From: Jarod Wilson Subject: [PATCH] xfrm: fix hmac(sha256) truncation length Date: Wed, 7 Mar 2012 15:12:37 -0500 Message-ID: <1331151157-19149-1-git-send-email-jarod@redhat.com> Cc: Jarod Wilson , Paul Wouters , Herber Xu , "David S. Miller" , Martin Willi , netdev@vger.kernel.org, linux-crypto@vger.kernel.org To: linux-kernel@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:37919 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757043Ab2CGUNE (ORCPT ); Wed, 7 Mar 2012 15:13:04 -0500 Sender: linux-crypto-owner@vger.kernel.org List-ID: Commit bc74b0c8af17458ecae77f725e507ab5fd100105 added proper hmac sha384 and sha512 variants with truncation lengths of 192 and 256 respectively, per RFC4868: http://www.ietf.org/rfc/rfc4868.txt The already-present hmac sha256 variant was left as-is, with a truncation length of 96 bits, per an earlier draft of the RFC, as I understand it (it predates 2.6.12-rc2, didn't look further back). This doesn't play well out of the box with various other ipsec devices that properly implement the current RFC value of 128-bit truncation for hmac sha256. Easy fix, assuming there's not some reason I'm not clued into about why this might have intentionally been left as-is. CC: Paul Wouters CC: Herber Xu CC: David S. Miller CC: Martin Willi CC: netdev@vger.kernel.org CC: linux-crypto@vger.kernel.org Signed-off-by: Jarod Wilson --- net/xfrm/xfrm_algo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index 791ab2e..f2b3ce2 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -203,7 +203,7 @@ static struct xfrm_algo_desc aalg_list[] = { .uinfo = { .auth = { - .icv_truncbits = 96, + .icv_truncbits = 128, .icv_fullbits = 256, } }, -- 1.7.1