From Darran Hunt: you can't just specify the "wrong" underlying algorithm
with the "right" output size in the xform declaration and have the _96 HMAC variants work -- the actual algorithm machinery (hardware or software) ignores the output-size parameter, it's just there to inform the interface consumer. This should fix FAST_IPSEC.
This commit is contained in:
parent
49cf9ad72a
commit
baa02d2a35
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: xform.c,v 1.16 2008/02/02 02:39:01 tls Exp $ */
|
||||
/* $NetBSD: xform.c,v 1.17 2008/02/28 09:29:10 tls Exp $ */
|
||||
/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
|
||||
/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
|
||||
|
||||
|
@ -40,7 +40,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.16 2008/02/02 02:39:01 tls Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.17 2008/02/28 09:29:10 tls Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/malloc.h>
|
||||
|
@ -136,17 +136,17 @@ struct auth_hash auth_hash_hmac_ripemd_160 = {
|
|||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_md5_96 = {
|
||||
CRYPTO_MD5_HMAC, "HMAC-MD5-96",
|
||||
CRYPTO_MD5_HMAC_96, "HMAC-MD5-96",
|
||||
16, 16, 12, sizeof(MD5_CTX)
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_sha1_96 = {
|
||||
CRYPTO_SHA1_HMAC, "HMAC-SHA1-96",
|
||||
CRYPTO_SHA1_HMAC_96, "HMAC-SHA1-96",
|
||||
20, 20, 12, sizeof(SHA1_CTX)
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_ripemd_160_96 = {
|
||||
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
|
||||
CRYPTO_RIPEMD160_HMAC_96, "HMAC-RIPEMD-160",
|
||||
20, 20, 12, sizeof(RMD160_CTX)
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue