diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:13:44 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:52 -0400 |
| commit | 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch) | |
| tree | 6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv4/esp4.c | |
| parent | f0703c80e5156406ad947cb67fe277725b48080f (diff) | |
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
This patch also kills the unused auth.icv member.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/esp4.c')
| -rw-r--r-- | net/ipv4/esp4.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 98767a4f1185..d233e2e62500 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 343 | struct crypto_blkcipher *tfm; | 343 | struct crypto_blkcipher *tfm; |
| 344 | u32 align; | 344 | u32 align; |
| 345 | 345 | ||
| 346 | /* null auth and encryption can have zero length keys */ | ||
| 347 | if (x->aalg) { | ||
| 348 | if (x->aalg->alg_key_len > 512) | ||
| 349 | goto error; | ||
| 350 | } | ||
| 351 | if (x->ealg == NULL) | 346 | if (x->ealg == NULL) |
| 352 | goto error; | 347 | goto error; |
| 353 | 348 | ||
| @@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 359 | struct xfrm_algo_desc *aalg_desc; | 354 | struct xfrm_algo_desc *aalg_desc; |
| 360 | struct crypto_hash *hash; | 355 | struct crypto_hash *hash; |
| 361 | 356 | ||
| 362 | esp->auth.key = x->aalg->alg_key; | ||
| 363 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; | ||
| 364 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, | 357 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, |
| 365 | CRYPTO_ALG_ASYNC); | 358 | CRYPTO_ALG_ASYNC); |
| 366 | if (IS_ERR(hash)) | 359 | if (IS_ERR(hash)) |
| 367 | goto error; | 360 | goto error; |
| 368 | 361 | ||
| 369 | esp->auth.tfm = hash; | 362 | esp->auth.tfm = hash; |
| 370 | if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) | 363 | if (crypto_hash_setkey(hash, x->aalg->alg_key, |
| 364 | (x->aalg->alg_key_len + 7) / 8)) | ||
| 371 | goto error; | 365 | goto error; |
| 372 | 366 | ||
| 373 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 367 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
| @@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 389 | if (!esp->auth.work_icv) | 383 | if (!esp->auth.work_icv) |
| 390 | goto error; | 384 | goto error; |
| 391 | } | 385 | } |
| 392 | esp->conf.key = x->ealg->alg_key; | 386 | |
| 393 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | ||
| 394 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); | 387 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
| 395 | if (IS_ERR(tfm)) | 388 | if (IS_ERR(tfm)) |
| 396 | goto error; | 389 | goto error; |
| @@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 403 | goto error; | 396 | goto error; |
| 404 | esp->conf.ivinitted = 0; | 397 | esp->conf.ivinitted = 0; |
| 405 | } | 398 | } |
| 406 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 399 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, |
| 400 | (x->ealg->alg_key_len + 7) / 8)) | ||
| 407 | goto error; | 401 | goto error; |
| 408 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | 402 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; |
| 409 | if (x->props.mode == XFRM_MODE_TUNNEL) | 403 | if (x->props.mode == XFRM_MODE_TUNNEL) |