From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: bgpd: add missing auth_key copy in merge_auth_conf
To: tech@openbsd.org
Date: Wed, 13 May 2026 10:44:14 +0200

When refactoring the authconf handling to support RTR as well I messed up
merge_auth_conf() and forgot to add a memcpy for the auth_key_in and
auth_key_out respectively.

This only affects manual IPSec setups, which are probably very uncommon.
-- 
:wq Claudio

Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
diff -u -p -r1.494 parse.y
--- parse.y	12 May 2026 09:12:49 -0000	1.494
+++ parse.y	13 May 2026 08:40:48 -0000
@@ -6089,6 +6089,8 @@ merge_auth_conf(struct auth_config *to, 
 				to->spi_in = from->spi_in;
 				to->auth_alg_in = from->auth_alg_in;
 				to->enc_alg_in = from->enc_alg_in;
+				memcpy(to->auth_key_in, from->auth_key_in,
+				    sizeof(to->auth_key_in));
 				memcpy(to->enc_key_in, from->enc_key_in,
 				    sizeof(to->enc_key_in));
 				to->enc_keylen_in = from->enc_keylen_in;
@@ -6098,6 +6100,8 @@ merge_auth_conf(struct auth_config *to, 
 				to->spi_out = from->spi_out;
 				to->auth_alg_out = from->auth_alg_out;
 				to->enc_alg_out = from->enc_alg_out;
+				memcpy(to->auth_key_out, from->auth_key_out,
+				    sizeof(to->auth_key_out));
 				memcpy(to->enc_key_out, from->enc_key_out,
 				    sizeof(to->enc_key_out));
 				to->enc_keylen_out = from->enc_keylen_out;