On Wed, Mar 20, 2013 at 06:46:34PM -0500, Kim Phillips wrote: > On Wed, 20 Mar 2013 16:31:38 +0200 > Horia Geanta <horia.geanta@xxxxxxxxxxxxx> wrote: > > > This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d. > > > > Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha)) > > (separate encryption and integrity algorithms) does not conform > > to RFC4303. > > > > ICV is generated by hashing the sequence > > SPI, SeqNum-High, SeqNum-Low, IV, Payload > > instead of > > SPI, SeqNum-Low, IV, Payload, SeqNum-High. > > > > Cc: <stable@xxxxxxxxxxxxxxx> # 3.8, 3.7 > > Reported-by: Chaoxing Lin <Chaoxing.Lin@xxxxxxxxxxxxxx> > > Signed-off-by: Horia Geanta <horia.geanta@xxxxxxxxxxxxx> > > --- > > Reviewed-by: Kim Phillips <kim.phillips@xxxxxxxxxxxxx> Both patches applied to crypto. Thanks! -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
