diff options
Diffstat (limited to 'net/ipv4/esp4.c')
| -rw-r--r-- | net/ipv4/esp4.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index b428489f6ccd..13b29360d102 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -95,8 +95,13 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 95 | esph->seq_no = htonl(++x->replay.oseq); | 95 | esph->seq_no = htonl(++x->replay.oseq); |
| 96 | xfrm_aevent_doreplay(x); | 96 | xfrm_aevent_doreplay(x); |
| 97 | 97 | ||
| 98 | if (esp->conf.ivlen) | 98 | if (esp->conf.ivlen) { |
| 99 | if (unlikely(!esp->conf.ivinitted)) { | ||
| 100 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | ||
| 101 | esp->conf.ivinitted = 1; | ||
| 102 | } | ||
| 99 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); | 103 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
| 104 | } | ||
| 100 | 105 | ||
| 101 | do { | 106 | do { |
| 102 | struct scatterlist *sg = &esp->sgbuf[0]; | 107 | struct scatterlist *sg = &esp->sgbuf[0]; |
| @@ -248,7 +253,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 248 | * as per draft-ietf-ipsec-udp-encaps-06, | 253 | * as per draft-ietf-ipsec-udp-encaps-06, |
| 249 | * section 3.1.2 | 254 | * section 3.1.2 |
| 250 | */ | 255 | */ |
| 251 | if (!x->props.mode) | 256 | if (x->props.mode == XFRM_MODE_TRANSPORT) |
| 252 | skb->ip_summed = CHECKSUM_UNNECESSARY; | 257 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
| 253 | } | 258 | } |
| 254 | 259 | ||
| @@ -267,7 +272,7 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | |||
| 267 | struct esp_data *esp = x->data; | 272 | struct esp_data *esp = x->data; |
| 268 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); | 273 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); |
| 269 | 274 | ||
| 270 | if (x->props.mode) { | 275 | if (x->props.mode == XFRM_MODE_TUNNEL) { |
| 271 | mtu = ALIGN(mtu + 2, blksize); | 276 | mtu = ALIGN(mtu + 2, blksize); |
| 272 | } else { | 277 | } else { |
| 273 | /* The worst case. */ | 278 | /* The worst case. */ |
| @@ -378,12 +383,12 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 378 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); | 383 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); |
| 379 | if (unlikely(esp->conf.ivec == NULL)) | 384 | if (unlikely(esp->conf.ivec == NULL)) |
| 380 | goto error; | 385 | goto error; |
| 381 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | 386 | esp->conf.ivinitted = 0; |
| 382 | } | 387 | } |
| 383 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 388 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) |
| 384 | goto error; | 389 | goto error; |
| 385 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | 390 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; |
| 386 | if (x->props.mode) | 391 | if (x->props.mode == XFRM_MODE_TUNNEL) |
| 387 | x->props.header_len += sizeof(struct iphdr); | 392 | x->props.header_len += sizeof(struct iphdr); |
| 388 | if (x->encap) { | 393 | if (x->encap) { |
| 389 | struct xfrm_encap_tmpl *encap = x->encap; | 394 | struct xfrm_encap_tmpl *encap = x->encap; |