Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6d7258ca authored by Herbert Xu's avatar Herbert Xu Committed by Steffen Klassert
Browse files

esp6: Use high-order sequence number bits for IV generation 



I noticed we were only using the low-order bits for IV generation
when ESN is enabled.  This is very bad because it means that the
IV can repeat.  We must use the full 64 bits.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 64aa4233

net/ipv6/esp6.c

+2 −1
Original line number Diff line number Diff line
@@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) 
	aead_givcrypt_set_crypt(req, sg, sg, clen, iv);

	aead_givcrypt_set_assoc(req, asg, assoclen);

	aead_givcrypt_set_giv(req, esph->enc_data,

			      XFRM_SKB_CB(skb)->seq.output.low);

			      XFRM_SKB_CB(skb)->seq.output.low +

			      ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));



	ESP_SKB_CB(skb)->tmp = tmp;

	err = crypto_aead_givencrypt(req);