Bug#650652: linux-image-2.6.32-5-amd64: Kernel IPsec code rejects 288-bit keys for AES-CTR as being too long

Package: linux-2.6 Version: 2.6.32-38 Severity: important Tags: patch The kernel incorrectly rejects 288-bit keys for AES-CTR (256 + 32 for nonce) as being too long. This is a rather major deficiency, as it prevents using AES-256-CTR at all for IPsec. This has been fixed as of the

Bug#650652: Patch

commit 4203223a1aed862b4445fdcd260d6139603a51d9 Author: Tushar Gohad tgo...@mvista.com Date: Thu Jul 28 10:36:20 2011 + xfrm: Fix key lengths for rfc3686(ctr(aes)) Fix the min and max bit lengths for AES-CTR (RFC3686) keys. The number of bits in key spec is the key length