Hello All.
I found the bug in IPv6 of linux kernel2.6.7.
The ESP ICV length for HMAC-SHA2-256 algorithm should not be 96 bits,
but should be 128 bits.
As a result, the payload of the IPv6 packet which contains an ESP-header
of the HMAC-SHA2-256 algorithm becomes a wrong content.
The patch to kernel2.6.7 is as follows.
--- linux-2.6.7/net/xfrm/xfrm_algo.c 2004-07-02 15:17:03.206743112 -0400
+++ linux-2.6.7/net/xfrm/xfrm_algo.c 2004-07-02 15:20:01.285671000 -0400
@@ -85,7 +85,7 @@
.uinfo = {
.auth = {
- .icv_truncbits = 96,
+ .icv_truncbits = 128,
.icv_fullbits = 256,
}
},
Regards,
Ueki Kohei
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
