diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:14:34 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:53 -0400 |
commit | bc31d3b2c7d7f2a03721a05cb3c9a3ce8b1e2e5a (patch) | |
tree | 4e72919c351590c8276534e797eae8260d20f28c | |
parent | 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (diff) |
[IPSEC] ah: Remove keys from ah_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/ah.h | 2 | ||||
-rw-r--r-- | net/ipv4/ah4.c | 9 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 9 |
3 files changed, 4 insertions, 16 deletions
diff --git a/include/net/ah.h b/include/net/ah.h index 8f257c159902..5e758c2b5dd5 100644 --- a/include/net/ah.h +++ b/include/net/ah.h | |||
@@ -9,8 +9,6 @@ | |||
9 | 9 | ||
10 | struct ah_data | 10 | struct ah_data |
11 | { | 11 | { |
12 | u8 *key; | ||
13 | int key_len; | ||
14 | u8 *work_icv; | 12 | u8 *work_icv; |
15 | int icv_full_len; | 13 | int icv_full_len; |
16 | int icv_trunc_len; | 14 | int icv_trunc_len; |
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 39f6211f1496..dc1d8e871b24 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -219,10 +219,6 @@ static int ah_init_state(struct xfrm_state *x) | |||
219 | if (!x->aalg) | 219 | if (!x->aalg) |
220 | goto error; | 220 | goto error; |
221 | 221 | ||
222 | /* null auth can use a zero length key */ | ||
223 | if (x->aalg->alg_key_len > 512) | ||
224 | goto error; | ||
225 | |||
226 | if (x->encap) | 222 | if (x->encap) |
227 | goto error; | 223 | goto error; |
228 | 224 | ||
@@ -230,14 +226,13 @@ static int ah_init_state(struct xfrm_state *x) | |||
230 | if (ahp == NULL) | 226 | if (ahp == NULL) |
231 | return -ENOMEM; | 227 | return -ENOMEM; |
232 | 228 | ||
233 | ahp->key = x->aalg->alg_key; | ||
234 | ahp->key_len = (x->aalg->alg_key_len+7)/8; | ||
235 | tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC); | 229 | tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC); |
236 | if (IS_ERR(tfm)) | 230 | if (IS_ERR(tfm)) |
237 | goto error; | 231 | goto error; |
238 | 232 | ||
239 | ahp->tfm = tfm; | 233 | ahp->tfm = tfm; |
240 | if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len)) | 234 | if (crypto_hash_setkey(tfm, x->aalg->alg_key, |
235 | (x->aalg->alg_key_len + 7) / 8)) | ||
241 | goto error; | 236 | goto error; |
242 | 237 | ||
243 | /* | 238 | /* |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 53f46ab6af70..69a2030407b8 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -429,10 +429,6 @@ static int ah6_init_state(struct xfrm_state *x) | |||
429 | if (!x->aalg) | 429 | if (!x->aalg) |
430 | goto error; | 430 | goto error; |
431 | 431 | ||
432 | /* null auth can use a zero length key */ | ||
433 | if (x->aalg->alg_key_len > 512) | ||
434 | goto error; | ||
435 | |||
436 | if (x->encap) | 432 | if (x->encap) |
437 | goto error; | 433 | goto error; |
438 | 434 | ||
@@ -440,14 +436,13 @@ static int ah6_init_state(struct xfrm_state *x) | |||
440 | if (ahp == NULL) | 436 | if (ahp == NULL) |
441 | return -ENOMEM; | 437 | return -ENOMEM; |
442 | 438 | ||
443 | ahp->key = x->aalg->alg_key; | ||
444 | ahp->key_len = (x->aalg->alg_key_len+7)/8; | ||
445 | tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC); | 439 | tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC); |
446 | if (IS_ERR(tfm)) | 440 | if (IS_ERR(tfm)) |
447 | goto error; | 441 | goto error; |
448 | 442 | ||
449 | ahp->tfm = tfm; | 443 | ahp->tfm = tfm; |
450 | if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len)) | 444 | if (crypto_hash_setkey(tfm, x->aalg->alg_key, |
445 | (x->aalg->alg_key_len + 7) / 8)) | ||
451 | goto error; | 446 | goto error; |
452 | 447 | ||
453 | /* | 448 | /* |