diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2014-09-18 04:38:18 -0400 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-09-18 04:54:36 -0400 |
| commit | 689f1c9de2abbd76fda224d12cea5f43568a4335 (patch) | |
| tree | f35811bbe3d315a6e966c3bdd25abcf4e45c7352 /net | |
| parent | 880a6fab8f6ba5b5abe59ea68533202ddea1012c (diff) | |
ipsec: Remove obsolete MAX_AH_AUTH_LEN
While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.
In fact it seems that we've already done all the work needed
to remove it apart from actually removing it. This limit was
there in order to limit stack usage. Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.
This patch kills all references to it, including the BUG_ONs
that led me here.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
| -rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
3 files changed, 1 insertions, 6 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index a2afa89513a0..ac9a32ec3ee4 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
| @@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x) | |||
| 505 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; | 505 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; |
| 506 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; | 506 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; |
| 507 | 507 | ||
| 508 | BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); | ||
| 509 | |||
| 510 | if (x->props.flags & XFRM_STATE_ALIGN4) | 508 | if (x->props.flags & XFRM_STATE_ALIGN4) |
| 511 | x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + | 509 | x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + |
| 512 | ahp->icv_trunc_len); | 510 | ahp->icv_trunc_len); |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index fcffd4e522c8..6d16eb0e0c7f 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
| @@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x) | |||
| 713 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; | 713 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; |
| 714 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; | 714 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; |
| 715 | 715 | ||
| 716 | BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); | ||
| 717 | |||
| 718 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + | 716 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + |
| 719 | ahp->icv_trunc_len); | 717 | ahp->icv_trunc_len); |
| 720 | switch (x->props.mode) { | 718 | switch (x->props.mode) { |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index eaf8a8f1cbe8..e812e988c111 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, | |||
| 333 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); | 333 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); |
| 334 | if (!algo) | 334 | if (!algo) |
| 335 | return -ENOSYS; | 335 | return -ENOSYS; |
| 336 | if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || | 336 | if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) |
| 337 | ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | ||
| 338 | return -EINVAL; | 337 | return -EINVAL; |
| 339 | *props = algo->desc.sadb_alg_id; | 338 | *props = algo->desc.sadb_alg_id; |
| 340 | 339 | ||