Re: Bug somewhere in crypto or ipsec stuff

[James Morris]

On Thu, 30 Oct 2003, YOSHIFUJI Hideaki / [iso-2022-jp] $B5HF#1QL@(B wrote:

> In article <Xine.LNX.4.44.0310292221320.23405-100000@xxxxxxxxxxxxxxxxxxxxxxxx> (at Wed, 29 Oct 2003 22:22:50 -0500 (EST)), James Morris <jmorris@xxxxxxxxxx> says:
> 
> > On Thu, 30 Oct 2003, YOSHIFUJI Hideaki / [iso-2022-jp] $B5HF#1QL@(B wrote:
> > 
> > 
> > > I would just disallow name == NULL,
> > > well, what algorithm do you expect?
> > 
> > Good question.  It seems to me to be a bug in the calling code if it is 
> > trying to look up nothing -- I'd rather not paper that over.
> 
> Do you mean that we need to fix the caller?

Yes.

> 
> Well, people may want to get just any algorithm.
> In such case,
>  - crypto allows name == NULL, and return any algorithm
>    (for example, an algorithm that we see first.)
>  - caller may filter name == NULL case if it is ambiguous in their context.

I think that could be dangerous, including if calling with null is a 
bug, and they get an inappropriate algorithm.  An incorrect algorithm type 
could also be returned (e.g. digest instead of a cipher).

- James
-- 
James Morris
<jmorris@xxxxxxxxxx>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/