netdev
[Top] [All Lists]

Re: Bug somewhere in crypto or ipsec stuff

To: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Subject: Re: Bug somewhere in crypto or ipsec stuff
From: James Morris <jmorris@xxxxxxxxxx>
Date: Wed, 29 Oct 2003 23:47:05 -0500 (EST)
Cc: paulus@xxxxxxxxx, <linux-kernel@xxxxxxxxxxxxxxx>, <netdev@xxxxxxxxxxx>, <davem@xxxxxxxxxx>
In-reply-to: <20031030.124124.26191552.yoshfuji@xxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 30 Oct 2003, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:

> In article 
> <Xine.LNX.4.44.0310292221320.23405-100000@xxxxxxxxxxxxxxxxxxxxxxxx> (at Wed, 
> 29 Oct 2003 22:22:50 -0500 (EST)), James Morris <jmorris@xxxxxxxxxx> says:
> 
> > On Thu, 30 Oct 2003, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:
> > 
> > 
> > > I would just disallow name == NULL,
> > > well, what algorithm do you expect?
> > 
> > Good question.  It seems to me to be a bug in the calling code if it is 
> > trying to look up nothing -- I'd rather not paper that over.
> 
> Do you mean that we need to fix the caller?

Yes.

> 
> Well, people may want to get just any algorithm.
> In such case,
>  - crypto allows name == NULL, and return any algorithm
>    (for example, an algorithm that we see first.)
>  - caller may filter name == NULL case if it is ambiguous in their context.

I think that could be dangerous, including if calling with null is a 
bug, and they get an inappropriate algorithm.  An incorrect algorithm type 
could also be returned (e.g. digest instead of a cipher).

- James
-- 
James Morris
<jmorris@xxxxxxxxxx>



<Prev in Thread] Current Thread [Next in Thread>