From: Eric Biggers <[email protected]>
Commit f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV") made
CRYPTO_CTR stop selecting CRYPTO_SEQIV. This breaks IPsec for most
users since GCM and several other encryption algorithms require "seqiv"
-- and RFC 8221 lists AES-GCM as "MUST" be implemented.
Just make XFRM_ESP select CRYPTO_SEQIV.
Fixes: f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV")
Acked-by: Herbert Xu <[email protected]>
Cc: Corentin Labbe <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: Steffen Klassert <[email protected]>
Signed-off-by: Eric Biggers <[email protected]>
---
net/xfrm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 169c22140709f7..b2ff8df2c836ef 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -86,6 +86,7 @@ config XFRM_ESP
select CRYPTO_SHA1
select CRYPTO_DES
select CRYPTO_ECHAINIV
+ select CRYPTO_SEQIV
config XFRM_IPCOMP
tristate
--
2.26.2
