d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
df57947f08
freebsd-skq/sys/netipsec
History
Conrad Meyer f95f6841c8 ipsec: Use the same keysize values for HMAC as prior to r324017 
The HMAC construction natively permits any key size between 0 and the input
block length. Before r324017, the auth_hash 'keysize' member was the hash
output length, which was used by ipsec for key sizes. (Non-ipsec consumers
need the ability to use other keysizes, hence, r324017.)

The ipsec SADB code blindly uses the auth_hash 'keysize' member for both
minimum and maximum key size, which is wrong (from an HMAC perspective).
For now, just switch it to 'hashsize', which matches the existing
expectations.

Instead it should probably use the range [0, keysize]. But there may be
other broken code in ipsec that rejects hashes with too small a minimum
key size.

Reported by:	olivier@
Reviewed by:	olivier, no objection from ae
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12770
2017-11-15 22:42:20 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h Summary: Remove spurious, extra, next header comments. 2015-05-15 18:04:49 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h Fix the regression introduced in r275710. 2017-08-21 13:52:21 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ipsec_mod.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_output.c Fix the regression introduced in r275710. 2017-08-21 13:52:21 +00:00
ipsec_pcb.c Fix SP refcount leak. 2017-04-26 00:34:05 +00:00
ipsec_support.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec.c crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working 2017-11-03 10:27:22 +00:00
ipsec.h crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working 2017-11-03 10:27:22 +00:00
key_debug.c Build kdebug_secreplay() function only when IPSEC_DEBUG is defined. 2017-06-01 10:04:12 +00:00
key_debug.h Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
key_var.h
key.c ipsec: Use the same keysize values for HMAC as prior to r324017 2017-11-15 22:42:20 +00:00
key.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
keydb.h GC some unused declarations. 2017-04-03 04:44:56 +00:00
keysock.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
keysock.h
subr_ipsec.c Fix LINT build for powerpc. 2017-02-16 11:38:50 +00:00
udpencap.c Fix possible double releasing for SA reference. 2017-09-01 11:51:07 +00:00
xform_ah.c crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working 2017-11-03 10:27:22 +00:00
xform_esp.c crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working 2017-11-03 10:27:22 +00:00
xform_ipcomp.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_tcp.c Move tcp_fields_to_net() static inline into tcp_var.h, just below its 2017-02-10 17:46:26 +00:00
xform.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00