On Wed, May 13, 2026 at 10:44:14AM +0200, Claudio Jeker wrote:
> When refactoring the authconf handling to support RTR as well I messed up
> merge_auth_conf() and forgot to add a memcpy for the auth_key_in and
> auth_key_out respectively.
> 
> This only affects manual IPSec setups, which are probably very uncommon.

ok tb

> -- 
> :wq Claudio
> 
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
> diff -u -p -r1.494 parse.y
> --- parse.y	12 May 2026 09:12:49 -0000	1.494
> +++ parse.y	13 May 2026 08:40:48 -0000
> @@ -6089,6 +6089,8 @@ merge_auth_conf(struct auth_config *to, 
>  				to->spi_in = from->spi_in;
>  				to->auth_alg_in = from->auth_alg_in;
>  				to->enc_alg_in = from->enc_alg_in;
> +				memcpy(to->auth_key_in, from->auth_key_in,
> +				    sizeof(to->auth_key_in));
>  				memcpy(to->enc_key_in, from->enc_key_in,
>  				    sizeof(to->enc_key_in));
>  				to->enc_keylen_in = from->enc_keylen_in;
> @@ -6098,6 +6100,8 @@ merge_auth_conf(struct auth_config *to, 
>  				to->spi_out = from->spi_out;
>  				to->auth_alg_out = from->auth_alg_out;
>  				to->enc_alg_out = from->enc_alg_out;
> +				memcpy(to->auth_key_out, from->auth_key_out,
> +				    sizeof(to->auth_key_out));
>  				memcpy(to->enc_key_out, from->enc_key_out,
>  				    sizeof(to->enc_key_out));
>  				to->enc_keylen_out = from->enc_keylen_out;
>