tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Warning: bogus HMAC providers in opencrypto about to be fixed

Several crypto backends in opencrypto treat the HMAC algorithm as if it
were identical to the HMAC_96 algorithm, truncating output to 12 bytes.

This has presumably gone unnoticed because:

        1) IPsec always wants the truncation
        2) There are no other kernel consumers for this API
        3) The only significant consumer of the userspace /dev/crypto API
           is the cryptodev OpenSSL engine, and all support for hashes
           was removed from the source in a fit of pique.

I am about to check in changes which fix this.  If you have any (broken)
code of your own which requests the HMAC algorithm but expects to get a
truncated result, it will stop working (as it did on FreeBSD when they
fixed this some time ago).

  Thor Lancelot Simon                               

  "The inconsistency is startling, though admittedly, if consistency is to
   be abandoned or transcended, there is no problem."         - Noam Chomsky

Home | Main Index | Thread Index | Old Index