• Sabrina Dubroca's avatar
    macsec: restore uAPI after addition of GCM-AES-256 · e8660ded
    Sabrina Dubroca authored
    Commit ccfdec90 ("macsec: Add support for GCM-AES-256 cipher suite")
    changed a few values in the uapi headers for MACsec.
    
    Because of existing userspace implementations, we need to preserve the
    value of MACSEC_DEFAULT_CIPHER_ID. Not doing that resulted in
    wpa_supplicant segfaults when a secure channel was created using the
    default cipher. Thus, swap MACSEC_DEFAULT_CIPHER_{ID,ALT} back to their
    original values.
    
    Changing the maximum length of the MACSEC_SA_ATTR_KEY attribute is
    unnecessary, as the previous value (MACSEC_MAX_KEY_LEN, which was 128B)
    is large enough to carry 32-bytes keys. This patch reverts
    MACSEC_MAX_KEY_LEN to 128B and restores the old length check on
    MACSEC_SA_ATTR_KEY.
    
    Fixes: ccfdec90 ("macsec: Add support for GCM-AES-256 cipher suite")
    Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
    Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e8660ded
macsec.c 85.7 KB