This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "".
The branch, tigermoth_lts has been updated via 487f052d596ea0c7c45de75738dcf418693a06dd (commit) via 6bcbd2be44c0a764e6ed995b2bb50ea265207795 (commit) from acebc12a2f2b108086a962976f0f5c4b4419f2c4 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 487f052d596ea0c7c45de75738dcf418693a06dd Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Tue Sep 11 15:12:13 2018 +0300
linux-gen: ipsec: reject SA creation with ESN flag set
Reject SA creation with ESN flag set. Fixes: https://bugs.linaro.org/show_bug.cgi?id=4002
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Bill Fischofer bill.fischofer@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 83bdb1c2..02836baf 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -289,6 +289,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; ipsec_sa->flags = 0; + if (param->opt.esn) { + ODP_ERR("ESN is not supported!\n"); + return ODP_IPSEC_SA_INVALID; + } if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) {
commit 6bcbd2be44c0a764e6ed995b2bb50ea265207795 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Tue Sep 11 13:12:16 2018 +0300
linux-gen: ipsec: fix sliding window shifts
If shift is greater than window bit-width, bit shift results in undefined behaviour. Rewrite code to excplicitly set the mask in such cases. Fixes: https://bugs.linaro.org/show_bug.cgi?id=3999
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Janne Peltonen janne.peltonen@nokia.com Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 3b1686b8..83bdb1c2 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -701,18 +701,17 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { status->error.antireplay = 1; return -1; - } - - if (seq > max_seq) { + } else if (seq >= max_seq + IPSEC_ANTIREPLAY_WS) { + mask = 1; + max_seq = seq; + } else if (seq > max_seq) { mask <<= seq - max_seq; mask |= 1; max_seq = seq; + } else if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; } else { - if (mask & (1U << (max_seq - seq))) { - status->error.antireplay = 1; - return -1; - } - mask |= (1U << (max_seq - seq)); }
-----------------------------------------------------------------------
Summary of changes: platform/linux-generic/odp_ipsec_sad.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-)
hooks/post-receive