3 files changed, 39 insertions, 27 deletions
diff --git a/include/net/ah.h b/include/net/ah.h
index 8e27c9ba8b8..8f257c15990 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -15,22 +15,29 @@ struct ah_data
        int                     icv_full_len;
        int                     icv_trunc_len;
-        void                    (*icv)(struct ah_data*,
+        struct crypto_hash      *tfm;
-                                       struct sk_buff *skb, u8 *icv);
-        struct crypto_tfm       *tfm;
 };
-static inline void
+static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
-ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)
+                                u8 *auth_data)
 {
-        struct crypto_tfm *tfm = ahp->tfm;
+        struct hash_desc desc;
+        int err;
+        desc.tfm = ahp->tfm;
+        desc.flags = 0;
        memset(auth_data, 0, ahp->icv_trunc_len);
-        crypto_hmac_init(tfm, ahp->key, &ahp->key_len);
+        err = crypto_hash_init(&desc);
-        skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update);
+        if (unlikely(err))
-        crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv);
+                goto out;
-        memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len);
+        err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
+        if (unlikely(err))
+                goto out;
+        err = crypto_hash_final(&desc, ahp->work_icv);
+out:
+        return err;
 }
 #endif
diff --git a/include/net/esp.h b/include/net/esp.h
index af2ff18700c..064366d66ee 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -35,7 +35,7 @@ struct esp_data
                void                    (*icv)(struct esp_data*,
                                               struct sk_buff *skb,
                                               int offset, int len, u8 *icv);
-                struct crypto_tfm       *tfm;
+                struct crypto_hash      *tfm;
        } auth;
 };
@@ -43,18 +43,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset,
 extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
-static inline void
+static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
-esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset,
+                                 int offset, int len)
-                int len, u8 *auth_data)
 {
-        struct crypto_tfm *tfm = esp->auth.tfm;
+        struct hash_desc desc;
-        char *icv = esp->auth.work_icv;
+        int err;
-        memset(auth_data, 0, esp->auth.icv_trunc_len);
+        desc.tfm = esp->auth.tfm;
-        crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);
+        desc.flags = 0;
-        skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);
-        crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);
+        err = crypto_hash_init(&desc);
-        memcpy(auth_data, icv, esp->auth.icv_trunc_len);
+        if (unlikely(err))
+                return err;
+        err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
+        if (unlikely(err))
+                return err;
+        return crypto_hash_final(&desc, esp->auth.work_icv);
 }
 #endif
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e9114e41aff..3ecd9fa1ed4 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -984,12 +984,13 @@ extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
 extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
 extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
-struct crypto_tfm;
+struct hash_desc;
 struct scatterlist;
-typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int);
+typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
+                              unsigned int);
-extern void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm,
+extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm,
-                         int offset, int len, icv_update_fn_t icv_update);
+                        int offset, int len, icv_update_fn_t icv_update);
 static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
                                int family)

diff --git a/include/net/ah.h b/include/net/ah.h index 8e27c9ba8b8..8f257c15990 100644 --- a/include/net/ah.h +++ b/include/net/ah.h
@@ -15,22 +15,29 @@ struct ah_data
15	int icv_full_len;	15	int icv_full_len;
16	int icv_trunc_len;	16	int icv_trunc_len;
17		17
18	void (icv)(struct ah_data,	18	struct crypto_hash *tfm;
19	struct sk_buff skb, u8 icv);
20
21	struct crypto_tfm *tfm;
22	};	19	};
23		20
24	static inline void	21	static inline int ah_mac_digest(struct ah_data ahp, struct sk_buff skb,
25	ah_hmac_digest(struct ah_data ahp, struct sk_buff skb, u8 *auth_data)	22	u8 *auth_data)
26	{	23	{
27	struct crypto_tfm *tfm = ahp->tfm;	24	struct hash_desc desc;
		25	int err;
		26
		27	desc.tfm = ahp->tfm;
		28	desc.flags = 0;
28		29
29	memset(auth_data, 0, ahp->icv_trunc_len);	30	memset(auth_data, 0, ahp->icv_trunc_len);
30	crypto_hmac_init(tfm, ahp->key, &ahp->key_len);	31	err = crypto_hash_init(&desc);
31	skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update);	32	if (unlikely(err))
32	crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv);	33	goto out;
33	memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len);	34	err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
		35	if (unlikely(err))
		36	goto out;
		37	err = crypto_hash_final(&desc, ahp->work_icv);
		38
		39	out:
		40	return err;
34	}	41	}
35		42
36	#endif	43	#endif


diff --git a/include/net/esp.h b/include/net/esp.h index af2ff18700c..064366d66ee 100644 --- a/include/net/esp.h +++ b/include/net/esp.h
@@ -35,7 +35,7 @@ struct esp_data
35	void (icv)(struct esp_data,	35	void (icv)(struct esp_data,
36	struct sk_buff *skb,	36	struct sk_buff *skb,
37	int offset, int len, u8 *icv);	37	int offset, int len, u8 *icv);
38	struct crypto_tfm *tfm;	38	struct crypto_hash *tfm;
39	} auth;	39	} auth;
40	};	40	};
41		41
@@ -43,18 +43,22 @@ extern int skb_to_sgvec(struct sk_buff skb, struct scatterlist sg, int offset,
43	extern int skb_cow_data(struct sk_buff skb, int tailbits, struct sk_buff *trailer);	43	extern int skb_cow_data(struct sk_buff skb, int tailbits, struct sk_buff *trailer);
44	extern void pskb_put(struct sk_buff skb, struct sk_buff *tail, int len);	44	extern void pskb_put(struct sk_buff skb, struct sk_buff *tail, int len);
45		45
46	static inline void	46	static inline int esp_mac_digest(struct esp_data esp, struct sk_buff skb,
47	esp_hmac_digest(struct esp_data esp, struct sk_buff skb, int offset,	47	int offset, int len)
48	int len, u8 *auth_data)
49	{	48	{
50	struct crypto_tfm *tfm = esp->auth.tfm;	49	struct hash_desc desc;
51	char *icv = esp->auth.work_icv;	50	int err;
52		51
53	memset(auth_data, 0, esp->auth.icv_trunc_len);	52	desc.tfm = esp->auth.tfm;
54	crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len);	53	desc.flags = 0;
55	skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update);	54
56	crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv);	55	err = crypto_hash_init(&desc);
57	memcpy(auth_data, icv, esp->auth.icv_trunc_len);	56	if (unlikely(err))
		57	return err;
		58	err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
		59	if (unlikely(err))
		60	return err;
		61	return crypto_hash_final(&desc, esp->auth.work_icv);
58	}	62	}
59		63
60	#endif	64	#endif


diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e9114e41aff..3ecd9fa1ed4 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h
@@ -984,12 +984,13 @@ extern struct xfrm_algo_desc xfrm_aalg_get_byname(char name, int probe);
984	extern struct xfrm_algo_desc xfrm_ealg_get_byname(char name, int probe);	984	extern struct xfrm_algo_desc xfrm_ealg_get_byname(char name, int probe);
985	extern struct xfrm_algo_desc xfrm_calg_get_byname(char name, int probe);	985	extern struct xfrm_algo_desc xfrm_calg_get_byname(char name, int probe);
986		986
987	struct crypto_tfm;	987	struct hash_desc;
988	struct scatterlist;	988	struct scatterlist;
989	typedef void (icv_update_fn_t)(struct crypto_tfm , struct scatterlist , unsigned int);	989	typedef int (icv_update_fn_t)(struct hash_desc , struct scatterlist ,
		990	unsigned int);
990		991
991	extern void skb_icv_walk(const struct sk_buff skb, struct crypto_tfm tfm,	992	extern int skb_icv_walk(const struct sk_buff skb, struct hash_desc tfm,
992	int offset, int len, icv_update_fn_t icv_update);	993	int offset, int len, icv_update_fn_t icv_update);
993		994
994	static inline int xfrm_addr_cmp(xfrm_address_t a, xfrm_address_t b,	995	static inline int xfrm_addr_cmp(xfrm_address_t a, xfrm_address_t b,
995	int family)	996	int family)