On Wed, 20 Mar 2013 16:31:58 +0200 Horia Geanta <horia.geanta@xxxxxxxxxxxxx> wrote: > This reverts commit 891104ed008e8646c7860fe5bc70b0aac55dcc6c. > > Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha)) > (separate encryption and integrity algorithms) does not conform > to RFC4303. > > ICV is generated by hashing the sequence > SPI, SeqNum-High, SeqNum-Low, IV, Payload > instead of > SPI, SeqNum-Low, IV, Payload, SeqNum-High. > > Cc: <stable@xxxxxxxxxxxxxxx> # 3.8, 3.7 > Reported-by: Chaoxing Lin <Chaoxing.Lin@xxxxxxxxxxxxxx> > Signed-off-by: Horia Geanta <horia.geanta@xxxxxxxxxxxxx> > --- Reviewed-by: Kim Phillips <kim.phillips@xxxxxxxxxxxxx> Kim -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
