* [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
@ 2008-05-21 16:55 Martin Willi
2008-05-21 20:37 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Martin Willi @ 2008-05-21 16:55 UTC (permalink / raw)
To: herbert; +Cc: linux-kernel
Installing NULL encryption IPSec SAs works using the .compat name
"cipher_null", but fails with the .name "ecp(cipher_null)" due the
missing check in key length verification.
Signed-off-by: Martin Willi <martin@strongswan.org>
--- a/net/xfrm/xfrm_user.c 2008-05-21 11:34:56.000000000 -0500
+++ b/net/xfrm/xfrm_user.c 2008-05-21 11:20:08.000000000 -0500
@@ -57,6 +57,7 @@
case XFRMA_ALG_CRYPT:
if (!algp->alg_key_len &&
+ strcmp(algp->alg_name, "ecb(cipher_null)") != 0 &&
strcmp(algp->alg_name, "cipher_null") != 0)
return -EINVAL;
break;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
2008-05-21 16:55 [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails Martin Willi
@ 2008-05-21 20:37 ` David Miller
2008-05-21 23:59 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: David Miller @ 2008-05-21 20:37 UTC (permalink / raw)
To: martin; +Cc: herbert, linux-kernel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: Text/Plain; charset=utf-8, Size: 531 bytes --]
From: Martin Willi <martin@strongswan.org>
Date: Wed, 21 May 2008 11:55:06 -0500
> Installing NULL encryption IPSec SAs works using the .compat name
> "cipher_null", but fails with the .name "ecp(cipher_null)" due the
> missing check in key length verification.
> 
> Signed-off-by: Martin Willi <martin@strongswan.org>
Herbert does this look Ok to you?
Thanks.
ÿôèº{.nÇ+‰·Ÿ®‰†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a¢f£¢·hšïêÿ‘êçz_è®\x03(階ŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨èÚ&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
2008-05-21 20:37 ` David Miller
@ 2008-05-21 23:59 ` Herbert Xu
2008-05-22 0:23 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Herbert Xu @ 2008-05-21 23:59 UTC (permalink / raw)
To: David Miller; +Cc: martin, linux-kernel
On Wed, May 21, 2008 at 01:37:56PM -0700, David Miller wrote:
> From: Martin Willi <martin@strongswan.org>
> Date: Wed, 21 May 2008 11:55:06 -0500
>
> > Installing NULL encryption IPSec SAs works using the .compat name
> > "cipher_null", but fails with the .name "ecp(cipher_null)" due the
> > missing check in key length verification.
> >
> > Signed-off-by: Martin Willi <martin@strongswan.org>
>
> Herbert does this look Ok to you?
I think we should get rid of the zero check altogether as a
zero-length key will fail on setkey of a real algorithm anyway
because of the min_keysize/max_keysize checks in the crypto API.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
2008-05-21 23:59 ` Herbert Xu
@ 2008-05-22 0:23 ` David Miller
2008-05-22 0:30 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: David Miller @ 2008-05-22 0:23 UTC (permalink / raw)
To: herbert; +Cc: martin, linux-kernel
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Thu, 22 May 2008 07:59:22 +0800
> I think we should get rid of the zero check altogether as a
> zero-length key will fail on setkey of a real algorithm anyway
> because of the min_keysize/max_keysize checks in the crypto API.
Ok, how does this look?
xfrm_user: Remove zero length key checks.
The crypto layer will determine whether that is valid
or not.
Suggested by Herbert Xu, based upon a report and patch
by Martin Willi.
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index a1b0fbe..b976d9e 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -50,19 +50,8 @@ static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
switch (type) {
case XFRMA_ALG_AUTH:
- if (!algp->alg_key_len &&
- strcmp(algp->alg_name, "digest_null") != 0)
- return -EINVAL;
- break;
-
case XFRMA_ALG_CRYPT:
- if (!algp->alg_key_len &&
- strcmp(algp->alg_name, "cipher_null") != 0)
- return -EINVAL;
- break;
-
case XFRMA_ALG_COMP:
- /* Zero length keys are legal. */
break;
default:
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
2008-05-22 0:23 ` David Miller
@ 2008-05-22 0:30 ` Herbert Xu
2008-05-22 0:36 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Herbert Xu @ 2008-05-22 0:30 UTC (permalink / raw)
To: David Miller; +Cc: martin, linux-kernel
On Wed, May 21, 2008 at 05:23:41PM -0700, David Miller wrote:
>
> Signed-off-by: David S. Miller <davem@davemloft.net>
Looks good to me!
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
2008-05-22 0:30 ` Herbert Xu
@ 2008-05-22 0:36 ` David Miller
0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2008-05-22 0:36 UTC (permalink / raw)
To: herbert; +Cc: martin, linux-kernel
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Thu, 22 May 2008 08:30:31 +0800
> On Wed, May 21, 2008 at 05:23:41PM -0700, David Miller wrote:
> >
> > Signed-off-by: David S. Miller <davem@davemloft.net>
>
> Looks good to me!
>
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks for reviewing.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-05-22 0:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-21 16:55 [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails Martin Willi
2008-05-21 20:37 ` David Miller
2008-05-21 23:59 ` Herbert Xu
2008-05-22 0:23 ` David Miller
2008-05-22 0:30 ` Herbert Xu
2008-05-22 0:36 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.