Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.

This will break interoperability with all older versions of FreeBSD for those algorithms. Reviewed by: bz, gnn Obtained from: NETASQ MFC after: 1w
author: vanhu <vanhu@FreeBSD.org> 2011-02-18 09:40:13 +0000
committer: vanhu <vanhu@FreeBSD.org> 2011-02-18 09:40:13 +0000
commit: b5386e15c14dd35dcd82a748b00a7a741b1238f9 (patch)
tree: 7caf902dec994fcea8dd9be967378950d398ba35 /sys/netipsec/xform.h
parent: f9ba5edcb6ab519d38ac8a40899df85ba5713843 (diff)
download: FreeBSD-src-b5386e15c14dd35dcd82a748b00a7a741b1238f9.zip
FreeBSD-src-b5386e15c14dd35dcd82a748b00a7a741b1238f9.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h
index 92f7866..47e2cfe 100644
--- a/sys/netipsec/xform.h
+++ b/sys/netipsec/xform.h
@@ -46,6 +46,7 @@
 #include <opencrypto/xform.h>
 
 #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
+#define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
 #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
 
 /*
author	vanhu <vanhu@FreeBSD.org>	2011-02-18 09:40:13 +0000
committer	vanhu <vanhu@FreeBSD.org>	2011-02-18 09:40:13 +0000
commit	b5386e15c14dd35dcd82a748b00a7a741b1238f9 (patch)
tree	7caf902dec994fcea8dd9be967378950d398ba35 /sys/netipsec/xform.h
parent	f9ba5edcb6ab519d38ac8a40899df85ba5713843 (diff)
download	FreeBSD-src-b5386e15c14dd35dcd82a748b00a7a741b1238f9.zip FreeBSD-src-b5386e15c14dd35dcd82a748b00a7a741b1238f9.tar.gz