Commit 52783ada authored by Tobias Brunner's avatar Tobias Brunner Committed by Greg Kroah-Hartman

esp6: Fix integrity verification when ESN are used

commit a55e2386 upstream.

When handling inbound packets, the two halves of the sequence number
stored on the skb are already in network order.

Fixes: 000ae7b2 ("esp6: Switch to new AEAD interface")
Signed-off-by: default avatarTobias Brunner <tobias@strongswan.org>
Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3bf28ce9
...@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
esph = (void *)skb_push(skb, 4); esph = (void *)skb_push(skb, 4);
*seqhi = esph->spi; *seqhi = esph->spi;
esph->spi = esph->seq_no; esph->spi = esph->seq_no;
esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi); esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
aead_request_set_callback(req, 0, esp_input_done_esn, skb); aead_request_set_callback(req, 0, esp_input_done_esn, skb);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment