 246bbedb9a
			
		
	
	
	246bbedb9a
	
	
	
		
			
			This reverts commit 891104ed00.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
		
	
			
		
			
				
	
	
		
			39 lines
		
	
	
	
		
			935 B
			
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			39 lines
		
	
	
	
		
			935 B
			
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Copyright 2008-2011 Freescale Semiconductor, Inc.
 | |
|  */
 | |
| 
 | |
| #ifndef CAAM_COMPAT_H
 | |
| #define CAAM_COMPAT_H
 | |
| 
 | |
| #include <linux/kernel.h>
 | |
| #include <linux/module.h>
 | |
| #include <linux/mod_devicetable.h>
 | |
| #include <linux/device.h>
 | |
| #include <linux/interrupt.h>
 | |
| #include <linux/crypto.h>
 | |
| #include <linux/hash.h>
 | |
| #include <linux/hw_random.h>
 | |
| #include <linux/of_platform.h>
 | |
| #include <linux/dma-mapping.h>
 | |
| #include <linux/io.h>
 | |
| #include <linux/spinlock.h>
 | |
| #include <linux/rtnetlink.h>
 | |
| #include <linux/in.h>
 | |
| #include <linux/slab.h>
 | |
| #include <linux/types.h>
 | |
| #include <linux/debugfs.h>
 | |
| #include <linux/circ_buf.h>
 | |
| #include <net/xfrm.h>
 | |
| 
 | |
| #include <crypto/algapi.h>
 | |
| #include <crypto/aes.h>
 | |
| #include <crypto/des.h>
 | |
| #include <crypto/sha.h>
 | |
| #include <crypto/md5.h>
 | |
| #include <crypto/aead.h>
 | |
| #include <crypto/authenc.h>
 | |
| #include <crypto/scatterwalk.h>
 | |
| #include <crypto/internal/skcipher.h>
 | |
| #include <crypto/internal/hash.h>
 | |
| 
 | |
| #endif /* !defined(CAAM_COMPAT_H) */
 |