macsec: limit ICV length to 16 octets

IEEE 802.1AE-2006 standard recommends that the ICV element in a MACsec frame should not exceed 16 octets: add MACSEC_STD_ICV_LEN in uapi definitions accordingly, and avoid accepting configurations where the ICV length exceeds the standard value. Leave definition of MACSEC_MAX_ICV_LEN unchanged for backwards compatibility with userspace programs. Fixes: dece8d2b78d1 ("uapi: add MACsec bits") Signed-off-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Davide Caratti <dcaratti@redhat.com> 2016-07-22 09:07:56 -0400
committer: David S. Miller <davem@davemloft.net> 2016-07-25 13:55:39 -0400
commit: 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c (patch)
tree: b5001d976b145d30c2d90c1de8da6b8b59275594 /drivers/net/macsec.c
parent: baedbe55884c003819f5c8c063ec3d2569414296 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 0cbb935078da..18cfb46c5911 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -510,7 +510,7 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
 }
 #define MACSEC_NEEDED_HEADROOM (macsec_extra_len(true))
-#define MACSEC_NEEDED_TAILROOM MACSEC_MAX_ICV_LEN
+#define MACSEC_NEEDED_TAILROOM MACSEC_STD_ICV_LEN
 static void macsec_fill_iv(unsigned char *iv, sci_t sci, u32 pn)
 {
@@ -3217,7 +3217,7 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[])
        case MACSEC_DEFAULT_CIPHER_ID:
        case MACSEC_DEFAULT_CIPHER_ALT:
                if (icv_len < MACSEC_MIN_ICV_LEN ||
-                    icv_len > MACSEC_MAX_ICV_LEN)
+                    icv_len > MACSEC_STD_ICV_LEN)
                        return -EINVAL;
                break;
        default:
author	Davide Caratti <dcaratti@redhat.com>	2016-07-22 09:07:56 -0400
committer	David S. Miller <davem@davemloft.net>	2016-07-25 13:55:39 -0400
commit	2ccbe2cb79f2f74ab739252299b6f9ff27586f2c (patch)
tree	b5001d976b145d30c2d90c1de8da6b8b59275594 /drivers/net/macsec.c
parent	baedbe55884c003819f5c8c063ec3d2569414296 (diff)

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0cbb935078da..18cfb46c5911 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c
@@ -510,7 +510,7 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
510	}	510	}
511		511
512	#define MACSEC_NEEDED_HEADROOM (macsec_extra_len(true))	512	#define MACSEC_NEEDED_HEADROOM (macsec_extra_len(true))
513	#define MACSEC_NEEDED_TAILROOM MACSEC_MAX_ICV_LEN	513	#define MACSEC_NEEDED_TAILROOM MACSEC_STD_ICV_LEN
514		514
515	static void macsec_fill_iv(unsigned char *iv, sci_t sci, u32 pn)	515	static void macsec_fill_iv(unsigned char *iv, sci_t sci, u32 pn)
516	{	516	{
@@ -3217,7 +3217,7 @@ static int macsec_validate_attr(struct nlattr tb[], struct nlattr data[])
3217	case MACSEC_DEFAULT_CIPHER_ID:	3217	case MACSEC_DEFAULT_CIPHER_ID:
3218	case MACSEC_DEFAULT_CIPHER_ALT:	3218	case MACSEC_DEFAULT_CIPHER_ALT:
3219	if (icv_len < MACSEC_MIN_ICV_LEN \|\|	3219	if (icv_len < MACSEC_MIN_ICV_LEN \|\|
3220	icv_len > MACSEC_MAX_ICV_LEN)	3220	icv_len > MACSEC_STD_ICV_LEN)
3221	return -EINVAL;	3221	return -EINVAL;
3222	break;	3222	break;
3223	default:	3223	default: