diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2010-01-10 12:43:08 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2010-01-10 12:43:08 +0000 |
| commit | e984d91179e6d0cd1106eb8a8f90cd3cdebf4ad2 (patch) | |
| tree | bda04e5dbaef37b20c5c45e7c0dd7c34f727ff0d /sys/netinet/ip_esp.c | |
| parent | e86b036f8f31495d41041510999f7ece130f9cc9 (diff) | |
Fix two bugs in IPsec/HMAC-SHA2:
(1) use correct (message) block size of 128 byte (instead of 64
bytes) for HMAC-SHA512/384 (RFC4634).
(2) RFC4868 specifies that HMAC-SHA-{256,384,512} is truncated to
nnn/2 bits, while we still use 96 bits. 96 bits have been
specified in draft-ietf-ipsec-ciph-sha-256-00 while
draft-ietf-ipsec-ciph-sha-256-01 changed it to 128 bits.
WARNING: this change makes IPsec with SHA-256 (the default)
incompatible with older OpenBSD versions and other IPsec-implementations
that share this bug.
ok+tests naddy, fries; requested by reyk/deraadt
Diffstat (limited to 'sys/netinet/ip_esp.c')
| -rw-r--r-- | sys/netinet/ip_esp.c | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index c5d179518b7..b009a7742bb 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.105 2008/06/09 07:07:17 djm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.106 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -183,15 +183,15 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; case SADB_X_AALG_SHA2_256: - thash = &auth_hash_hmac_sha2_256_96; + thash = &auth_hash_hmac_sha2_256_128; break; case SADB_X_AALG_SHA2_384: - thash = &auth_hash_hmac_sha2_384_96; + thash = &auth_hash_hmac_sha2_384_192; break; case SADB_X_AALG_SHA2_512: - thash = &auth_hash_hmac_sha2_512_96; + thash = &auth_hash_hmac_sha2_512_256; break; default: @@ -304,11 +304,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) else hlen = 2 * sizeof(u_int32_t) + tdb->tdb_ivlen; /* "new" ESP */ - if (esph) - alen = AH_HMAC_HASHLEN; - else - alen = 0; - + alen = esph ? esph->authsize : 0; plen = m->m_pkthdr.len - (skip + hlen + alen); if (plen <= 0) { DPRINTF(("esp_input: invalid payload length\n")); @@ -490,7 +486,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) int esp_input_cb(void *op) { - u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; + u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN]; int s, hlen, roff, skip, protoff, error; struct mbuf *m1, *mo, *m; struct auth_hash *esph; @@ -770,11 +766,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; - if (esph) - alen = AH_HMAC_HASHLEN; - else - alen = 0; - + alen = esph ? esph->authsize : 0; espstat.esps_output++; switch (tdb->tdb_dst.sa.sa_family) { |