From b5386e15c14dd35dcd82a748b00a7a741b1238f9 Mon Sep 17 00:00:00 2001
From: vanhu <vanhu@FreeBSD.org>
Date: Fri, 18 Feb 2011 09:40:13 +0000
Subject: Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant. This
 will break interoperability with all older versions of FreeBSD for those
 algorithms.

Reviewed by:	bz, gnn
Obtained from:	NETASQ
MFC after:	1w
---
 sys/netipsec/xform.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sys/netipsec/xform.h')

diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h
index 92f7866..47e2cfe 100644
--- a/sys/netipsec/xform.h
+++ b/sys/netipsec/xform.h
@@ -46,6 +46,7 @@
 #include <opencrypto/xform.h>
 
 #define	AH_HMAC_HASHLEN		12	/* 96 bits of authenticator */
+#define	AH_HMAC_MAXHASHLEN	(SHA2_512_HASH_LEN/2)	/* Keep this updated */
 #define	AH_HMAC_INITIAL_RPL	1	/* replay counter initial value */
 
 /*
-- 
cgit v1.1