diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:13:44 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:52 -0400 |
commit | 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch) | |
tree | 6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv6/esp6.c | |
parent | f0703c80e5156406ad947cb67fe277725b48080f (diff) |
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
This patch also kills the unused auth.icv member.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r-- | net/ipv6/esp6.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 2db31ce3c7e6..77281068d0f9 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x) | |||
297 | struct esp_data *esp = NULL; | 297 | struct esp_data *esp = NULL; |
298 | struct crypto_blkcipher *tfm; | 298 | struct crypto_blkcipher *tfm; |
299 | 299 | ||
300 | /* null auth and encryption can have zero length keys */ | ||
301 | if (x->aalg) { | ||
302 | if (x->aalg->alg_key_len > 512) | ||
303 | goto error; | ||
304 | } | ||
305 | if (x->ealg == NULL) | 300 | if (x->ealg == NULL) |
306 | goto error; | 301 | goto error; |
307 | 302 | ||
@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x) | |||
316 | struct xfrm_algo_desc *aalg_desc; | 311 | struct xfrm_algo_desc *aalg_desc; |
317 | struct crypto_hash *hash; | 312 | struct crypto_hash *hash; |
318 | 313 | ||
319 | esp->auth.key = x->aalg->alg_key; | ||
320 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; | ||
321 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, | 314 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, |
322 | CRYPTO_ALG_ASYNC); | 315 | CRYPTO_ALG_ASYNC); |
323 | if (IS_ERR(hash)) | 316 | if (IS_ERR(hash)) |
324 | goto error; | 317 | goto error; |
325 | 318 | ||
326 | esp->auth.tfm = hash; | 319 | esp->auth.tfm = hash; |
327 | if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) | 320 | if (crypto_hash_setkey(hash, x->aalg->alg_key, |
321 | (x->aalg->alg_key_len + 7) / 8)) | ||
328 | goto error; | 322 | goto error; |
329 | 323 | ||
330 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 324 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x) | |||
346 | if (!esp->auth.work_icv) | 340 | if (!esp->auth.work_icv) |
347 | goto error; | 341 | goto error; |
348 | } | 342 | } |
349 | esp->conf.key = x->ealg->alg_key; | ||
350 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | ||
351 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); | 343 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
352 | if (IS_ERR(tfm)) | 344 | if (IS_ERR(tfm)) |
353 | goto error; | 345 | goto error; |
@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x) | |||
360 | goto error; | 352 | goto error; |
361 | esp->conf.ivinitted = 0; | 353 | esp->conf.ivinitted = 0; |
362 | } | 354 | } |
363 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 355 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, |
356 | (x->ealg->alg_key_len + 7) / 8)) | ||
364 | goto error; | 357 | goto error; |
365 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; | 358 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; |
366 | if (x->props.mode == XFRM_MODE_TUNNEL) | 359 | if (x->props.mode == XFRM_MODE_TUNNEL) |