aboutsummaryrefslogtreecommitdiffstats
path: root/arch/powerpc/lib
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2012-09-04 00:03:29 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-10-13 05:28:03 +0900
commit7218addc4b8bec641937e8236099f52974cf5687 (patch)
treec652c211b50e88e846cc079de2d669c5855c04d0 /arch/powerpc/lib
parent21de4eb26ec0b1b9c484da823fbcd1d3a48afec9 (diff)
downloadkernel_samsung_crespo-7218addc4b8bec641937e8236099f52974cf5687.zip
kernel_samsung_crespo-7218addc4b8bec641937e8236099f52974cf5687.tar.gz
kernel_samsung_crespo-7218addc4b8bec641937e8236099f52974cf5687.tar.bz2
xfrm: Workaround incompatibility of ESN and async crypto
[ Upstream commit 3b59df46a449ec9975146d71318c4777ad086744 ] ESN for esp is defined in RFC 4303. This RFC assumes that the sequence number counters are always up to date. However, this is not true if an async crypto algorithm is employed. If the sequence number counters are not up to date on sequence number check, we may incorrectly update the upper 32 bit of the sequence number. This leads to a DOS. We workaround this by comparing the upper sequence number, (used for authentication) with the upper sequence number computed after the async processing. We drop the packet if these numbers are different. To do this, we introduce a recheck function that does this check in the ESN case. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'arch/powerpc/lib')
0 files changed, 0 insertions, 0 deletions