ipsec spi number not initialized
Bug #607484 reported by
René Hummen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HIPL |
Invalid
|
Undecided
|
Artturi Karila |
Bug Description
IPsec SAs are set up with uninitialized spi values. It seems uninitialized uint32_t variables are used to provide randomness. This might be exploitable and should be replace by a call to openssl random number generators.
visibility: | private → public |
Changed in hipl: | |
assignee: | nobody → Artturi Karila (artturi-karila) |
To post a comment you must log in.
For base exchange, hip_hadb_ init_entry( ) initializes inbound spi using get_random_bytes(). Outbound SPI is received from the peer. Are you referring to UPDATE? Can you be more specific, thanks.