From f95f6841c8a6160d05a83d68e8a33e85cb63d700 Mon Sep 17 00:00:00 2001 From: Conrad Meyer <cem@FreeBSD.org> Date: Wed, 15 Nov 2017 22:42:20 +0000 Subject: [PATCH] ipsec: Use the same keysize values for HMAC as prior to r324017 The HMAC construction natively permits any key size between 0 and the input block length. Before r324017, the auth_hash 'keysize' member was the hash output length, which was used by ipsec for key sizes. (Non-ipsec consumers need the ability to use other keysizes, hence, r324017.) The ipsec SADB code blindly uses the auth_hash 'keysize' member for both minimum and maximum key size, which is wrong (from an HMAC perspective). For now, just switch it to 'hashsize', which matches the existing expectations. Instead it should probably use the range [0, keysize]. But there may be other broken code in ipsec that rejects hashes with too small a minimum key size. Reported by: olivier@ Reviewed by: olivier, no objection from ae Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12770 --- sys/netipsec/key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 3c320cec116f..6a2d416a936b 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -6263,7 +6263,7 @@ key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, u_int16_t* max) { - *min = *max = ah->keysize; + *min = *max = ah->hashsize; if (ah->keysize == 0) { /* * Transform takes arbitrary key size but algorithm