CVS commit: src/sys/netipsec

Mon, 17 Jul 2017 21:01:16 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Tue Jul 18 04:01:04 UTC 2017

Modified Files:
        src/sys/netipsec: xform_ah.c

Log Message:
Calculate ah_max_authsize on initialization as well as esp_max_ivlen


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 src/sys/netipsec/xform_ah.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.61 src/sys/netipsec/xform_ah.c:1.62
--- src/sys/netipsec/xform_ah.c:1.61	Fri Jul 14 12:26:26 2017
+++ src/sys/netipsec/xform_ah.c	Tue Jul 18 04:01:04 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.61 2017/07/14 12:26:26 ozaki-r Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.62 2017/07/18 04:01:04 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.61 2017/07/14 12:26:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.62 2017/07/18 04:01:04 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -114,6 +114,8 @@ SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STA
 
 static unsigned char ipseczeroes[256];	/* larger than an ip6 extension hdr */
 
+static int ah_max_authsize;		/* max authsize over all algorithms */
+
 static int ah_input_cb(struct cryptop *);
 static int ah_output_cb(struct cryptop *);
 
@@ -164,8 +166,7 @@ ah_hdrsiz(const struct secasvar *sav)
 		size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav);
 	} else {
 		/* default guess */
-		size = sizeof(struct ah) + sizeof(uint32_t) +
-		    32 /* XXX need to update when max authsize is changed */;
+		size = sizeof(struct ah) + sizeof(uint32_t) + ah_max_authsize;
 	}
 	return size;
 }
@@ -1286,5 +1287,33 @@ void
 ah_attach(void)
 {
 	ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
+
+#define MAXAUTHSIZE(name)						\
+	if ((auth_hash_ ## name).authsize > ah_max_authsize)		\
+		ah_max_authsize = (auth_hash_ ## name).authsize
+
+	ah_max_authsize = 0;
+	MAXAUTHSIZE(null);
+	MAXAUTHSIZE(md5);
+	MAXAUTHSIZE(sha1);
+	MAXAUTHSIZE(key_md5);
+	MAXAUTHSIZE(key_sha1);
+	MAXAUTHSIZE(hmac_md5);
+	MAXAUTHSIZE(hmac_sha1);
+	MAXAUTHSIZE(hmac_ripemd_160);
+	MAXAUTHSIZE(hmac_md5_96);
+	MAXAUTHSIZE(hmac_sha1_96);
+	MAXAUTHSIZE(hmac_ripemd_160_96);
+	MAXAUTHSIZE(hmac_sha2_256);
+	MAXAUTHSIZE(hmac_sha2_384);
+	MAXAUTHSIZE(hmac_sha2_512);
+	MAXAUTHSIZE(aes_xcbc_mac_96);
+	MAXAUTHSIZE(gmac_aes_128);
+	MAXAUTHSIZE(gmac_aes_192);
+	MAXAUTHSIZE(gmac_aes_256);
+	IPSECLOG(LOG_DEBUG, "ah_max_authsize=%d\n", ah_max_authsize);
+
+#undef MAXAUTHSIZE
+
 	xform_register(&ah_xformsw);
 }

Reply via email to