diff options
| author | Mikael Ylikoski <my@post.utfors.se> | 2003-08-17 14:04:17 -0700 |
|---|---|---|
| committer | David S. Miller <davem@nuts.ninka.net> | 2003-08-17 14:04:17 -0700 |
| commit | f7ab034d70d50dadd7801d3970dec18edd6b07a1 (patch) | |
| tree | 19aef5b060f1f92cb59c03da65f10ded67bd57d1 /net | |
| parent | 68bc1ac97a21214d62a04468eda26c775fc1bc97 (diff) | |
[IPSEC]: Fix oops using null ciper in CBC mode.
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/esp4.c | 5 | ||||
| -rw-r--r-- | net/ipv6/esp6.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index af293a7bc687..b5187c936efe 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -505,7 +505,10 @@ int esp_init_state(struct xfrm_state *x, void *args) } esp->conf.key = x->ealg->alg_key; esp->conf.key_len = (x->ealg->alg_key_len+7)/8; - esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); + if (x->props.ealgo == SADB_EALG_NULL) + esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); + else + esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); if (esp->conf.tfm == NULL) goto error; esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 32edc04f098b..992009213c3c 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -409,7 +409,10 @@ int esp6_init_state(struct xfrm_state *x, void *args) } esp->conf.key = x->ealg->alg_key; esp->conf.key_len = (x->ealg->alg_key_len+7)/8; - esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); + if (x->props.ealgo == SADB_EALG_NULL) + esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); + else + esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); if (esp->conf.tfm == NULL) goto error; esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); |