aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2014-09-18 04:38:18 -0400
committerSteffen Klassert <steffen.klassert@secunet.com>2014-09-18 04:54:36 -0400
commit689f1c9de2abbd76fda224d12cea5f43568a4335 (patch)
treef35811bbe3d315a6e966c3bdd25abcf4e45c7352
parent880a6fab8f6ba5b5abe59ea68533202ddea1012c (diff)
ipsec: Remove obsolete MAX_AH_AUTH_LEN
While tracking down the MAX_AH_AUTH_LEN crash in an old kernel I thought that this limit was rather arbitrary and we should just get rid of it. In fact it seems that we've already done all the work needed to remove it apart from actually removing it. This limit was there in order to limit stack usage. Since we've already switched over to allocating scratch space using kmalloc, there is no longer any need to limit the authentication length. This patch kills all references to it, including the BUG_ONs that led me here. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r--include/net/ah.h3
-rw-r--r--net/ipv4/ah4.c2
-rw-r--r--net/ipv6/ah6.c2
-rw-r--r--net/xfrm/xfrm_user.c3
4 files changed, 1 insertions, 9 deletions
diff --git a/include/net/ah.h b/include/net/ah.h
index ca95b98969dd..4e2dfa474a7e 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -3,9 +3,6 @@
3 3
4#include <linux/skbuff.h> 4#include <linux/skbuff.h>
5 5
6/* This is the maximum truncated ICV length that we know of. */
7#define MAX_AH_AUTH_LEN 64
8
9struct crypto_ahash; 6struct crypto_ahash;
10 7
11struct ah_data { 8struct ah_data {
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index a2afa89513a0..ac9a32ec3ee4 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x)
505 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 505 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
506 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; 506 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
507 507
508 BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
509
510 if (x->props.flags & XFRM_STATE_ALIGN4) 508 if (x->props.flags & XFRM_STATE_ALIGN4)
511 x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + 509 x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) +
512 ahp->icv_trunc_len); 510 ahp->icv_trunc_len);
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index fcffd4e522c8..6d16eb0e0c7f 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x)
713 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 713 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
714 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; 714 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
715 715
716 BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
717
718 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + 716 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
719 ahp->icv_trunc_len); 717 ahp->icv_trunc_len);
720 switch (x->props.mode) { 718 switch (x->props.mode) {
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index eaf8a8f1cbe8..e812e988c111 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
333 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 333 algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
334 if (!algo) 334 if (!algo)
335 return -ENOSYS; 335 return -ENOSYS;
336 if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || 336 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
337 ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
338 return -EINVAL; 337 return -EINVAL;
339 *props = algo->desc.sadb_alg_id; 338 *props = algo->desc.sadb_alg_id;
340 339