diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:13:44 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:52 -0400 |
commit | 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch) | |
tree | 6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv4/esp4.c | |
parent | f0703c80e5156406ad947cb67fe277725b48080f (diff) |
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
This patch also kills the unused auth.icv member.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/esp4.c')
-rw-r--r-- | net/ipv4/esp4.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 98767a4f1185..d233e2e62500 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x) | |||
343 | struct crypto_blkcipher *tfm; | 343 | struct crypto_blkcipher *tfm; |
344 | u32 align; | 344 | u32 align; |
345 | 345 | ||
346 | /* null auth and encryption can have zero length keys */ | ||
347 | if (x->aalg) { | ||
348 | if (x->aalg->alg_key_len > 512) | ||
349 | goto error; | ||
350 | } | ||
351 | if (x->ealg == NULL) | 346 | if (x->ealg == NULL) |
352 | goto error; | 347 | goto error; |
353 | 348 | ||
@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x) | |||
359 | struct xfrm_algo_desc *aalg_desc; | 354 | struct xfrm_algo_desc *aalg_desc; |
360 | struct crypto_hash *hash; | 355 | struct crypto_hash *hash; |
361 | 356 | ||
362 | esp->auth.key = x->aalg->alg_key; | ||
363 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; | ||
364 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, | 357 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, |
365 | CRYPTO_ALG_ASYNC); | 358 | CRYPTO_ALG_ASYNC); |
366 | if (IS_ERR(hash)) | 359 | if (IS_ERR(hash)) |
367 | goto error; | 360 | goto error; |
368 | 361 | ||
369 | esp->auth.tfm = hash; | 362 | esp->auth.tfm = hash; |
370 | if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) | 363 | if (crypto_hash_setkey(hash, x->aalg->alg_key, |
364 | (x->aalg->alg_key_len + 7) / 8)) | ||
371 | goto error; | 365 | goto error; |
372 | 366 | ||
373 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 367 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
389 | if (!esp->auth.work_icv) | 383 | if (!esp->auth.work_icv) |
390 | goto error; | 384 | goto error; |
391 | } | 385 | } |
392 | esp->conf.key = x->ealg->alg_key; | 386 | |
393 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | ||
394 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); | 387 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
395 | if (IS_ERR(tfm)) | 388 | if (IS_ERR(tfm)) |
396 | goto error; | 389 | goto error; |
@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x) | |||
403 | goto error; | 396 | goto error; |
404 | esp->conf.ivinitted = 0; | 397 | esp->conf.ivinitted = 0; |
405 | } | 398 | } |
406 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 399 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, |
400 | (x->ealg->alg_key_len + 7) / 8)) | ||
407 | goto error; | 401 | goto error; |
408 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | 402 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; |
409 | if (x->props.mode == XFRM_MODE_TUNNEL) | 403 | if (x->props.mode == XFRM_MODE_TUNNEL) |