This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "".
The branch, master has been updated via 461a16705242b1fd7e64b50fcaae57fce7cd7f79 (commit) via 94a4993ad85539f138178ba738b87d45ba09a1f9 (commit) from c5789c8633254aca7e1d978d1e1f0ad7077e7e2c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 461a16705242b1fd7e64b50fcaae57fce7cd7f79 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Tue Sep 11 15:12:13 2018 +0300
linux-gen: ipsec: reject SA creation with ESN flag set
Reject SA creation with ESN flag set. Fixes: https://bugs.linaro.org/show_bug.cgi?id=4002
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Bill Fischofer bill.fischofer@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 3c19939e..5557e314 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -289,6 +289,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; ipsec_sa->flags = 0; + if (param->opt.esn) { + ODP_ERR("ESN is not supported!\n"); + return ODP_IPSEC_SA_INVALID; + } if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) {
commit 94a4993ad85539f138178ba738b87d45ba09a1f9 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Tue Sep 11 13:12:16 2018 +0300
linux-gen: ipsec: fix sliding window shifts
If shift is greater than window bit-width, bit shift results in undefined behaviour. Rewrite code to excplicitly set the mask in such cases. Fixes: https://bugs.linaro.org/show_bug.cgi?id=3999
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Janne Peltonen janne.peltonen@nokia.com Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 11f37fd8..3c19939e 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -701,18 +701,17 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { status->error.antireplay = 1; return -1; - } - - if (seq > max_seq) { + } else if (seq >= max_seq + IPSEC_ANTIREPLAY_WS) { + mask = 1; + max_seq = seq; + } else if (seq > max_seq) { mask <<= seq - max_seq; mask |= 1; max_seq = seq; + } else if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; } else { - if (mask & (1U << (max_seq - seq))) { - status->error.antireplay = 1; - return -1; - } - mask |= (1U << (max_seq - seq)); }
-----------------------------------------------------------------------
Summary of changes: platform/linux-generic/odp_ipsec_sad.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-)
hooks/post-receive