diff options
| author | pjd <pjd@FreeBSD.org> | 2006-05-17 18:30:28 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2006-05-17 18:30:28 +0000 |
| commit | 1f7868c704afbf4e8feb32d6bd24bbeebd94b35b (patch) | |
| tree | 58e6a6e8a06d3307bbc2445fb72ca6d69f08d60f /sys | |
| parent | 4de9eb667b4c239151ad89537db3d68fbf193b2e (diff) | |
| download | FreeBSD-src-1f7868c704afbf4e8feb32d6bd24bbeebd94b35b.zip FreeBSD-src-1f7868c704afbf4e8feb32d6bd24bbeebd94b35b.tar.gz | |
- The authsize field from auth_hash structure was removed.
- Define that we want to receive only 96 bits of HMAC.
- Names of the structues have no longer _96 suffix.
Reviewed by: sam
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netipsec/xform_ah.c | 13 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 8 |
2 files changed, 11 insertions, 10 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 24320ce..6114908 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -81,11 +81,11 @@ sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) /* * Return authenticator size in bytes. The old protocol is known - * to use a fixed 16-byte authenticator. The new algorithm gets - * this size from the xform but is (currently) always 12. + * to use a fixed 16-byte authenticator. The new algorithm use 12-byte + * authenticator. */ #define AUTHSIZE(sav) \ - ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize) + ((sav->flags & SADB_X_EXT_OLD) ? 16 : AH_HMAC_HASHLEN) int ah_enable = 1; /* control flow of packets with AH */ int ah_cleartos = 1; /* clear ip_tos when doing AH calc */ @@ -116,11 +116,11 @@ ah_algorithm_lookup(int alg) case SADB_X_AALG_NULL: return &auth_hash_null; case SADB_AALG_MD5HMAC: - return &auth_hash_hmac_md5_96; + return &auth_hash_hmac_md5; case SADB_AALG_SHA1HMAC: - return &auth_hash_hmac_sha1_96; + return &auth_hash_hmac_sha1; case SADB_X_AALG_RIPEMD160HMAC: - return &auth_hash_hmac_ripemd_160_96; + return &auth_hash_hmac_ripemd_160; case SADB_X_AALG_MD5: return &auth_hash_key_md5; case SADB_X_AALG_SHA: @@ -202,6 +202,7 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) cria->cri_alg = sav->tdb_authalgxform->type; cria->cri_klen = _KEYBITS(sav->key_auth); cria->cri_key = sav->key_auth->key_data; + cria->cri_mlen = AUTHSIZE(sav); return 0; } diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index cd9c312..fad3547 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -528,13 +528,13 @@ esp_input_cb(struct cryptop *crp) ahstat.ahs_hist[sav->alg_auth]++; if (mtag == NULL) { /* Copy the authenticator from the packet */ - m_copydata(m, m->m_pkthdr.len - esph->authsize, - esph->authsize, aalg); + m_copydata(m, m->m_pkthdr.len - AH_HMAC_HASHLEN, + AH_HMAC_HASHLEN, aalg); ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, esph->authsize) != 0) { + if (bcmp(ptr, aalg, AH_HMAC_HASHLEN) != 0) { DPRINTF(("%s: " "authentication hash mismatch for packet in SA %s/%08lx\n", __func__, @@ -547,7 +547,7 @@ esp_input_cb(struct cryptop *crp) } /* Remove trailing authenticator */ - m_adj(m, -(esph->authsize)); + m_adj(m, -AH_HMAC_HASHLEN); } /* Release the crypto descriptors */ |
