diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:13:44 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:52 -0400 |
| commit | 4b7137ff8fb49d7bf22dfa248baa0d02ace2c43d (patch) | |
| tree | 6a9571d7d5a3d43ec9cd8c661900fe78f89db6b6 /net/ipv6 | |
| parent | f0703c80e5156406ad947cb67fe277725b48080f (diff) | |
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
This patch also kills the unused auth.icv member.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/esp6.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 2db31ce3c7e6..77281068d0f9 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 297 | struct esp_data *esp = NULL; | 297 | struct esp_data *esp = NULL; |
| 298 | struct crypto_blkcipher *tfm; | 298 | struct crypto_blkcipher *tfm; |
| 299 | 299 | ||
| 300 | /* null auth and encryption can have zero length keys */ | ||
| 301 | if (x->aalg) { | ||
| 302 | if (x->aalg->alg_key_len > 512) | ||
| 303 | goto error; | ||
| 304 | } | ||
| 305 | if (x->ealg == NULL) | 300 | if (x->ealg == NULL) |
| 306 | goto error; | 301 | goto error; |
| 307 | 302 | ||
| @@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 316 | struct xfrm_algo_desc *aalg_desc; | 311 | struct xfrm_algo_desc *aalg_desc; |
| 317 | struct crypto_hash *hash; | 312 | struct crypto_hash *hash; |
| 318 | 313 | ||
| 319 | esp->auth.key = x->aalg->alg_key; | ||
| 320 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; | ||
| 321 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, | 314 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, |
| 322 | CRYPTO_ALG_ASYNC); | 315 | CRYPTO_ALG_ASYNC); |
| 323 | if (IS_ERR(hash)) | 316 | if (IS_ERR(hash)) |
| 324 | goto error; | 317 | goto error; |
| 325 | 318 | ||
| 326 | esp->auth.tfm = hash; | 319 | esp->auth.tfm = hash; |
| 327 | if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) | 320 | if (crypto_hash_setkey(hash, x->aalg->alg_key, |
| 321 | (x->aalg->alg_key_len + 7) / 8)) | ||
| 328 | goto error; | 322 | goto error; |
| 329 | 323 | ||
| 330 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 324 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
| @@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 346 | if (!esp->auth.work_icv) | 340 | if (!esp->auth.work_icv) |
| 347 | goto error; | 341 | goto error; |
| 348 | } | 342 | } |
| 349 | esp->conf.key = x->ealg->alg_key; | ||
| 350 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | ||
| 351 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); | 343 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
| 352 | if (IS_ERR(tfm)) | 344 | if (IS_ERR(tfm)) |
| 353 | goto error; | 345 | goto error; |
| @@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 360 | goto error; | 352 | goto error; |
| 361 | esp->conf.ivinitted = 0; | 353 | esp->conf.ivinitted = 0; |
| 362 | } | 354 | } |
| 363 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) | 355 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, |
| 356 | (x->ealg->alg_key_len + 7) / 8)) | ||
| 364 | goto error; | 357 | goto error; |
| 365 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; | 358 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; |
| 366 | if (x->props.mode == XFRM_MODE_TUNNEL) | 359 | if (x->props.mode == XFRM_MODE_TUNNEL) |