aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-07-30 01:41:01 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2006-09-20 21:46:14 -0400
commit6b7326c8497f954c2cfcb4c49fe42be5b80887bc (patch)
tree5739c37f7a72d1ef281fbbb5bbc1483226eec198
parent04ff12609445c7b462d7fc7f2d30dad442c922f3 (diff)
[IPSEC] ESP: Use block ciphers where applicable
This patch converts IPSec/ESP to use the new block cipher type where applicable. Similar to the HMAC conversion, existing algorithm names have been kept for compatibility. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--include/net/esp.h2
-rw-r--r--net/ipv4/Kconfig1
-rw-r--r--net/ipv4/esp4.c49
-rw-r--r--net/ipv6/Kconfig1
-rw-r--r--net/ipv6/esp6.c48
-rw-r--r--net/xfrm/xfrm_algo.c24
6 files changed, 76 insertions, 49 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index 6eb837973c84..af2ff18700c7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -22,7 +22,7 @@ struct esp_data
22 * >= crypto_tfm_alg_ivsize(tfm). */ 22 * >= crypto_tfm_alg_ivsize(tfm). */
23 int ivlen; 23 int ivlen;
24 int padlen; /* 0..255 */ 24 int padlen; /* 0..255 */
25 struct crypto_tfm *tfm; /* crypto handle */ 25 struct crypto_blkcipher *tfm; /* crypto handle */
26 } conf; 26 } conf;
27 27
28 /* Integrity. It is active when icv_full_len != 0 */ 28 /* Integrity. It is active when icv_full_len != 0 */
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 8514106761b0..3b5d504a74be 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -386,6 +386,7 @@ config INET_ESP
386 select CRYPTO 386 select CRYPTO
387 select CRYPTO_HMAC 387 select CRYPTO_HMAC
388 select CRYPTO_MD5 388 select CRYPTO_MD5
389 select CRYPTO_CBC
389 select CRYPTO_SHA1 390 select CRYPTO_SHA1
390 select CRYPTO_DES 391 select CRYPTO_DES
391 ---help--- 392 ---help---
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index fc2f8ce441de..7c63ae494742 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -1,3 +1,4 @@
1#include <linux/err.h>
1#include <linux/module.h> 2#include <linux/module.h>
2#include <net/ip.h> 3#include <net/ip.h>
3#include <net/xfrm.h> 4#include <net/xfrm.h>
@@ -16,7 +17,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
16 int err; 17 int err;
17 struct iphdr *top_iph; 18 struct iphdr *top_iph;
18 struct ip_esp_hdr *esph; 19 struct ip_esp_hdr *esph;
19 struct crypto_tfm *tfm; 20 struct crypto_blkcipher *tfm;
21 struct blkcipher_desc desc;
20 struct esp_data *esp; 22 struct esp_data *esp;
21 struct sk_buff *trailer; 23 struct sk_buff *trailer;
22 int blksize; 24 int blksize;
@@ -36,7 +38,9 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
36 esp = x->data; 38 esp = x->data;
37 alen = esp->auth.icv_trunc_len; 39 alen = esp->auth.icv_trunc_len;
38 tfm = esp->conf.tfm; 40 tfm = esp->conf.tfm;
39 blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); 41 desc.tfm = tfm;
42 desc.flags = 0;
43 blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
40 clen = ALIGN(clen + 2, blksize); 44 clen = ALIGN(clen + 2, blksize);
41 if (esp->conf.padlen) 45 if (esp->conf.padlen)
42 clen = ALIGN(clen, esp->conf.padlen); 46 clen = ALIGN(clen, esp->conf.padlen);
@@ -92,7 +96,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
92 xfrm_aevent_doreplay(x); 96 xfrm_aevent_doreplay(x);
93 97
94 if (esp->conf.ivlen) 98 if (esp->conf.ivlen)
95 crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 99 crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
96 100
97 do { 101 do {
98 struct scatterlist *sg = &esp->sgbuf[0]; 102 struct scatterlist *sg = &esp->sgbuf[0];
@@ -103,14 +107,17 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
103 goto error; 107 goto error;
104 } 108 }
105 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); 109 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
106 crypto_cipher_encrypt(tfm, sg, sg, clen); 110 err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
107 if (unlikely(sg != &esp->sgbuf[0])) 111 if (unlikely(sg != &esp->sgbuf[0]))
108 kfree(sg); 112 kfree(sg);
109 } while (0); 113 } while (0);
110 114
115 if (unlikely(err))
116 goto error;
117
111 if (esp->conf.ivlen) { 118 if (esp->conf.ivlen) {
112 memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 119 memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
113 crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 120 crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
114 } 121 }
115 122
116 if (esp->auth.icv_full_len) { 123 if (esp->auth.icv_full_len) {
@@ -121,8 +128,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
121 128
122 ip_send_check(top_iph); 129 ip_send_check(top_iph);
123 130
124 err = 0;
125
126error: 131error:
127 return err; 132 return err;
128} 133}
@@ -137,8 +142,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
137 struct iphdr *iph; 142 struct iphdr *iph;
138 struct ip_esp_hdr *esph; 143 struct ip_esp_hdr *esph;
139 struct esp_data *esp = x->data; 144 struct esp_data *esp = x->data;
145 struct crypto_blkcipher *tfm = esp->conf.tfm;
146 struct blkcipher_desc desc = { .tfm = tfm };
140 struct sk_buff *trailer; 147 struct sk_buff *trailer;
141 int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); 148 int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
142 int alen = esp->auth.icv_trunc_len; 149 int alen = esp->auth.icv_trunc_len;
143 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; 150 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
144 int nfrags; 151 int nfrags;
@@ -146,6 +153,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
146 u8 nexthdr[2]; 153 u8 nexthdr[2];
147 struct scatterlist *sg; 154 struct scatterlist *sg;
148 int padlen; 155 int padlen;
156 int err;
149 157
150 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) 158 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
151 goto out; 159 goto out;
@@ -178,7 +186,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
178 186
179 /* Get ivec. This can be wrong, check against another impls. */ 187 /* Get ivec. This can be wrong, check against another impls. */
180 if (esp->conf.ivlen) 188 if (esp->conf.ivlen)
181 crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); 189 crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
182 190
183 sg = &esp->sgbuf[0]; 191 sg = &esp->sgbuf[0];
184 192
@@ -188,9 +196,11 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
188 goto out; 196 goto out;
189 } 197 }
190 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); 198 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
191 crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); 199 err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
192 if (unlikely(sg != &esp->sgbuf[0])) 200 if (unlikely(sg != &esp->sgbuf[0]))
193 kfree(sg); 201 kfree(sg);
202 if (unlikely(err))
203 return err;
194 204
195 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) 205 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
196 BUG(); 206 BUG();
@@ -254,7 +264,7 @@ out:
254static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) 264static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
255{ 265{
256 struct esp_data *esp = x->data; 266 struct esp_data *esp = x->data;
257 u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); 267 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
258 268
259 if (x->props.mode) { 269 if (x->props.mode) {
260 mtu = ALIGN(mtu + 2, blksize); 270 mtu = ALIGN(mtu + 2, blksize);
@@ -293,7 +303,7 @@ static void esp_destroy(struct xfrm_state *x)
293 if (!esp) 303 if (!esp)
294 return; 304 return;
295 305
296 crypto_free_tfm(esp->conf.tfm); 306 crypto_free_blkcipher(esp->conf.tfm);
297 esp->conf.tfm = NULL; 307 esp->conf.tfm = NULL;
298 kfree(esp->conf.ivec); 308 kfree(esp->conf.ivec);
299 esp->conf.ivec = NULL; 309 esp->conf.ivec = NULL;
@@ -307,6 +317,7 @@ static void esp_destroy(struct xfrm_state *x)
307static int esp_init_state(struct xfrm_state *x) 317static int esp_init_state(struct xfrm_state *x)
308{ 318{
309 struct esp_data *esp = NULL; 319 struct esp_data *esp = NULL;
320 struct crypto_blkcipher *tfm;
310 321
311 /* null auth and encryption can have zero length keys */ 322 /* null auth and encryption can have zero length keys */
312 if (x->aalg) { 323 if (x->aalg) {
@@ -351,13 +362,11 @@ static int esp_init_state(struct xfrm_state *x)
351 } 362 }
352 esp->conf.key = x->ealg->alg_key; 363 esp->conf.key = x->ealg->alg_key;
353 esp->conf.key_len = (x->ealg->alg_key_len+7)/8; 364 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
354 if (x->props.ealgo == SADB_EALG_NULL) 365 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
355 esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); 366 if (IS_ERR(tfm))
356 else
357 esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC);
358 if (esp->conf.tfm == NULL)
359 goto error; 367 goto error;
360 esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); 368 esp->conf.tfm = tfm;
369 esp->conf.ivlen = crypto_blkcipher_ivsize(tfm);
361 esp->conf.padlen = 0; 370 esp->conf.padlen = 0;
362 if (esp->conf.ivlen) { 371 if (esp->conf.ivlen) {
363 esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); 372 esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
@@ -365,7 +374,7 @@ static int esp_init_state(struct xfrm_state *x)
365 goto error; 374 goto error;
366 get_random_bytes(esp->conf.ivec, esp->conf.ivlen); 375 get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
367 } 376 }
368 if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) 377 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
369 goto error; 378 goto error;
370 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 379 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
371 if (x->props.mode) 380 if (x->props.mode)
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index e923d4dea418..0ba06c0c5d39 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -77,6 +77,7 @@ config INET6_ESP
77 select CRYPTO 77 select CRYPTO
78 select CRYPTO_HMAC 78 select CRYPTO_HMAC
79 select CRYPTO_MD5 79 select CRYPTO_MD5
80 select CRYPTO_CBC
80 select CRYPTO_SHA1 81 select CRYPTO_SHA1
81 select CRYPTO_DES 82 select CRYPTO_DES
82 ---help--- 83 ---help---
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index a278d5e862fe..46a7e687948e 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -24,6 +24,7 @@
24 * This file is derived from net/ipv4/esp.c 24 * This file is derived from net/ipv4/esp.c
25 */ 25 */
26 26
27#include <linux/err.h>
27#include <linux/module.h> 28#include <linux/module.h>
28#include <net/ip.h> 29#include <net/ip.h>
29#include <net/xfrm.h> 30#include <net/xfrm.h>
@@ -44,7 +45,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
44 int hdr_len; 45 int hdr_len;
45 struct ipv6hdr *top_iph; 46 struct ipv6hdr *top_iph;
46 struct ipv6_esp_hdr *esph; 47 struct ipv6_esp_hdr *esph;
47 struct crypto_tfm *tfm; 48 struct crypto_blkcipher *tfm;
49 struct blkcipher_desc desc;
48 struct esp_data *esp; 50 struct esp_data *esp;
49 struct sk_buff *trailer; 51 struct sk_buff *trailer;
50 int blksize; 52 int blksize;
@@ -67,7 +69,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
67 69
68 alen = esp->auth.icv_trunc_len; 70 alen = esp->auth.icv_trunc_len;
69 tfm = esp->conf.tfm; 71 tfm = esp->conf.tfm;
70 blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); 72 desc.tfm = tfm;
73 desc.flags = 0;
74 blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
71 clen = ALIGN(clen + 2, blksize); 75 clen = ALIGN(clen + 2, blksize);
72 if (esp->conf.padlen) 76 if (esp->conf.padlen)
73 clen = ALIGN(clen, esp->conf.padlen); 77 clen = ALIGN(clen, esp->conf.padlen);
@@ -96,7 +100,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
96 xfrm_aevent_doreplay(x); 100 xfrm_aevent_doreplay(x);
97 101
98 if (esp->conf.ivlen) 102 if (esp->conf.ivlen)
99 crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 103 crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
100 104
101 do { 105 do {
102 struct scatterlist *sg = &esp->sgbuf[0]; 106 struct scatterlist *sg = &esp->sgbuf[0];
@@ -107,14 +111,17 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
107 goto error; 111 goto error;
108 } 112 }
109 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); 113 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
110 crypto_cipher_encrypt(tfm, sg, sg, clen); 114 err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
111 if (unlikely(sg != &esp->sgbuf[0])) 115 if (unlikely(sg != &esp->sgbuf[0]))
112 kfree(sg); 116 kfree(sg);
113 } while (0); 117 } while (0);
114 118
119 if (unlikely(err))
120 goto error;
121
115 if (esp->conf.ivlen) { 122 if (esp->conf.ivlen) {
116 memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 123 memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
117 crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); 124 crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
118 } 125 }
119 126
120 if (esp->auth.icv_full_len) { 127 if (esp->auth.icv_full_len) {
@@ -123,8 +130,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
123 pskb_put(skb, trailer, alen); 130 pskb_put(skb, trailer, alen);
124 } 131 }
125 132
126 err = 0;
127
128error: 133error:
129 return err; 134 return err;
130} 135}
@@ -134,8 +139,10 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
134 struct ipv6hdr *iph; 139 struct ipv6hdr *iph;
135 struct ipv6_esp_hdr *esph; 140 struct ipv6_esp_hdr *esph;
136 struct esp_data *esp = x->data; 141 struct esp_data *esp = x->data;
142 struct crypto_blkcipher *tfm = esp->conf.tfm;
143 struct blkcipher_desc desc = { .tfm = tfm };
137 struct sk_buff *trailer; 144 struct sk_buff *trailer;
138 int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); 145 int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
139 int alen = esp->auth.icv_trunc_len; 146 int alen = esp->auth.icv_trunc_len;
140 int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; 147 int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen;
141 148
@@ -182,7 +189,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
182 189
183 /* Get ivec. This can be wrong, check against another impls. */ 190 /* Get ivec. This can be wrong, check against another impls. */
184 if (esp->conf.ivlen) 191 if (esp->conf.ivlen)
185 crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); 192 crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
186 193
187 { 194 {
188 u8 nexthdr[2]; 195 u8 nexthdr[2];
@@ -197,9 +204,11 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
197 } 204 }
198 } 205 }
199 skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); 206 skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen);
200 crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); 207 ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
201 if (unlikely(sg != &esp->sgbuf[0])) 208 if (unlikely(sg != &esp->sgbuf[0]))
202 kfree(sg); 209 kfree(sg);
210 if (unlikely(ret))
211 goto out;
203 212
204 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) 213 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
205 BUG(); 214 BUG();
@@ -225,7 +234,7 @@ out:
225static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) 234static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)
226{ 235{
227 struct esp_data *esp = x->data; 236 struct esp_data *esp = x->data;
228 u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); 237 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
229 238
230 if (x->props.mode) { 239 if (x->props.mode) {
231 mtu = ALIGN(mtu + 2, blksize); 240 mtu = ALIGN(mtu + 2, blksize);
@@ -266,7 +275,7 @@ static void esp6_destroy(struct xfrm_state *x)
266 if (!esp) 275 if (!esp)
267 return; 276 return;
268 277
269 crypto_free_tfm(esp->conf.tfm); 278 crypto_free_blkcipher(esp->conf.tfm);
270 esp->conf.tfm = NULL; 279 esp->conf.tfm = NULL;
271 kfree(esp->conf.ivec); 280 kfree(esp->conf.ivec);
272 esp->conf.ivec = NULL; 281 esp->conf.ivec = NULL;
@@ -280,6 +289,7 @@ static void esp6_destroy(struct xfrm_state *x)
280static int esp6_init_state(struct xfrm_state *x) 289static int esp6_init_state(struct xfrm_state *x)
281{ 290{
282 struct esp_data *esp = NULL; 291 struct esp_data *esp = NULL;
292 struct crypto_blkcipher *tfm;
283 293
284 /* null auth and encryption can have zero length keys */ 294 /* null auth and encryption can have zero length keys */
285 if (x->aalg) { 295 if (x->aalg) {
@@ -327,13 +337,11 @@ static int esp6_init_state(struct xfrm_state *x)
327 } 337 }
328 esp->conf.key = x->ealg->alg_key; 338 esp->conf.key = x->ealg->alg_key;
329 esp->conf.key_len = (x->ealg->alg_key_len+7)/8; 339 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
330 if (x->props.ealgo == SADB_EALG_NULL) 340 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
331 esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); 341 if (IS_ERR(tfm))
332 else
333 esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC);
334 if (esp->conf.tfm == NULL)
335 goto error; 342 goto error;
336 esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); 343 esp->conf.tfm = tfm;
344 esp->conf.ivlen = crypto_blkcipher_ivsize(tfm);
337 esp->conf.padlen = 0; 345 esp->conf.padlen = 0;
338 if (esp->conf.ivlen) { 346 if (esp->conf.ivlen) {
339 esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); 347 esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
@@ -341,7 +349,7 @@ static int esp6_init_state(struct xfrm_state *x)
341 goto error; 349 goto error;
342 get_random_bytes(esp->conf.ivec, esp->conf.ivlen); 350 get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
343 } 351 }
344 if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) 352 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
345 goto error; 353 goto error;
346 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; 354 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
347 if (x->props.mode) 355 if (x->props.mode)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index b68974b38741..9b03d8497fba 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -118,7 +118,8 @@ static struct xfrm_algo_desc aalg_list[] = {
118 118
119static struct xfrm_algo_desc ealg_list[] = { 119static struct xfrm_algo_desc ealg_list[] = {
120{ 120{
121 .name = "cipher_null", 121 .name = "ecb(cipher_null)",
122 .compat = "cipher_null",
122 123
123 .uinfo = { 124 .uinfo = {
124 .encr = { 125 .encr = {
@@ -135,7 +136,8 @@ static struct xfrm_algo_desc ealg_list[] = {
135 } 136 }
136}, 137},
137{ 138{
138 .name = "des", 139 .name = "cbc(des)",
140 .compat = "des",
139 141
140 .uinfo = { 142 .uinfo = {
141 .encr = { 143 .encr = {
@@ -152,7 +154,8 @@ static struct xfrm_algo_desc ealg_list[] = {
152 } 154 }
153}, 155},
154{ 156{
155 .name = "des3_ede", 157 .name = "cbc(des3_ede)",
158 .compat = "des3_ede",
156 159
157 .uinfo = { 160 .uinfo = {
158 .encr = { 161 .encr = {
@@ -169,7 +172,8 @@ static struct xfrm_algo_desc ealg_list[] = {
169 } 172 }
170}, 173},
171{ 174{
172 .name = "cast128", 175 .name = "cbc(cast128)",
176 .compat = "cast128",
173 177
174 .uinfo = { 178 .uinfo = {
175 .encr = { 179 .encr = {
@@ -186,7 +190,8 @@ static struct xfrm_algo_desc ealg_list[] = {
186 } 190 }
187}, 191},
188{ 192{
189 .name = "blowfish", 193 .name = "cbc(blowfish)",
194 .compat = "blowfish",
190 195
191 .uinfo = { 196 .uinfo = {
192 .encr = { 197 .encr = {
@@ -203,7 +208,8 @@ static struct xfrm_algo_desc ealg_list[] = {
203 } 208 }
204}, 209},
205{ 210{
206 .name = "aes", 211 .name = "cbc(aes)",
212 .compat = "aes",
207 213
208 .uinfo = { 214 .uinfo = {
209 .encr = { 215 .encr = {
@@ -220,7 +226,8 @@ static struct xfrm_algo_desc ealg_list[] = {
220 } 226 }
221}, 227},
222{ 228{
223 .name = "serpent", 229 .name = "cbc(serpent)",
230 .compat = "serpent",
224 231
225 .uinfo = { 232 .uinfo = {
226 .encr = { 233 .encr = {
@@ -237,7 +244,8 @@ static struct xfrm_algo_desc ealg_list[] = {
237 } 244 }
238}, 245},
239{ 246{
240 .name = "twofish", 247 .name = "cbc(twofish)",
248 .compat = "twofish",
241 249
242 .uinfo = { 250 .uinfo = {
243 .encr = { 251 .encr = {