diff options
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/esp4.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index e87377e1d6b6..13b29360d102 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -95,8 +95,13 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
95 | esph->seq_no = htonl(++x->replay.oseq); | 95 | esph->seq_no = htonl(++x->replay.oseq); |
96 | xfrm_aevent_doreplay(x); | 96 | xfrm_aevent_doreplay(x); |
97 | 97 | ||
98 | if (esp->conf.ivlen) | 98 | if (esp->conf.ivlen) { |
99 | if (unlikely(!esp->conf.ivinitted)) { | ||
100 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | ||
101 | esp->conf.ivinitted = 1; | ||
102 | } | ||
99 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); | 103 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
104 | } | ||
100 | 105 | ||
101 | do { | 106 | do { |
102 | struct scatterlist *sg = &esp->sgbuf[0]; | 107 | struct scatterlist *sg = &esp->sgbuf[0]; |
@@ -378,7 +383,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
378 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); | 383 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); |
379 | if (unlikely(esp->conf.ivec == NULL)) | 384 | if (unlikely(esp->conf.ivec == NULL)) |
380 | goto error; | 385 | goto error; |
381 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | 386 | esp->conf.ivinitted = 0; |
382 | } | 387 | } |
383 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 388 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) |
384 | goto error; | 389 | goto error; |