Update crypto(4) driver to honor cri_mlen field. --- //depot/vendor/freebsd/src/sys/dev/hifn/hifn7751.c 2006/05/16 14:41:44 +++ //depot/user/pjd/geom_classes/sys/dev/hifn/hifn7751.c 2006/05/16 18:52:36 @@ -2344,6 +2344,19 @@ if (mac) return (EINVAL); mac = 1; + ses->hs_mlen = c->cri_mlen; + if (ses->hs_mlen == 0) { + switch (c->cri_alg) { + case CRYPTO_MD5: + case CRYPTO_MD5_HMAC: + ses->hs_mlen = 16; + break; + case CRYPTO_SHA1: + case CRYPTO_SHA1_HMAC: + ses->hs_mlen = 20; + break; + } + } break; case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: @@ -2809,16 +2822,13 @@ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { int len; - if (crd->crd_alg == CRYPTO_MD5) - len = 16; - else if (crd->crd_alg == CRYPTO_SHA1) - len = 20; - else if (crd->crd_alg == CRYPTO_MD5_HMAC || - crd->crd_alg == CRYPTO_SHA1_HMAC) - len = 12; - else + if (crd->crd_alg != CRYPTO_MD5 && + crd->crd_alg != CRYPTO_SHA1 && + crd->crd_alg != CRYPTO_MD5_HMAC && + crd->crd_alg != CRYPTO_SHA1_HMAC) { continue; - + } + len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen; if (crp->crp_flags & CRYPTO_F_IMBUF) m_copyback((struct mbuf *)crp->crp_buf, crd->crd_inject, len, macbuf); --- //depot/vendor/freebsd/src/sys/dev/hifn/hifn7751var.h 2005/01/19 17:05:34 +++ //depot/user/pjd/geom_classes/sys/dev/hifn/hifn7751var.h 2006/05/16 16:25:33 @@ -112,6 +112,7 @@ struct hifn_session { int hs_used; + int hs_mlen; u_int8_t hs_iv[HIFN_MAX_IV_LENGTH]; }; --- //depot/vendor/freebsd/src/sys/dev/safe/safe.c 2006/05/16 14:41:44 +++ //depot/user/pjd/geom_classes/sys/dev/safe/safe.c 2006/05/16 16:25:33 @@ -746,6 +747,14 @@ } if (macini) { + ses->ses_mlen = macini->cri_mlen; + if (ses->ses_mlen == 0) { + if (macini->cri_alg == CRYPTO_MD5_HMAC) + ses->ses_mlen = MD5_DIGEST_LENGTH; + else + ses->ses_mlen = SHA1_RESULTLEN; + } + for (i = 0; i < macini->cri_klen / 8; i++) macini->cri_key[i] ^= HMAC_IPAD_VAL; @@ -1580,11 +1589,13 @@ } if (crp->crp_flags & CRYPTO_F_IMBUF) { m_copyback((struct mbuf *)crp->crp_buf, - crd->crd_inject, 12, + crd->crd_inject, + sc->sc_sessions[re->re_sesn].ses_mlen, (caddr_t)re->re_sastate.sa_saved_indigest); } else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) { bcopy((caddr_t)re->re_sastate.sa_saved_indigest, - crp->crp_mac, 12); + crp->crp_mac, + sc->sc_sessions[re->re_sesn].ses_mlen); } break; } --- //depot/vendor/freebsd/src/sys/dev/safe/safevar.h 2003/07/21 21:50:32 +++ //depot/user/pjd/geom_classes/sys/dev/safe/safevar.h 2006/05/16 16:25:33 @@ -138,6 +138,7 @@ u_int32_t ses_used; u_int32_t ses_klen; /* key length in bits */ u_int32_t ses_key[8]; /* DES/3DES/AES key */ + u_int32_t ses_mlen; /* hmac length in bytes */ u_int32_t ses_hminner[5]; /* hmac inner state */ u_int32_t ses_hmouter[5]; /* hmac outer state */ u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ --- //depot/vendor/freebsd/src/sys/dev/ubsec/ubsec.c 2006/05/16 14:41:44 +++ //depot/user/pjd/geom_classes/sys/dev/ubsec/ubsec.c 2006/05/16 16:25:33 @@ -917,6 +918,14 @@ } if (macini) { + ses->ses_mlen = macini->cri_mlen; + if (ses->ses_mlen == 0) { + if (macini->cri_alg == CRYPTO_MD5_HMAC) + ses->ses_mlen = MD5_DIGEST_LENGTH; + else + ses->ses_mlen = SHA1_RESULTLEN; + } + for (i = 0; i < macini->cri_klen / 8; i++) macini->cri_key[i] ^= HMAC_IPAD_VAL; @@ -1604,11 +1613,13 @@ continue; if (crp->crp_flags & CRYPTO_F_IMBUF) m_copyback((struct mbuf *)crp->crp_buf, - crd->crd_inject, 12, + crd->crd_inject, + sc->sc_sessions[q->q_sesn].ses_mlen, (caddr_t)dmap->d_dma->d_macbuf); else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) bcopy((caddr_t)dmap->d_dma->d_macbuf, - crp->crp_mac, 12); + crp->crp_mac, + sc->sc_sessions[q->q_sesn].ses_mlen); break; } mtx_lock(&sc->sc_freeqlock); --- //depot/vendor/freebsd/src/sys/dev/ubsec/ubsecvar.h 2005/01/06 01:48:14 +++ //depot/user/pjd/geom_classes/sys/dev/ubsec/ubsecvar.h 2006/05/16 16:25:33 @@ -218,6 +218,7 @@ struct ubsec_session { u_int32_t ses_used; u_int32_t ses_deskey[6]; /* 3DES key */ + u_int32_t ses_mlen; /* hmac length */ u_int32_t ses_hminner[5]; /* hmac inner state */ u_int32_t ses_hmouter[5]; /* hmac outer state */ u_int32_t ses_iv[2]; /* [3]DES iv */