diff options
-rw-r--r-- | sys/arch/amd64/amd64/via.c | 16 | ||||
-rw-r--r-- | sys/arch/i386/i386/via.c | 16 | ||||
-rw-r--r-- | sys/arch/i386/pci/glxsb.c | 12 | ||||
-rw-r--r-- | sys/crypto/cryptodev.h | 10 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.c | 32 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.h | 6 | ||||
-rw-r--r-- | sys/crypto/xform.c | 28 | ||||
-rw-r--r-- | sys/crypto/xform.h | 9 | ||||
-rw-r--r-- | sys/dev/pci/safe.c | 10 | ||||
-rw-r--r-- | sys/dev/pci/ubsec.c | 10 | ||||
-rw-r--r-- | sys/netinet/ip_ah.c | 8 | ||||
-rw-r--r-- | sys/netinet/ip_ah.h | 5 | ||||
-rw-r--r-- | sys/netinet/ip_esp.c | 22 | ||||
-rw-r--r-- | sys/netinet/ip_esp.h | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.h | 4 | ||||
-rw-r--r-- | sys/netinet/ipsec_output.c | 4 |
17 files changed, 105 insertions, 95 deletions
diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c index 7bb25dc6a98..36e81f5b3ec 100644 --- a/sys/arch/amd64/amd64/via.c +++ b/sys/arch/amd64/amd64/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.1 2009/05/31 03:20:10 matthieu Exp $ */ +/* $OpenBSD: via.c,v 1.2 2010/01/10 12:43:07 markus Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -88,8 +88,8 @@ struct viac3_softc { static struct viac3_softc *vc3_sc; -extern const u_int8_t hmac_ipad_buffer[64]; -extern const u_int8_t hmac_opad_buffer[64]; +extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN]; +extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN]; void viac3_crypto_setup(void); int viac3_crypto_newsession(u_int32_t *, struct cryptoini *); @@ -219,13 +219,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf = &auth_hash_hmac_ripemd_160_96; goto authcommon; case CRYPTO_SHA2_256_HMAC: - axf = &auth_hash_hmac_sha2_256_96; + axf = &auth_hash_hmac_sha2_256_128; goto authcommon; case CRYPTO_SHA2_384_HMAC: - axf = &auth_hash_hmac_sha2_384_96; + axf = &auth_hash_hmac_sha2_384_192; goto authcommon; case CRYPTO_SHA2_512_HMAC: - axf = &auth_hash_hmac_sha2_512_96; + axf = &auth_hash_hmac_sha2_512_256; authcommon: swd = malloc(sizeof(struct swcr_data), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); @@ -255,7 +255,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_ictx); axf->Update(swd->sw_ictx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= (HMAC_IPAD_VAL ^ @@ -264,7 +264,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_octx); axf->Update(swd->sw_octx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= HMAC_OPAD_VAL; diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c index df4d40547d5..16d3d5388c8 100644 --- a/sys/arch/i386/i386/via.c +++ b/sys/arch/i386/i386/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.19 2008/06/09 07:07:15 djm Exp $ */ +/* $OpenBSD: via.c,v 1.20 2010/01/10 12:43:07 markus Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -89,8 +89,8 @@ struct viac3_softc { static struct viac3_softc *vc3_sc; extern int i386_has_xcrypt; -extern const u_int8_t hmac_ipad_buffer[64]; -extern const u_int8_t hmac_opad_buffer[64]; +extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN]; +extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN]; void viac3_crypto_setup(void); int viac3_crypto_newsession(u_int32_t *, struct cryptoini *); @@ -220,13 +220,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf = &auth_hash_hmac_ripemd_160_96; goto authcommon; case CRYPTO_SHA2_256_HMAC: - axf = &auth_hash_hmac_sha2_256_96; + axf = &auth_hash_hmac_sha2_256_128; goto authcommon; case CRYPTO_SHA2_384_HMAC: - axf = &auth_hash_hmac_sha2_384_96; + axf = &auth_hash_hmac_sha2_384_192; goto authcommon; case CRYPTO_SHA2_512_HMAC: - axf = &auth_hash_hmac_sha2_512_96; + axf = &auth_hash_hmac_sha2_512_256; authcommon: swd = malloc(sizeof(struct swcr_data), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); @@ -256,7 +256,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_ictx); axf->Update(swd->sw_ictx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= (HMAC_IPAD_VAL ^ @@ -265,7 +265,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_octx); axf->Update(swd->sw_octx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= HMAC_OPAD_VAL; diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index 4465fd73971..094483f1fbf 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glxsb.c,v 1.17 2009/10/30 18:18:09 deraadt Exp $ */ +/* $OpenBSD: glxsb.c,v 1.18 2010/01/10 12:43:07 markus Exp $ */ /* * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> @@ -411,13 +411,13 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) axf = &auth_hash_hmac_ripemd_160_96; goto authcommon; case CRYPTO_SHA2_256_HMAC: - axf = &auth_hash_hmac_sha2_256_96; + axf = &auth_hash_hmac_sha2_256_128; goto authcommon; case CRYPTO_SHA2_384_HMAC: - axf = &auth_hash_hmac_sha2_384_96; + axf = &auth_hash_hmac_sha2_384_192; goto authcommon; case CRYPTO_SHA2_512_HMAC: - axf = &auth_hash_hmac_sha2_512_96; + axf = &auth_hash_hmac_sha2_512_256; authcommon: swd = malloc(sizeof(struct swcr_data), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); @@ -447,7 +447,7 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_ictx); axf->Update(swd->sw_ictx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= (HMAC_IPAD_VAL ^ @@ -456,7 +456,7 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) axf->Init(swd->sw_octx); axf->Update(swd->sw_octx, c->cri_key, c->cri_klen / 8); axf->Update(swd->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (c->cri_klen / 8)); + axf->blocksize - (c->cri_klen / 8)); for (i = 0; i < c->cri_klen / 8; i++) c->cri_key[i] ^= HMAC_OPAD_VAL; diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h index 1a736c985cc..c2418a04f03 100644 --- a/sys/crypto/cryptodev.h +++ b/sys/crypto/cryptodev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.h,v 1.48 2009/09/03 07:47:27 dlg Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.49 2010/01/10 12:43:07 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -60,7 +60,13 @@ #define CRYPTO_SW_SESSIONS 32 /* HMAC values */ -#define HMAC_BLOCK_LEN 64 +#define HMAC_MD5_BLOCK_LEN 64 +#define HMAC_SHA1_BLOCK_LEN 64 +#define HMAC_RIPEMD160_BLOCK_LEN 64 +#define HMAC_SHA2_256_BLOCK_LEN 64 +#define HMAC_SHA2_384_BLOCK_LEN 128 +#define HMAC_SHA2_512_BLOCK_LEN 128 +#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN /* keep in sync */ #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index b8303d54a0f..e392747d7c5 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.51 2008/06/09 16:07:00 djm Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.52 2010/01/10 12:43:07 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -38,7 +38,15 @@ #include <crypto/cryptosoft.h> #include <crypto/xform.h> -const u_int8_t hmac_ipad_buffer[64] = { +const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN] = { + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, @@ -49,7 +57,15 @@ const u_int8_t hmac_ipad_buffer[64] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 }; -const u_int8_t hmac_opad_buffer[64] = { +const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN] = { + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, @@ -660,13 +676,13 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) axf = &auth_hash_hmac_ripemd_160_96; goto authcommon; case CRYPTO_SHA2_256_HMAC: - axf = &auth_hash_hmac_sha2_256_96; + axf = &auth_hash_hmac_sha2_256_128; goto authcommon; case CRYPTO_SHA2_384_HMAC: - axf = &auth_hash_hmac_sha2_384_96; + axf = &auth_hash_hmac_sha2_384_192; goto authcommon; case CRYPTO_SHA2_512_HMAC: - axf = &auth_hash_hmac_sha2_512_96; + axf = &auth_hash_hmac_sha2_512_256; authcommon: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -689,7 +705,7 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) axf->Update((*swd)->sw_ictx, cri->cri_key, cri->cri_klen / 8); axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); + axf->blocksize - (cri->cri_klen / 8)); for (k = 0; k < cri->cri_klen / 8; k++) cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); @@ -698,7 +714,7 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) axf->Update((*swd)->sw_octx, cri->cri_key, cri->cri_klen / 8); axf->Update((*swd)->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); + axf->blocksize - (cri->cri_klen / 8)); for (k = 0; k < cri->cri_klen / 8; k++) cri->cri_key[k] ^= HMAC_OPAD_VAL; diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h index b5764fc8830..d7133645a27 100644 --- a/sys/crypto/cryptosoft.h +++ b/sys/crypto/cryptosoft.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.h,v 1.11 2007/09/10 22:19:42 henric Exp $ */ +/* $OpenBSD: cryptosoft.h,v 1.12 2010/01/10 12:43:07 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -57,8 +57,8 @@ struct swcr_data { }; #ifdef _KERNEL -extern const u_int8_t hmac_ipad_buffer[64]; -extern const u_int8_t hmac_opad_buffer[64]; +extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN]; +extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN]; int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); int swcr_authcompute(struct cryptop *, struct cryptodesc *, struct swcr_data *, diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index 900b993ee3e..dd5bb9aa054 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.36 2008/09/06 22:23:21 djm Exp $ */ +/* $OpenBSD: xform.c,v 1.37 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -228,70 +228,70 @@ struct enc_xform enc_xform_null = { /* Authentication instances */ struct auth_hash auth_hash_hmac_md5_96 = { CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, 16, 12, sizeof(MD5_CTX), + 16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN, (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_hmac_sha1_96 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, 20, 12, sizeof(SHA1_CTX), + 20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN, (void (*) (void *)) SHA1Init, SHA1Update_int, (void (*) (u_int8_t *, void *)) SHA1Final }; struct auth_hash auth_hash_hmac_ripemd_160_96 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, 20, 12, sizeof(RMD160_CTX), + 20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN, (void (*)(void *)) RMD160Init, RMD160Update_int, (void (*)(u_int8_t *, void *)) RMD160Final }; -struct auth_hash auth_hash_hmac_sha2_256_96 = { +struct auth_hash auth_hash_hmac_sha2_256_128 = { CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", - 32, 32, 12, sizeof(SHA2_CTX), + 32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN, (void (*)(void *)) SHA256Init, SHA256Update_int, (void (*)(u_int8_t *, void *)) SHA256Final }; -struct auth_hash auth_hash_hmac_sha2_384_96 = { +struct auth_hash auth_hash_hmac_sha2_384_192 = { CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", - 48, 48, 12, sizeof(SHA2_CTX), + 48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN, (void (*)(void *)) SHA384Init, SHA384Update_int, (void (*)(u_int8_t *, void *)) SHA384Final }; -struct auth_hash auth_hash_hmac_sha2_512_96 = { +struct auth_hash auth_hash_hmac_sha2_512_256 = { CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", - 64, 64, 12, sizeof(SHA2_CTX), + 64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN, (void (*)(void *)) SHA512Init, SHA512Update_int, (void (*)(u_int8_t *, void *)) SHA512Final }; struct auth_hash auth_hash_key_md5 = { CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 16, sizeof(MD5_CTX), + 0, 16, 16, sizeof(MD5_CTX), 0, (void (*)(void *)) MD5Init, MD5Update_int, (void (*)(u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_key_sha1 = { CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 20, sizeof(SHA1_CTX), + 0, 20, 20, sizeof(SHA1_CTX), 0, (void (*)(void *)) SHA1Init, SHA1Update_int, (void (*)(u_int8_t *, void *)) SHA1Final }; struct auth_hash auth_hash_md5 = { CRYPTO_MD5, "MD5", - 0, 16, 16, sizeof(MD5_CTX), + 0, 16, 16, sizeof(MD5_CTX), 0, (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_sha1 = { CRYPTO_SHA1, "SHA1", - 0, 20, 20, sizeof(SHA1_CTX), + 0, 20, 20, sizeof(SHA1_CTX), 0, (void (*)(void *)) SHA1Init, SHA1Update_int, (void (*)(u_int8_t *, void *)) SHA1Final }; diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index aed3ec6678c..d7abcf4c36d 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.19 2008/09/06 22:23:21 djm Exp $ */ +/* $OpenBSD: xform.h,v 1.20 2010/01/10 12:43:07 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -37,6 +37,7 @@ struct auth_hash { u_int16_t hashsize; u_int16_t authsize; u_int16_t ctxsize; + u_int16_t blocksize; void (*Init) (void *); int (*Update) (void *, const u_int8_t *, u_int16_t); void (*Final) (u_int8_t *, void *); @@ -87,9 +88,9 @@ extern struct auth_hash auth_hash_key_sha1; extern struct auth_hash auth_hash_hmac_md5_96; extern struct auth_hash auth_hash_hmac_sha1_96; extern struct auth_hash auth_hash_hmac_ripemd_160_96; -extern struct auth_hash auth_hash_hmac_sha2_256_96; -extern struct auth_hash auth_hash_hmac_sha2_384_96; -extern struct auth_hash auth_hash_hmac_sha2_512_96; +extern struct auth_hash auth_hash_hmac_sha2_256_128; +extern struct auth_hash auth_hash_hmac_sha2_384_192; +extern struct auth_hash auth_hash_hmac_sha2_512_256; extern struct comp_algo comp_algo_deflate; extern struct comp_algo comp_algo_lzs; diff --git a/sys/dev/pci/safe.c b/sys/dev/pci/safe.c index 62fff55053c..953f64cd52f 100644 --- a/sys/dev/pci/safe.c +++ b/sys/dev/pci/safe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: safe.c,v 1.26 2009/09/13 14:42:52 krw Exp $ */ +/* $OpenBSD: safe.c,v 1.27 2010/01/10 12:43:07 markus Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -1382,7 +1382,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state)); } else { @@ -1390,7 +1390,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hminner, sizeof(sha1ctx.state)); } @@ -1403,7 +1403,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state)); } else { @@ -1411,7 +1411,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hmouter, sizeof(sha1ctx.state)); } diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 08ab6c98db9..bd34bfc485a 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.144 2009/09/13 14:42:52 krw Exp $ */ +/* $OpenBSD: ubsec.c,v 1.145 2010/01/10 12:43:07 markus Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -744,7 +744,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state)); } else { @@ -752,7 +752,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hminner, sizeof(sha1ctx.state)); } @@ -765,7 +765,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) MD5Update(&md5ctx, macini->cri_key, macini->cri_klen / 8); MD5Update(&md5ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_MD5_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state)); } else { @@ -773,7 +773,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) SHA1Update(&sha1ctx, macini->cri_key, macini->cri_klen / 8); SHA1Update(&sha1ctx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (macini->cri_klen / 8)); + HMAC_SHA1_BLOCK_LEN - (macini->cri_klen / 8)); bcopy(sha1ctx.state, ses->ses_hmouter, sizeof(sha1ctx.state)); } diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 0ea057e42bf..3fc1ac425a7 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.92 2008/09/15 21:46:01 chl Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.93 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -116,15 +116,15 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; case SADB_X_AALG_SHA2_256: - thash = &auth_hash_hmac_sha2_256_96; + thash = &auth_hash_hmac_sha2_256_128; break; case SADB_X_AALG_SHA2_384: - thash = &auth_hash_hmac_sha2_384_96; + thash = &auth_hash_hmac_sha2_384_192; break; case SADB_X_AALG_SHA2_512: - thash = &auth_hash_hmac_sha2_512_96; + thash = &auth_hash_hmac_sha2_512_256; break; case SADB_X_AALG_MD5: diff --git a/sys/netinet/ip_ah.h b/sys/netinet/ip_ah.h index 8d6fe54bcd7..c920cc19dc2 100644 --- a/sys/netinet/ip_ah.h +++ b/sys/netinet/ip_ah.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.h,v 1.32 2007/12/14 18:33:40 deraadt Exp $ */ +/* $OpenBSD: ip_ah.h,v 1.33 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -72,9 +72,6 @@ struct ah /* Length of base AH header */ #define AH_FLENGTH 8 -/* Size of the largest hash function output used in AH-new, in bytes */ -#define AH_MAX_HASHLEN 20 - /* * Names for AH sysctl objects */ diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index c5d179518b7..b009a7742bb 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.105 2008/06/09 07:07:17 djm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.106 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -183,15 +183,15 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; case SADB_X_AALG_SHA2_256: - thash = &auth_hash_hmac_sha2_256_96; + thash = &auth_hash_hmac_sha2_256_128; break; case SADB_X_AALG_SHA2_384: - thash = &auth_hash_hmac_sha2_384_96; + thash = &auth_hash_hmac_sha2_384_192; break; case SADB_X_AALG_SHA2_512: - thash = &auth_hash_hmac_sha2_512_96; + thash = &auth_hash_hmac_sha2_512_256; break; default: @@ -304,11 +304,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) else hlen = 2 * sizeof(u_int32_t) + tdb->tdb_ivlen; /* "new" ESP */ - if (esph) - alen = AH_HMAC_HASHLEN; - else - alen = 0; - + alen = esph ? esph->authsize : 0; plen = m->m_pkthdr.len - (skip + hlen + alen); if (plen <= 0) { DPRINTF(("esp_input: invalid payload length\n")); @@ -490,7 +486,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) int esp_input_cb(void *op) { - u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; + u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN]; int s, hlen, roff, skip, protoff, error; struct mbuf *m1, *mo, *m; struct auth_hash *esph; @@ -770,11 +766,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; - if (esph) - alen = AH_HMAC_HASHLEN; - else - alen = 0; - + alen = esph ? esph->authsize : 0; espstat.esps_output++; switch (tdb->tdb_dst.sa.sa_family) { diff --git a/sys/netinet/ip_esp.h b/sys/netinet/ip_esp.h index 42a66386a44..97c18b50fe5 100644 --- a/sys/netinet/ip_esp.h +++ b/sys/netinet/ip_esp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.h,v 1.41 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip_esp.h,v 1.42 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -38,8 +38,6 @@ #ifndef _NETINET_IP_ESP_H_ #define _NETINET_IP_ESP_H_ -#define ESP_ALEN 12 /* 96-bit authenticator */ - struct espstat { u_int32_t esps_hdrops; /* Packet shorter than header shows */ diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 8edd1642bdb..f506ad50e36 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.178 2009/08/12 00:13:43 martynas Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.179 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -1230,7 +1230,7 @@ ipsp_parse_headers(struct mbuf *m, int off, u_int8_t proto) /* Update the length of trailing ESP authenticators. */ if (tdb->tdb_authalgxform) - trail += AH_HMAC_HASHLEN; + trail += tdb->tdb_authalgxform->authsize; splx(s); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 9b214c4ea5c..05a2d4d8d73 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.139 2009/11/13 20:54:05 claudio Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.140 2010/01/10 12:43:07 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -61,7 +61,7 @@ union sockaddr_union { #define SHA2_384HMAC96_KEYSIZE 48 #define SHA2_512HMAC96_KEYSIZE 64 -#define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ +#define AH_HMAC_MAX_HASHLEN 32 /* 256 bits of authenticator for SHA512 */ #define AH_HMAC_RPLENGTH 4 /* 32 bits of replay counter */ #define AH_HMAC_INITIAL_RPL 1 /* Replay counter initial value */ diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 24f7654e105..232f3e4d438 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.41 2008/08/26 12:19:01 henning Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.42 2010/01/10 12:43:07 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -551,7 +551,7 @@ ipsec_hdrsz(struct tdb *tdbp) adjust += sizeof(struct udphdr); /* Authenticator */ if (tdbp->tdb_authalgxform != NULL) - adjust += AH_HMAC_HASHLEN; + adjust += tdbp->tdb_authalgxform->authsize; /* Padding */ adjust += tdbp->tdb_encalgxform->blocksize; break; |