NOUPSTREAM: ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation. (d61ddab1) · Commits · CodeLinaro / lc / chromiumos / third_party / kernel

Commit d61ddab1 authored 7 years ago by Lorenzo Colitti Committed by Google Cont Rebase 2 years ago

NOUPSTREAM: ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation.


When using the PF_KEY interface, SHA-256 hashes are hardcoded to
use 96-bit truncation. This is a violation of RFC4868, which
specifies 128-bit truncation, but will not be fixed upstream due
to backwards compatibility concerns and because the PF_KEY
interface is deprecated in favour of netlink XFRM (which allows
the app to specify an arbitrary truncation length).

Change the hardcoded truncation length from 96 to 128 so that
PF_KEY apps such as racoon will work with standards-compliant VPN
servers.

[CPNOTE: 20/07/21] Lee: Rejected upstream due to backward capability issues

Bug: 34114242
Bug: 120440497
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8ee2ac9bb577b5078e8565a5b1f5fd84c2b3f74f

parent c06a966b

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 9 additions and 5 deletions

Please register or to comment