aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/esp6.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-08 20:13:44 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:54:52 -0400
commit4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch)
tree6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv6/esp6.c
parentf0703c80e5156406ad947cb67fe277725b48080f (diff)
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r--net/ipv6/esp6.c15
1 files changed, 4 insertions, 11 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 2db31ce3c7e6..77281068d0f9 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
297 struct esp_data *esp = NULL; 297 struct esp_data *esp = NULL;
298 struct crypto_blkcipher *tfm; 298 struct crypto_blkcipher *tfm;
299 299
300 /* null auth and encryption can have zero length keys */
301 if (x->aalg) {
302 if (x->aalg->alg_key_len > 512)
303 goto error;
304 }
305 if (x->ealg == NULL) 300 if (x->ealg == NULL)
306 goto error; 301 goto error;
307 302
@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
316 struct xfrm_algo_desc *aalg_desc; 311 struct xfrm_algo_desc *aalg_desc;
317 struct crypto_hash *hash; 312 struct crypto_hash *hash;
318 313
319 esp->auth.key = x->aalg->alg_key;
320 esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
321 hash = crypto_alloc_hash(x->aalg->alg_name, 0, 314 hash = crypto_alloc_hash(x->aalg->alg_name, 0,
322 CRYPTO_ALG_ASYNC); 315 CRYPTO_ALG_ASYNC);
323 if (IS_ERR(hash)) 316 if (IS_ERR(hash))
324 goto error; 317 goto error;
325 318
326 esp->auth.tfm = hash; 319 esp->auth.tfm = hash;
327 if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) 320 if (crypto_hash_setkey(hash, x->aalg->alg_key,
321 (x->aalg->alg_key_len + 7) / 8))
328 goto error; 322 goto error;
329 323
330 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 324 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
346 if (!esp->auth.work_icv) 340 if (!esp->auth.work_icv)
347 goto error; 341 goto error;
348 } 342 }
349 esp->conf.key = x->ealg->alg_key;
350 esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
351 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); 343 tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
352 if (IS_ERR(tfm)) 344 if (IS_ERR(tfm))
353 goto error; 345 goto error;
@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
360 goto error; 352 goto error;
361 esp->conf.ivinitted = 0; 353 esp->conf.ivinitted = 0;
362 } 354 }
363 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 355 if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
356 (x->ealg->alg_key_len + 7) / 8))
364 goto error; 357 goto error;
365 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; 358 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
366 if (x->props.mode == XFRM_MODE_TUNNEL) 359 if (x->props.mode == XFRM_MODE_TUNNEL)