From: Eric Biggers <ebigg...@google.com>
Commit f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV") made
CRYPTO_CTR stop selecting CRYPTO_SEQIV. This breaks IPsec for most
users since GCM and several other encryption algorithms require "seqiv"
-- and RFC 8221 lists AES-GCM as "MUST" be implemented.
Just make XFRM_ESP select CRYPTO_SEQIV.
Fixes: f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV") made
Cc: Corentin Labbe <cla...@baylibre.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klass...@secunet.com>
Signed-off-by: Eric Biggers <ebigg...@google.com>
---
net/xfrm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 169c22140709f7..b2ff8df2c836ef 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -86,6 +86,7 @@ config XFRM_ESP
select CRYPTO_SHA1
select CRYPTO_DES
select CRYPTO_ECHAINIV
+ select CRYPTO_SEQIV
config XFRM_IPCOMP
tristate
--
2.26.2
