On 01/25/2016 11:26 AM, Herbert Xu wrote: > Thomas Egerer <hakke_...@gmx.de> wrote: >> The ESP algorithms using CBC mode require echainiv. Hence INET*_ESP have >> to select CRYPTO_ECHAINIV in order to work properly. This solves the >> issues caused by a misconfiguration as described in [1]. >> The original approach, patching crypto/Kconfig was turned down by >> Herbert Xu [2]. >> >> [1] https://lists.strongswan.org/pipermail/users/2015-December/009074.html >> [2] http://marc.info/?l=linux-crypto-vger&m=145224655809562&w=2 >> >> Signed-off-by: Thomas Egerer <hakke_...@gmx.de> >> --- >> net/ipv4/Kconfig | 1 + >> net/ipv6/Kconfig | 1 + >> 2 files changed, 2 insertions(+) >> >> diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig >> index c229205..7758247 100644 >> --- a/net/ipv4/Kconfig >> +++ b/net/ipv4/Kconfig >> @@ -353,6 +353,7 @@ config INET_ESP >> select CRYPTO_CBC >> select CRYPTO_SHA1 >> select CRYPTO_DES >> + select CRYPTO_ECHAINIV >> ---help--- >> Support for IPsec ESP. >> >> diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig >> index bb7dabe..40c8975 100644 >> --- a/net/ipv6/Kconfig >> +++ b/net/ipv6/Kconfig >> @@ -69,6 +69,7 @@ config INET6_ESP >> select CRYPTO_CBC >> select CRYPTO_SHA1 >> select CRYPTO_DES > > Your patch seems to be missing a few lines at the end. That's odd, yet the my outbox contains a truncated mail, too. Sorry, will resend the patch in a jiff.
Thomas > Otherwise it looks good to me. > > Cheers, >
