LinuxLists.cc - [PATCH 2.6.20-rc1] xfrm: Algorithm lookup using .compat name

2006-12-22 16:36:11

Subject: [PATCH 2.6.20-rc1] xfrm: Algorithm lookup using .compat name

Installing an IPsec SA using old algorithm names (.compat) does not work
if the algorithm is not already loaded. When not using the PF_KEY
interface, algorithms are not preloaded in xfrm_probe_algs() and
installing a IPsec SA fails.

Signed-off-by: Martin Willi <[email protected]>

--- a/net/xfrm/xfrm_algo.c 2006-12-22 16:43:31.000000000 +0100
+++ b/net/xfrm/xfrm_algo.c 2006-12-22 16:58:19.000000000 +0100
@@ -399,7 +399,8 @@ static struct xfrm_algo_desc *xfrm_get_b
if (!probe)
break;

- status = crypto_has_alg(name, type, mask |
CRYPTO_ALG_ASYNC);
+ status = crypto_has_alg(list[i].name, type,
+ mask | CRYPTO_ALG_ASYNC);
if (!status)
break;

2006-12-22 21:04:49

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH 2.6.20-rc1] xfrm: Algorithm lookup using .compat name

On Fri, Dec 22, 2006 at 05:26:43PM +0100, Martin Willi wrote:
> Installing an IPsec SA using old algorithm names (.compat) does not work
> if the algorithm is not already loaded. When not using the PF_KEY
> interface, algorithms are not preloaded in xfrm_probe_algs() and
> installing a IPsec SA fails.

Good catch. Thanks Martin!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2006-12-29 05:29:25

by David Miller

[permalink] [raw]

Subject: Re: [PATCH 2.6.20-rc1] xfrm: Algorithm lookup using .compat name

From: Herbert Xu <[email protected]>
Date: Sat, 23 Dec 2006 08:04:46 +1100

> On Fri, Dec 22, 2006 at 05:26:43PM +0100, Martin Willi wrote:
> > Installing an IPsec SA using old algorithm names (.compat) does not work
> > if the algorithm is not already loaded. When not using the PF_KEY
> > interface, algorithms are not preloaded in xfrm_probe_algs() and
> > installing a IPsec SA fails.
>
> Good catch. Thanks Martin!

Applied.

Martin, please be careful with future patch submissions, your
email client corrupted up the patch by adding newlines and
changing tab characters into spaces, so I had to add the patch
by hand.

Herbert, this fix is only needed for 2.6.20 correct? I assume
it was added by the 2.6.20 crypto layer merge, right?

Thanks.

2006-12-29 09:02:13

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH 2.6.20-rc1] xfrm: Algorithm lookup using .compat name

On Thu, Dec 28, 2006 at 09:28:51PM -0800, David Miller wrote:
>
> Herbert, this fix is only needed for 2.6.20 correct? I assume
> it was added by the 2.6.20 crypto layer merge, right?

Yes that's correct.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt