Honor cri_mlen value.
Reviewed by: sam Tested on: hifn(4), ubsec(4) Compile-tested: safe(4)
This commit is contained in:
parent
80e35494cc
commit
af65c53afd
@ -2344,6 +2344,19 @@ hifn_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
|
||||
if (mac)
|
||||
return (EINVAL);
|
||||
mac = 1;
|
||||
ses->hs_mlen = c->cri_mlen;
|
||||
if (ses->hs_mlen == 0) {
|
||||
switch (c->cri_alg) {
|
||||
case CRYPTO_MD5:
|
||||
case CRYPTO_MD5_HMAC:
|
||||
ses->hs_mlen = 16;
|
||||
break;
|
||||
case CRYPTO_SHA1:
|
||||
case CRYPTO_SHA1_HMAC:
|
||||
ses->hs_mlen = 20;
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case CRYPTO_DES_CBC:
|
||||
case CRYPTO_3DES_CBC:
|
||||
@ -2809,16 +2822,13 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
|
||||
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
|
||||
int len;
|
||||
|
||||
if (crd->crd_alg == CRYPTO_MD5)
|
||||
len = 16;
|
||||
else if (crd->crd_alg == CRYPTO_SHA1)
|
||||
len = 20;
|
||||
else if (crd->crd_alg == CRYPTO_MD5_HMAC ||
|
||||
crd->crd_alg == CRYPTO_SHA1_HMAC)
|
||||
len = 12;
|
||||
else
|
||||
if (crd->crd_alg != CRYPTO_MD5 &&
|
||||
crd->crd_alg != CRYPTO_SHA1 &&
|
||||
crd->crd_alg != CRYPTO_MD5_HMAC &&
|
||||
crd->crd_alg != CRYPTO_SHA1_HMAC) {
|
||||
continue;
|
||||
|
||||
}
|
||||
len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen;
|
||||
if (crp->crp_flags & CRYPTO_F_IMBUF)
|
||||
m_copyback((struct mbuf *)crp->crp_buf,
|
||||
crd->crd_inject, len, macbuf);
|
||||
|
@ -112,6 +112,7 @@ struct hifn_dma {
|
||||
|
||||
struct hifn_session {
|
||||
int hs_used;
|
||||
int hs_mlen;
|
||||
u_int8_t hs_iv[HIFN_MAX_IV_LENGTH];
|
||||
};
|
||||
|
||||
|
@ -746,6 +746,14 @@ safe_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
|
||||
}
|
||||
|
||||
if (macini) {
|
||||
ses->ses_mlen = macini->cri_mlen;
|
||||
if (ses->ses_mlen == 0) {
|
||||
if (macini->cri_alg == CRYPTO_MD5_HMAC)
|
||||
ses->ses_mlen = MD5_DIGEST_LENGTH;
|
||||
else
|
||||
ses->ses_mlen = SHA1_RESULTLEN;
|
||||
}
|
||||
|
||||
for (i = 0; i < macini->cri_klen / 8; i++)
|
||||
macini->cri_key[i] ^= HMAC_IPAD_VAL;
|
||||
|
||||
@ -1580,11 +1588,13 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
|
||||
}
|
||||
if (crp->crp_flags & CRYPTO_F_IMBUF) {
|
||||
m_copyback((struct mbuf *)crp->crp_buf,
|
||||
crd->crd_inject, 12,
|
||||
crd->crd_inject,
|
||||
sc->sc_sessions[re->re_sesn].ses_mlen,
|
||||
(caddr_t)re->re_sastate.sa_saved_indigest);
|
||||
} else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) {
|
||||
bcopy((caddr_t)re->re_sastate.sa_saved_indigest,
|
||||
crp->crp_mac, 12);
|
||||
crp->crp_mac,
|
||||
sc->sc_sessions[re->re_sesn].ses_mlen);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -138,6 +138,7 @@ struct safe_session {
|
||||
u_int32_t ses_used;
|
||||
u_int32_t ses_klen; /* key length in bits */
|
||||
u_int32_t ses_key[8]; /* DES/3DES/AES key */
|
||||
u_int32_t ses_mlen; /* hmac length in bytes */
|
||||
u_int32_t ses_hminner[5]; /* hmac inner state */
|
||||
u_int32_t ses_hmouter[5]; /* hmac outer state */
|
||||
u_int32_t ses_iv[4]; /* DES/3DES/AES iv */
|
||||
|
@ -917,6 +917,14 @@ ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
|
||||
}
|
||||
|
||||
if (macini) {
|
||||
ses->ses_mlen = macini->cri_mlen;
|
||||
if (ses->ses_mlen == 0) {
|
||||
if (macini->cri_alg == CRYPTO_MD5_HMAC)
|
||||
ses->ses_mlen = MD5_DIGEST_LENGTH;
|
||||
else
|
||||
ses->ses_mlen = SHA1_RESULTLEN;
|
||||
}
|
||||
|
||||
for (i = 0; i < macini->cri_klen / 8; i++)
|
||||
macini->cri_key[i] ^= HMAC_IPAD_VAL;
|
||||
|
||||
@ -1604,11 +1612,13 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
|
||||
continue;
|
||||
if (crp->crp_flags & CRYPTO_F_IMBUF)
|
||||
m_copyback((struct mbuf *)crp->crp_buf,
|
||||
crd->crd_inject, 12,
|
||||
crd->crd_inject,
|
||||
sc->sc_sessions[q->q_sesn].ses_mlen,
|
||||
(caddr_t)dmap->d_dma->d_macbuf);
|
||||
else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
|
||||
bcopy((caddr_t)dmap->d_dma->d_macbuf,
|
||||
crp->crp_mac, 12);
|
||||
crp->crp_mac,
|
||||
sc->sc_sessions[q->q_sesn].ses_mlen);
|
||||
break;
|
||||
}
|
||||
mtx_lock(&sc->sc_freeqlock);
|
||||
|
@ -218,6 +218,7 @@ struct ubsec_softc {
|
||||
struct ubsec_session {
|
||||
u_int32_t ses_used;
|
||||
u_int32_t ses_deskey[6]; /* 3DES key */
|
||||
u_int32_t ses_mlen; /* hmac length */
|
||||
u_int32_t ses_hminner[5]; /* hmac inner state */
|
||||
u_int32_t ses_hmouter[5]; /* hmac outer state */
|
||||
u_int32_t ses_iv[2]; /* [3]DES iv */
|
||||
|
Loading…
Reference in New Issue
Block a user