aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-08 20:13:44 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:54:52 -0400
commit4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch)
tree6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv4
parentf0703c80e5156406ad947cb67fe277725b48080f (diff)
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/esp4.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 98767a4f1185..d233e2e62500 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
343 struct crypto_blkcipher *tfm; 343 struct crypto_blkcipher *tfm;
344 u32 align; 344 u32 align;
345 345
346 /* null auth and encryption can have zero length keys */
347 if (x->aalg) {
348 if (x->aalg->alg_key_len > 512)
349 goto error;
350 }
351 if (x->ealg == NULL) 346 if (x->ealg == NULL)
352 goto error; 347 goto error;
353 348
@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
359 struct xfrm_algo_desc *aalg_desc; 354 struct xfrm_algo_desc *aalg_desc;
360 struct crypto_hash *hash; 355 struct crypto_hash *hash;
361 356
362 esp->auth.key = x->aalg->alg_key;
363 esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
364 hash = crypto_alloc_hash(x->aalg->alg_name, 0, 357 hash = crypto_alloc_hash(x->aalg->alg_name, 0,
365 CRYPTO_ALG_ASYNC); 358 CRYPTO_ALG_ASYNC);
366 if (IS_ERR(hash)) 359 if (IS_ERR(hash))
367 goto error; 360 goto error;
368 361
369 esp->auth.tfm = hash; 362 esp->auth.tfm = hash;
370 if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) 363 if (crypto_hash_setkey(hash, x->aalg->alg_key,
364 (x->aalg->alg_key_len + 7) / 8))
371 goto error; 365 goto error;
372 366
373 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 367 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
389 if (!esp->auth.work_icv) 383 if (!esp->auth.work_icv)
390 goto error; 384 goto error;
391 } 385 }
392 esp->conf.key = x->ealg->alg_key; 386
393 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
394 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); 387 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
395 if (IS_ERR(tfm)) 388 if (IS_ERR(tfm))
396 goto error; 389 goto error;
@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
403 goto error; 396 goto error;
404 esp->conf.ivinitted = 0; 397 esp->conf.ivinitted = 0;
405 } 398 }
406 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 399 if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
400 (x->ealg->alg_key_len + 7) / 8))
407 goto error; 401 goto error;
408 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 402 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
409 if (x->props.mode == XFRM_MODE_TUNNEL) 403 if (x->props.mode == XFRM_MODE_TUNNEL)