From: Jarod Wilson <jarod@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Jarod Wilson <jarod@redhat.com>,
Paul Wouters <pwouters@redhat.com>,
Herber Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>,
Martin Willi <martin@strongswan.org>,
netdev@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: [PATCH] xfrm: fix hmac(sha256) truncation length
Date: Wed, 7 Mar 2012 15:12:37 -0500 [thread overview]
Message-ID: <1331151157-19149-1-git-send-email-jarod@redhat.com> (raw)
Commit bc74b0c8af17458ecae77f725e507ab5fd100105 added proper hmac sha384
and sha512 variants with truncation lengths of 192 and 256 respectively,
per RFC4868:
http://www.ietf.org/rfc/rfc4868.txt
The already-present hmac sha256 variant was left as-is, with a truncation
length of 96 bits, per an earlier draft of the RFC, as I understand it (it
predates 2.6.12-rc2, didn't look further back). This doesn't play well out
of the box with various other ipsec devices that properly implement the
current RFC value of 128-bit truncation for hmac sha256. Easy fix,
assuming there's not some reason I'm not clued into about why this might
have intentionally been left as-is.
CC: Paul Wouters <pwouters@redhat.com>
CC: Herber Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Martin Willi <martin@strongswan.org>
CC: netdev@vger.kernel.org
CC: linux-crypto@vger.kernel.org
Signed-off-by: Jarod Wilson <jarod@redhat.com>
---
net/xfrm/xfrm_algo.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 791ab2e..f2b3ce2 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -203,7 +203,7 @@ static struct xfrm_algo_desc aalg_list[] = {
.uinfo = {
.auth = {
- .icv_truncbits = 96,
+ .icv_truncbits = 128,
.icv_fullbits = 256,
}
},
--
1.7.1
next reply other threads:[~2012-03-07 20:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-07 20:12 Jarod Wilson [this message]
2012-03-08 0:37 ` [PATCH] xfrm: fix hmac(sha256) truncation length Herbert Xu
2012-03-08 0:37 ` Herbert Xu
2012-03-09 13:41 ` Jarod Wilson
2012-03-09 13:45 ` Herbert Xu
2012-03-09 13:45 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1331151157-19149-1-git-send-email-jarod@redhat.com \
--to=jarod@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin@strongswan.org \
--cc=netdev@vger.kernel.org \
--cc=pwouters@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.