject: Re: [PATCH] CMAC support for CryptoAPI, fixed patch issues, indent,
and testmgr build issues
On Thu, Jan 24, 2013 at 01:25:46PM +0200, Jussi Kivilinna wrote:
>
> Maybe it would be cleaner to not mess with pfkeyv2.h at all, but instead mark algorithms that do not support pfkey with flag. See patch below.
>
Yes, would be an option too. I would be fine with that,
but let's here if someone else has an opinion on this.
Anyway, we need a solution to integrate Tom's patch soon.
> Then I started looking up if sadb_alg_id is being used somewhere outside pfkey. Seems that its value is just being copied around.. but at "http://lxr.linux.no/linux+v3.7/net/xfrm/xfrm_policy.c#L1991" it's used as bit-index. So do larger values than 31 break some stuff? Can multiple algorithms have same sadb_alg_id value? Also in af_key.c, sadb_alg_id being used as bit-index.
>
Herbert tried to address this already in git commit c5d18e984
([IPSEC]: Fix catch-22 with algorithm IDs above 31) some years
ago.
But this looks still messy. If the aalgos, ealgos and calgos mask is ~0,
we allow all algorithms. If this is not the case, xfrm and pfkey check
the aalgos mask against the algorithm ID, only pfkey checks the ealgo
mask and noone checks the calgos mask.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists