From 1f7868c704afbf4e8feb32d6bd24bbeebd94b35b Mon Sep 17 00:00:00 2001 From: pjd Date: Wed, 17 May 2006 18:30:28 +0000 Subject: - The authsize field from auth_hash structure was removed. - Define that we want to receive only 96 bits of HMAC. - Names of the structues have no longer _96 suffix. Reviewed by: sam --- sys/netipsec/xform_ah.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'sys/netipsec/xform_ah.c') diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 24320ce..6114908 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -81,11 +81,11 @@ sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) /* * Return authenticator size in bytes. The old protocol is known - * to use a fixed 16-byte authenticator. The new algorithm gets - * this size from the xform but is (currently) always 12. + * to use a fixed 16-byte authenticator. The new algorithm use 12-byte + * authenticator. */ #define AUTHSIZE(sav) \ - ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize) + ((sav->flags & SADB_X_EXT_OLD) ? 16 : AH_HMAC_HASHLEN) int ah_enable = 1; /* control flow of packets with AH */ int ah_cleartos = 1; /* clear ip_tos when doing AH calc */ @@ -116,11 +116,11 @@ ah_algorithm_lookup(int alg) case SADB_X_AALG_NULL: return &auth_hash_null; case SADB_AALG_MD5HMAC: - return &auth_hash_hmac_md5_96; + return &auth_hash_hmac_md5; case SADB_AALG_SHA1HMAC: - return &auth_hash_hmac_sha1_96; + return &auth_hash_hmac_sha1; case SADB_X_AALG_RIPEMD160HMAC: - return &auth_hash_hmac_ripemd_160_96; + return &auth_hash_hmac_ripemd_160; case SADB_X_AALG_MD5: return &auth_hash_key_md5; case SADB_X_AALG_SHA: @@ -202,6 +202,7 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) cria->cri_alg = sav->tdb_authalgxform->type; cria->cri_klen = _KEYBITS(sav->key_auth); cria->cri_key = sav->key_auth->key_data; + cria->cri_mlen = AUTHSIZE(sav); return 0; } -- cgit v1.1