summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2015-05-13 09:26:10 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2015-05-13 09:34:53 +0200
commit64aa42338e9a88c139b89797163714f0f95f3c6b (patch)
tree512567243de7083143af3fa1d4511c790d0e43a6 /net
parentxfrm: fix a race in xfrm_state_lookup_byspi (diff)
downloadlinux-64aa42338e9a88c139b89797163714f0f95f3c6b.tar.xz
linux-64aa42338e9a88c139b89797163714f0f95f3c6b.zip
esp4: Use high-order sequence number bits for IV generation
I noticed we were only using the low-order bits for IV generation when ESN is enabled. This is very bad because it means that the IV can repeat. We must use the full 64 bits. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/esp4.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 421a80b09b62..30b544f025ac 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -256,7 +256,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
aead_givcrypt_set_assoc(req, asg, assoclen);
aead_givcrypt_set_giv(req, esph->enc_data,
- XFRM_SKB_CB(skb)->seq.output.low);
+ XFRM_SKB_CB(skb)->seq.output.low +
+ ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
ESP_SKB_CB(skb)->tmp = tmp;
err = crypto_aead_givencrypt(req);