--- sys/opencrypto/crypto.c.orig	2022-02-04 20:36:43.032046000 +0000
+++ sys/opencrypto/crypto.c	2022-04-17 18:05:48.959363000 +0000
@@ -868,7 +868,7 @@ check_csp(const struct crypto_session_params *csp)
 		if (csp->csp_ivlen == 0 ||
 		    csp->csp_ivlen >= EALG_MAX_BLOCK_LEN)
 			return (false);
-		if (csp->csp_auth_alg != 0 || csp->csp_auth_klen != 0)
+		if (!CRYPTO_ALGO_VALID(csp->csp_auth_alg))
 			return (false);
 
 		switch (csp->csp_cipher_alg) {
@@ -881,7 +881,7 @@ check_csp(const struct crypto_session_params *csp)
 				return (false);
 			break;
 		case CRYPTO_AES_NIST_GCM_16:
-			if (csp->csp_auth_mlen > 16)
+			if (csp->csp_auth_mlen > HMAC_MAX_BLOCK_LEN)
 				return (false);
 			break;
 		case CRYPTO_CHACHA20_POLY1305:
--- sys/opencrypto/cryptosoft.c.orig	2022-02-04 20:36:43.032696000 +0000
+++ sys/opencrypto/cryptosoft.c	2022-04-17 17:56:36.422498000 +0000
@@ -1228,10 +1228,10 @@ swcr_setup_auth(struct swcr_session *ses,
 
 	axf = crypto_auth_hash(csp);
 	swa->sw_axf = axf;
-	if (csp->csp_auth_mlen < 0 || csp->csp_auth_mlen > axf->hashsize)
+	if (csp->csp_auth_mlen < 0 || csp->csp_auth_mlen > axf->keysize)
 		return (EINVAL);
 	if (csp->csp_auth_mlen == 0)
-		swa->sw_mlen = axf->hashsize;
+		swa->sw_mlen = axf->keysize;
 	else
 		swa->sw_mlen = csp->csp_auth_mlen;
 	swa->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT);