diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-07-30 01:41:01 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2006-09-20 21:46:14 -0400 |
commit | 6b7326c8497f954c2cfcb4c49fe42be5b80887bc (patch) | |
tree | 5739c37f7a72d1ef281fbbb5bbc1483226eec198 | |
parent | 04ff12609445c7b462d7fc7f2d30dad442c922f3 (diff) |
[IPSEC] ESP: Use block ciphers where applicable
This patch converts IPSec/ESP to use the new block cipher type where
applicable. Similar to the HMAC conversion, existing algorithm names
have been kept for compatibility.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | include/net/esp.h | 2 | ||||
-rw-r--r-- | net/ipv4/Kconfig | 1 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 49 | ||||
-rw-r--r-- | net/ipv6/Kconfig | 1 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 48 | ||||
-rw-r--r-- | net/xfrm/xfrm_algo.c | 24 |
6 files changed, 76 insertions, 49 deletions
diff --git a/include/net/esp.h b/include/net/esp.h index 6eb837973c84..af2ff18700c7 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
@@ -22,7 +22,7 @@ struct esp_data | |||
22 | * >= crypto_tfm_alg_ivsize(tfm). */ | 22 | * >= crypto_tfm_alg_ivsize(tfm). */ |
23 | int ivlen; | 23 | int ivlen; |
24 | int padlen; /* 0..255 */ | 24 | int padlen; /* 0..255 */ |
25 | struct crypto_tfm *tfm; /* crypto handle */ | 25 | struct crypto_blkcipher *tfm; /* crypto handle */ |
26 | } conf; | 26 | } conf; |
27 | 27 | ||
28 | /* Integrity. It is active when icv_full_len != 0 */ | 28 | /* Integrity. It is active when icv_full_len != 0 */ |
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 8514106761b0..3b5d504a74be 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig | |||
@@ -386,6 +386,7 @@ config INET_ESP | |||
386 | select CRYPTO | 386 | select CRYPTO |
387 | select CRYPTO_HMAC | 387 | select CRYPTO_HMAC |
388 | select CRYPTO_MD5 | 388 | select CRYPTO_MD5 |
389 | select CRYPTO_CBC | ||
389 | select CRYPTO_SHA1 | 390 | select CRYPTO_SHA1 |
390 | select CRYPTO_DES | 391 | select CRYPTO_DES |
391 | ---help--- | 392 | ---help--- |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index fc2f8ce441de..7c63ae494742 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -1,3 +1,4 @@ | |||
1 | #include <linux/err.h> | ||
1 | #include <linux/module.h> | 2 | #include <linux/module.h> |
2 | #include <net/ip.h> | 3 | #include <net/ip.h> |
3 | #include <net/xfrm.h> | 4 | #include <net/xfrm.h> |
@@ -16,7 +17,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
16 | int err; | 17 | int err; |
17 | struct iphdr *top_iph; | 18 | struct iphdr *top_iph; |
18 | struct ip_esp_hdr *esph; | 19 | struct ip_esp_hdr *esph; |
19 | struct crypto_tfm *tfm; | 20 | struct crypto_blkcipher *tfm; |
21 | struct blkcipher_desc desc; | ||
20 | struct esp_data *esp; | 22 | struct esp_data *esp; |
21 | struct sk_buff *trailer; | 23 | struct sk_buff *trailer; |
22 | int blksize; | 24 | int blksize; |
@@ -36,7 +38,9 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
36 | esp = x->data; | 38 | esp = x->data; |
37 | alen = esp->auth.icv_trunc_len; | 39 | alen = esp->auth.icv_trunc_len; |
38 | tfm = esp->conf.tfm; | 40 | tfm = esp->conf.tfm; |
39 | blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); | 41 | desc.tfm = tfm; |
42 | desc.flags = 0; | ||
43 | blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); | ||
40 | clen = ALIGN(clen + 2, blksize); | 44 | clen = ALIGN(clen + 2, blksize); |
41 | if (esp->conf.padlen) | 45 | if (esp->conf.padlen) |
42 | clen = ALIGN(clen, esp->conf.padlen); | 46 | clen = ALIGN(clen, esp->conf.padlen); |
@@ -92,7 +96,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
92 | xfrm_aevent_doreplay(x); | 96 | xfrm_aevent_doreplay(x); |
93 | 97 | ||
94 | if (esp->conf.ivlen) | 98 | if (esp->conf.ivlen) |
95 | crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 99 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
96 | 100 | ||
97 | do { | 101 | do { |
98 | struct scatterlist *sg = &esp->sgbuf[0]; | 102 | struct scatterlist *sg = &esp->sgbuf[0]; |
@@ -103,14 +107,17 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
103 | goto error; | 107 | goto error; |
104 | } | 108 | } |
105 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); | 109 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); |
106 | crypto_cipher_encrypt(tfm, sg, sg, clen); | 110 | err = crypto_blkcipher_encrypt(&desc, sg, sg, clen); |
107 | if (unlikely(sg != &esp->sgbuf[0])) | 111 | if (unlikely(sg != &esp->sgbuf[0])) |
108 | kfree(sg); | 112 | kfree(sg); |
109 | } while (0); | 113 | } while (0); |
110 | 114 | ||
115 | if (unlikely(err)) | ||
116 | goto error; | ||
117 | |||
111 | if (esp->conf.ivlen) { | 118 | if (esp->conf.ivlen) { |
112 | memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 119 | memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen); |
113 | crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 120 | crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
114 | } | 121 | } |
115 | 122 | ||
116 | if (esp->auth.icv_full_len) { | 123 | if (esp->auth.icv_full_len) { |
@@ -121,8 +128,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
121 | 128 | ||
122 | ip_send_check(top_iph); | 129 | ip_send_check(top_iph); |
123 | 130 | ||
124 | err = 0; | ||
125 | |||
126 | error: | 131 | error: |
127 | return err; | 132 | return err; |
128 | } | 133 | } |
@@ -137,8 +142,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
137 | struct iphdr *iph; | 142 | struct iphdr *iph; |
138 | struct ip_esp_hdr *esph; | 143 | struct ip_esp_hdr *esph; |
139 | struct esp_data *esp = x->data; | 144 | struct esp_data *esp = x->data; |
145 | struct crypto_blkcipher *tfm = esp->conf.tfm; | ||
146 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
140 | struct sk_buff *trailer; | 147 | struct sk_buff *trailer; |
141 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 148 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); |
142 | int alen = esp->auth.icv_trunc_len; | 149 | int alen = esp->auth.icv_trunc_len; |
143 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; | 150 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; |
144 | int nfrags; | 151 | int nfrags; |
@@ -146,6 +153,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
146 | u8 nexthdr[2]; | 153 | u8 nexthdr[2]; |
147 | struct scatterlist *sg; | 154 | struct scatterlist *sg; |
148 | int padlen; | 155 | int padlen; |
156 | int err; | ||
149 | 157 | ||
150 | if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) | 158 | if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) |
151 | goto out; | 159 | goto out; |
@@ -178,7 +186,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
178 | 186 | ||
179 | /* Get ivec. This can be wrong, check against another impls. */ | 187 | /* Get ivec. This can be wrong, check against another impls. */ |
180 | if (esp->conf.ivlen) | 188 | if (esp->conf.ivlen) |
181 | crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); | 189 | crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen); |
182 | 190 | ||
183 | sg = &esp->sgbuf[0]; | 191 | sg = &esp->sgbuf[0]; |
184 | 192 | ||
@@ -188,9 +196,11 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
188 | goto out; | 196 | goto out; |
189 | } | 197 | } |
190 | skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); | 198 | skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); |
191 | crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); | 199 | err = crypto_blkcipher_decrypt(&desc, sg, sg, elen); |
192 | if (unlikely(sg != &esp->sgbuf[0])) | 200 | if (unlikely(sg != &esp->sgbuf[0])) |
193 | kfree(sg); | 201 | kfree(sg); |
202 | if (unlikely(err)) | ||
203 | return err; | ||
194 | 204 | ||
195 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) | 205 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) |
196 | BUG(); | 206 | BUG(); |
@@ -254,7 +264,7 @@ out: | |||
254 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | 264 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) |
255 | { | 265 | { |
256 | struct esp_data *esp = x->data; | 266 | struct esp_data *esp = x->data; |
257 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 267 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); |
258 | 268 | ||
259 | if (x->props.mode) { | 269 | if (x->props.mode) { |
260 | mtu = ALIGN(mtu + 2, blksize); | 270 | mtu = ALIGN(mtu + 2, blksize); |
@@ -293,7 +303,7 @@ static void esp_destroy(struct xfrm_state *x) | |||
293 | if (!esp) | 303 | if (!esp) |
294 | return; | 304 | return; |
295 | 305 | ||
296 | crypto_free_tfm(esp->conf.tfm); | 306 | crypto_free_blkcipher(esp->conf.tfm); |
297 | esp->conf.tfm = NULL; | 307 | esp->conf.tfm = NULL; |
298 | kfree(esp->conf.ivec); | 308 | kfree(esp->conf.ivec); |
299 | esp->conf.ivec = NULL; | 309 | esp->conf.ivec = NULL; |
@@ -307,6 +317,7 @@ static void esp_destroy(struct xfrm_state *x) | |||
307 | static int esp_init_state(struct xfrm_state *x) | 317 | static int esp_init_state(struct xfrm_state *x) |
308 | { | 318 | { |
309 | struct esp_data *esp = NULL; | 319 | struct esp_data *esp = NULL; |
320 | struct crypto_blkcipher *tfm; | ||
310 | 321 | ||
311 | /* null auth and encryption can have zero length keys */ | 322 | /* null auth and encryption can have zero length keys */ |
312 | if (x->aalg) { | 323 | if (x->aalg) { |
@@ -351,13 +362,11 @@ static int esp_init_state(struct xfrm_state *x) | |||
351 | } | 362 | } |
352 | esp->conf.key = x->ealg->alg_key; | 363 | esp->conf.key = x->ealg->alg_key; |
353 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | 364 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; |
354 | if (x->props.ealgo == SADB_EALG_NULL) | 365 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
355 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); | 366 | if (IS_ERR(tfm)) |
356 | else | ||
357 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); | ||
358 | if (esp->conf.tfm == NULL) | ||
359 | goto error; | 367 | goto error; |
360 | esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); | 368 | esp->conf.tfm = tfm; |
369 | esp->conf.ivlen = crypto_blkcipher_ivsize(tfm); | ||
361 | esp->conf.padlen = 0; | 370 | esp->conf.padlen = 0; |
362 | if (esp->conf.ivlen) { | 371 | if (esp->conf.ivlen) { |
363 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); | 372 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); |
@@ -365,7 +374,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
365 | goto error; | 374 | goto error; |
366 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | 375 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); |
367 | } | 376 | } |
368 | if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) | 377 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) |
369 | goto error; | 378 | goto error; |
370 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | 379 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; |
371 | if (x->props.mode) | 380 | if (x->props.mode) |
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index e923d4dea418..0ba06c0c5d39 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig | |||
@@ -77,6 +77,7 @@ config INET6_ESP | |||
77 | select CRYPTO | 77 | select CRYPTO |
78 | select CRYPTO_HMAC | 78 | select CRYPTO_HMAC |
79 | select CRYPTO_MD5 | 79 | select CRYPTO_MD5 |
80 | select CRYPTO_CBC | ||
80 | select CRYPTO_SHA1 | 81 | select CRYPTO_SHA1 |
81 | select CRYPTO_DES | 82 | select CRYPTO_DES |
82 | ---help--- | 83 | ---help--- |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index a278d5e862fe..46a7e687948e 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -24,6 +24,7 @@ | |||
24 | * This file is derived from net/ipv4/esp.c | 24 | * This file is derived from net/ipv4/esp.c |
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include <linux/err.h> | ||
27 | #include <linux/module.h> | 28 | #include <linux/module.h> |
28 | #include <net/ip.h> | 29 | #include <net/ip.h> |
29 | #include <net/xfrm.h> | 30 | #include <net/xfrm.h> |
@@ -44,7 +45,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
44 | int hdr_len; | 45 | int hdr_len; |
45 | struct ipv6hdr *top_iph; | 46 | struct ipv6hdr *top_iph; |
46 | struct ipv6_esp_hdr *esph; | 47 | struct ipv6_esp_hdr *esph; |
47 | struct crypto_tfm *tfm; | 48 | struct crypto_blkcipher *tfm; |
49 | struct blkcipher_desc desc; | ||
48 | struct esp_data *esp; | 50 | struct esp_data *esp; |
49 | struct sk_buff *trailer; | 51 | struct sk_buff *trailer; |
50 | int blksize; | 52 | int blksize; |
@@ -67,7 +69,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
67 | 69 | ||
68 | alen = esp->auth.icv_trunc_len; | 70 | alen = esp->auth.icv_trunc_len; |
69 | tfm = esp->conf.tfm; | 71 | tfm = esp->conf.tfm; |
70 | blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); | 72 | desc.tfm = tfm; |
73 | desc.flags = 0; | ||
74 | blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); | ||
71 | clen = ALIGN(clen + 2, blksize); | 75 | clen = ALIGN(clen + 2, blksize); |
72 | if (esp->conf.padlen) | 76 | if (esp->conf.padlen) |
73 | clen = ALIGN(clen, esp->conf.padlen); | 77 | clen = ALIGN(clen, esp->conf.padlen); |
@@ -96,7 +100,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
96 | xfrm_aevent_doreplay(x); | 100 | xfrm_aevent_doreplay(x); |
97 | 101 | ||
98 | if (esp->conf.ivlen) | 102 | if (esp->conf.ivlen) |
99 | crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 103 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
100 | 104 | ||
101 | do { | 105 | do { |
102 | struct scatterlist *sg = &esp->sgbuf[0]; | 106 | struct scatterlist *sg = &esp->sgbuf[0]; |
@@ -107,14 +111,17 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
107 | goto error; | 111 | goto error; |
108 | } | 112 | } |
109 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); | 113 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); |
110 | crypto_cipher_encrypt(tfm, sg, sg, clen); | 114 | err = crypto_blkcipher_encrypt(&desc, sg, sg, clen); |
111 | if (unlikely(sg != &esp->sgbuf[0])) | 115 | if (unlikely(sg != &esp->sgbuf[0])) |
112 | kfree(sg); | 116 | kfree(sg); |
113 | } while (0); | 117 | } while (0); |
114 | 118 | ||
119 | if (unlikely(err)) | ||
120 | goto error; | ||
121 | |||
115 | if (esp->conf.ivlen) { | 122 | if (esp->conf.ivlen) { |
116 | memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 123 | memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen); |
117 | crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 124 | crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
118 | } | 125 | } |
119 | 126 | ||
120 | if (esp->auth.icv_full_len) { | 127 | if (esp->auth.icv_full_len) { |
@@ -123,8 +130,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
123 | pskb_put(skb, trailer, alen); | 130 | pskb_put(skb, trailer, alen); |
124 | } | 131 | } |
125 | 132 | ||
126 | err = 0; | ||
127 | |||
128 | error: | 133 | error: |
129 | return err; | 134 | return err; |
130 | } | 135 | } |
@@ -134,8 +139,10 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
134 | struct ipv6hdr *iph; | 139 | struct ipv6hdr *iph; |
135 | struct ipv6_esp_hdr *esph; | 140 | struct ipv6_esp_hdr *esph; |
136 | struct esp_data *esp = x->data; | 141 | struct esp_data *esp = x->data; |
142 | struct crypto_blkcipher *tfm = esp->conf.tfm; | ||
143 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
137 | struct sk_buff *trailer; | 144 | struct sk_buff *trailer; |
138 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 145 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); |
139 | int alen = esp->auth.icv_trunc_len; | 146 | int alen = esp->auth.icv_trunc_len; |
140 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; | 147 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; |
141 | 148 | ||
@@ -182,7 +189,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
182 | 189 | ||
183 | /* Get ivec. This can be wrong, check against another impls. */ | 190 | /* Get ivec. This can be wrong, check against another impls. */ |
184 | if (esp->conf.ivlen) | 191 | if (esp->conf.ivlen) |
185 | crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); | 192 | crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen); |
186 | 193 | ||
187 | { | 194 | { |
188 | u8 nexthdr[2]; | 195 | u8 nexthdr[2]; |
@@ -197,9 +204,11 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
197 | } | 204 | } |
198 | } | 205 | } |
199 | skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); | 206 | skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); |
200 | crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); | 207 | ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen); |
201 | if (unlikely(sg != &esp->sgbuf[0])) | 208 | if (unlikely(sg != &esp->sgbuf[0])) |
202 | kfree(sg); | 209 | kfree(sg); |
210 | if (unlikely(ret)) | ||
211 | goto out; | ||
203 | 212 | ||
204 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) | 213 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) |
205 | BUG(); | 214 | BUG(); |
@@ -225,7 +234,7 @@ out: | |||
225 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) | 234 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) |
226 | { | 235 | { |
227 | struct esp_data *esp = x->data; | 236 | struct esp_data *esp = x->data; |
228 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 237 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); |
229 | 238 | ||
230 | if (x->props.mode) { | 239 | if (x->props.mode) { |
231 | mtu = ALIGN(mtu + 2, blksize); | 240 | mtu = ALIGN(mtu + 2, blksize); |
@@ -266,7 +275,7 @@ static void esp6_destroy(struct xfrm_state *x) | |||
266 | if (!esp) | 275 | if (!esp) |
267 | return; | 276 | return; |
268 | 277 | ||
269 | crypto_free_tfm(esp->conf.tfm); | 278 | crypto_free_blkcipher(esp->conf.tfm); |
270 | esp->conf.tfm = NULL; | 279 | esp->conf.tfm = NULL; |
271 | kfree(esp->conf.ivec); | 280 | kfree(esp->conf.ivec); |
272 | esp->conf.ivec = NULL; | 281 | esp->conf.ivec = NULL; |
@@ -280,6 +289,7 @@ static void esp6_destroy(struct xfrm_state *x) | |||
280 | static int esp6_init_state(struct xfrm_state *x) | 289 | static int esp6_init_state(struct xfrm_state *x) |
281 | { | 290 | { |
282 | struct esp_data *esp = NULL; | 291 | struct esp_data *esp = NULL; |
292 | struct crypto_blkcipher *tfm; | ||
283 | 293 | ||
284 | /* null auth and encryption can have zero length keys */ | 294 | /* null auth and encryption can have zero length keys */ |
285 | if (x->aalg) { | 295 | if (x->aalg) { |
@@ -327,13 +337,11 @@ static int esp6_init_state(struct xfrm_state *x) | |||
327 | } | 337 | } |
328 | esp->conf.key = x->ealg->alg_key; | 338 | esp->conf.key = x->ealg->alg_key; |
329 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | 339 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; |
330 | if (x->props.ealgo == SADB_EALG_NULL) | 340 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
331 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); | 341 | if (IS_ERR(tfm)) |
332 | else | ||
333 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); | ||
334 | if (esp->conf.tfm == NULL) | ||
335 | goto error; | 342 | goto error; |
336 | esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); | 343 | esp->conf.tfm = tfm; |
344 | esp->conf.ivlen = crypto_blkcipher_ivsize(tfm); | ||
337 | esp->conf.padlen = 0; | 345 | esp->conf.padlen = 0; |
338 | if (esp->conf.ivlen) { | 346 | if (esp->conf.ivlen) { |
339 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); | 347 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); |
@@ -341,7 +349,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
341 | goto error; | 349 | goto error; |
342 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | 350 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); |
343 | } | 351 | } |
344 | if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) | 352 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) |
345 | goto error; | 353 | goto error; |
346 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; | 354 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; |
347 | if (x->props.mode) | 355 | if (x->props.mode) |
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index b68974b38741..9b03d8497fba 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c | |||
@@ -118,7 +118,8 @@ static struct xfrm_algo_desc aalg_list[] = { | |||
118 | 118 | ||
119 | static struct xfrm_algo_desc ealg_list[] = { | 119 | static struct xfrm_algo_desc ealg_list[] = { |
120 | { | 120 | { |
121 | .name = "cipher_null", | 121 | .name = "ecb(cipher_null)", |
122 | .compat = "cipher_null", | ||
122 | 123 | ||
123 | .uinfo = { | 124 | .uinfo = { |
124 | .encr = { | 125 | .encr = { |
@@ -135,7 +136,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
135 | } | 136 | } |
136 | }, | 137 | }, |
137 | { | 138 | { |
138 | .name = "des", | 139 | .name = "cbc(des)", |
140 | .compat = "des", | ||
139 | 141 | ||
140 | .uinfo = { | 142 | .uinfo = { |
141 | .encr = { | 143 | .encr = { |
@@ -152,7 +154,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
152 | } | 154 | } |
153 | }, | 155 | }, |
154 | { | 156 | { |
155 | .name = "des3_ede", | 157 | .name = "cbc(des3_ede)", |
158 | .compat = "des3_ede", | ||
156 | 159 | ||
157 | .uinfo = { | 160 | .uinfo = { |
158 | .encr = { | 161 | .encr = { |
@@ -169,7 +172,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
169 | } | 172 | } |
170 | }, | 173 | }, |
171 | { | 174 | { |
172 | .name = "cast128", | 175 | .name = "cbc(cast128)", |
176 | .compat = "cast128", | ||
173 | 177 | ||
174 | .uinfo = { | 178 | .uinfo = { |
175 | .encr = { | 179 | .encr = { |
@@ -186,7 +190,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
186 | } | 190 | } |
187 | }, | 191 | }, |
188 | { | 192 | { |
189 | .name = "blowfish", | 193 | .name = "cbc(blowfish)", |
194 | .compat = "blowfish", | ||
190 | 195 | ||
191 | .uinfo = { | 196 | .uinfo = { |
192 | .encr = { | 197 | .encr = { |
@@ -203,7 +208,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
203 | } | 208 | } |
204 | }, | 209 | }, |
205 | { | 210 | { |
206 | .name = "aes", | 211 | .name = "cbc(aes)", |
212 | .compat = "aes", | ||
207 | 213 | ||
208 | .uinfo = { | 214 | .uinfo = { |
209 | .encr = { | 215 | .encr = { |
@@ -220,7 +226,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
220 | } | 226 | } |
221 | }, | 227 | }, |
222 | { | 228 | { |
223 | .name = "serpent", | 229 | .name = "cbc(serpent)", |
230 | .compat = "serpent", | ||
224 | 231 | ||
225 | .uinfo = { | 232 | .uinfo = { |
226 | .encr = { | 233 | .encr = { |
@@ -237,7 +244,8 @@ static struct xfrm_algo_desc ealg_list[] = { | |||
237 | } | 244 | } |
238 | }, | 245 | }, |
239 | { | 246 | { |
240 | .name = "twofish", | 247 | .name = "cbc(twofish)", |
248 | .compat = "twofish", | ||
241 | 249 | ||
242 | .uinfo = { | 250 | .uinfo = { |
243 | .encr = { | 251 | .encr = { |