Re: [PATCH 2.6.26-rc3] xfrm: Installing NULL encryption IPSec SAs fails
From: Herbert Xu
Date: Wed May 21 2008 - 19:59:38 EST
On Wed, May 21, 2008 at 01:37:56PM -0700, David Miller wrote:
> From: Martin Willi <martin@xxxxxxxxxxxxxx>
> Date: Wed, 21 May 2008 11:55:06 -0500
>
> > ïInstalling NULL encryption IPSec SAs works using the .compat name
> > "cipher_null", but fails with the .name "ecp(cipher_null)" due the
> > missing check in key length verification.
> > ï
> > Signed-off-by: Martin Willi <martin@xxxxxxxxxxxxxx>
>
> Herbert does this look Ok to you?
I think we should get rid of the zero check altogether as a
zero-length key will fail on setkey of a real algorithm anyway
because of the min_keysize/max_keysize checks in the crypto API.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/