Message ID | 20150513072718.GB27424@gondor.apana.org.au |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
On Wed, May 13, 2015 at 03:27:18PM +0800, Herbert Xu wrote: > I noticed we were only using the low-order bits for IV generation > when ESN is enabled. This is very bad because it means that the > IV can repeat. We must use the full 64 bits. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Also applied to the ipsec tree. Thanks a lot Herbert! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 31f1b5d..7c07ce3 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) aead_givcrypt_set_crypt(req, sg, sg, clen, iv); aead_givcrypt_set_assoc(req, asg, assoclen); aead_givcrypt_set_giv(req, esph->enc_data, - XFRM_SKB_CB(skb)->seq.output.low); + XFRM_SKB_CB(skb)->seq.output.low + + ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32)); ESP_SKB_CB(skb)->tmp = tmp; err = crypto_aead_givencrypt(req);
I noticed we were only using the low-order bits for IV generation when ESN is enabled. This is very bad because it means that the IV can repeat. We must use the full 64 bits. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>