diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2010-01-10 12:43:08 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2010-01-10 12:43:08 +0000 |
| commit | e984d91179e6d0cd1106eb8a8f90cd3cdebf4ad2 (patch) | |
| tree | bda04e5dbaef37b20c5c45e7c0dd7c34f727ff0d /sys/dev/pci/ubsec.c | |
| parent | e86b036f8f31495d41041510999f7ece130f9cc9 (diff) | |
Fix two bugs in IPsec/HMAC-SHA2:
(1) use correct (message) block size of 128 byte (instead of 64
bytes) for HMAC-SHA512/384 (RFC4634).
(2) RFC4868 specifies that HMAC-SHA-{256,384,512} is truncated to
nnn/2 bits, while we still use 96 bits. 96 bits have been
specified in draft-ietf-ipsec-ciph-sha-256-00 while
draft-ietf-ipsec-ciph-sha-256-01 changed it to 128 bits.
WARNING: this change makes IPsec with SHA-256 (the default)
incompatible with older OpenBSD versions and other IPsec-implementations
that share this bug.
ok+tests naddy, fries; requested by reyk/deraadt
Diffstat (limited to 'sys/dev/pci/ubsec.c')
| -rw-r--r-- | sys/dev/pci/ubsec.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 08ab6c98db9..bd34bfc485a 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.144 2009/09/13 14:42:52 krw Exp $ */ +/* $OpenBSD: ubsec.c,v 1.145 2010/01/10 12:43:07 markus Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -744,7 +744,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state)); } else { @@ -752,7 +752,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hminner, sizeof(sha1ctx.state)); } @@ -765,7 +765,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state)); } else { @@ -773,7 +773,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hmouter, sizeof(sha1ctx.state)); } |