Skip to content

Commit

Permalink
esp6: Use high-order sequence number bits for IV generation
Browse files Browse the repository at this point in the history 
I noticed we were only using the low-order bits for IV generation
when ESN is enabled.  This is very bad because it means that the
IV can repeat.  We must use the full 64 bits.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  • Loading branch information
Herbert Xu authored and Steffen Klassert committed May 13, 2015
1 parent 64aa423 commit 6d7258c
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion net/ipv6/esp6.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
aead_givcrypt_set_assoc(req, asg, assoclen);
aead_givcrypt_set_giv(req, esph->enc_data,
XFRM_SKB_CB(skb)->seq.output.low);
XFRM_SKB_CB(skb)->seq.output.low +
((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));

ESP_SKB_CB(skb)->tmp = tmp;
err = crypto_aead_givencrypt(req);
Expand Down

0 comments on commit 6d7258c

Please sign in to comment.