From Darran Hunt: you can't just specify the "wrong" underlying algorithm

with the "right" output size in the xform declaration and have the _96 HMAC variants work -- the actual algorithm machinery (hardware or software) ignores the output-size parameter, it's just there to inform the interface consumer. This should fix FAST_IPSEC.
2008-02-28 09:29:10 +00:00 · 2008-02-28 09:29:10 +00:00 · baa02d2a35
parent 49cf9ad72a
commit baa02d2a35
1 changed files with 5 additions and 5 deletions
--- a/sys/opencrypto/xform.c
+++ b/sys/opencrypto/xform.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xform.c,v 1.16 2008/02/02 02:39:01 tls Exp $ */
+/*	$NetBSD: xform.c,v 1.17 2008/02/28 09:29:10 tls Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $	*/

@ -40,7 +40,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.16 2008/02/02 02:39:01 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.17 2008/02/28 09:29:10 tls Exp $");

 #include <sys/param.h>
 #include <sys/malloc.h>
@ -136,17 +136,17 @@ struct auth_hash auth_hash_hmac_ripemd_160 = {
 };

 struct auth_hash auth_hash_hmac_md5_96 = {
-	CRYPTO_MD5_HMAC, "HMAC-MD5-96",
+	CRYPTO_MD5_HMAC_96, "HMAC-MD5-96",
 	16, 16, 12, sizeof(MD5_CTX)
 };

 struct auth_hash auth_hash_hmac_sha1_96 = {
-	CRYPTO_SHA1_HMAC, "HMAC-SHA1-96",
+	CRYPTO_SHA1_HMAC_96, "HMAC-SHA1-96",
 	20, 20, 12, sizeof(SHA1_CTX)
 };

 struct auth_hash auth_hash_hmac_ripemd_160_96 = {
-	CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
+	CRYPTO_RIPEMD160_HMAC_96, "HMAC-RIPEMD-160",
 	20, 20, 12, sizeof(RMD160_CTX)
 };