From owner-freebsd-current@FreeBSD.ORG Wed Aug 17 14:02:46 2005 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59C5C16A421 for ; Wed, 17 Aug 2005 14:02:46 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABFCE43D48 for ; Wed, 17 Aug 2005 14:02:45 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 2FB8852C80; Wed, 17 Aug 2005 16:02:44 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 9831952BC4; Wed, 17 Aug 2005 16:02:37 +0200 (CEST) Date: Wed, 17 Aug 2005 16:02:25 +0200 From: Pawel Jakub Dawidek To: Mike Tancsa Message-ID: <20050817140225.GF11066@garage.freebsd.pl> References: <20050812134511.GE25162@garage.freebsd.pl> <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2> <20050813074636.GH27996@garage.freebsd.pl> <6.2.3.4.0.20050813102138.0644fe08@64.7.153.2> <20050816185956.GA8407@garage.freebsd.pl> <6.2.3.4.0.20050816154326.087cf7b8@64.7.153.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HCdXmnRlPgeNBad2" Content-Disposition: inline In-Reply-To: <6.2.3.4.0.20050816154326.087cf7b8@64.7.153.2> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng devel (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: FreeBSD-current Subject: Re: VIA/ACE PadLock integration with crypto(9). X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2005 14:02:46 -0000 --HCdXmnRlPgeNBad2 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 16, 2005 at 03:53:26PM -0400, Mike Tancsa wrote: +> >Ok, I committed a fix to HEAD. +> >Here is the patch: +> > http://people.freebsd.org/~pjd/patches/rijndael.patch +>=20 +>=20 +> Perhaps a lame question, but would it be possible to craft such a packet= from the outside world to send as a DoS ? No, you need to be able to setup wrong key locally. Is local DoS possible? Here answer is more complex and short version is "I believe it is not.". Long version: The bug is in kernel rijndael software code. You cannot setup wrong key via crypto(4), because you can use it only if crypto hardware is available. Another method to configure software crypto from userland is setkey(8), but you need uid 0 for this. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --HCdXmnRlPgeNBad2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDA0NxForvXbEpPzQRAjC3AJwP7UoHgNyT9giUWPqseF7SbOheJwCfbfpT gMxnAW6k8Gi/ZuzMXUX7Ntk= =5HyJ -----END PGP SIGNATURE----- --HCdXmnRlPgeNBad2--