aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/esp.h7
-rw-r--r--net/ipv4/esp4.c40
-rw-r--r--net/ipv6/esp6.c39
3 files changed, 28 insertions, 58 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index 706b740d7057..c92213c38312 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -3,13 +3,6 @@
3 3
4#include <linux/skbuff.h> 4#include <linux/skbuff.h>
5 5
6struct crypto_aead;
7
8struct esp_data {
9 /* Confidentiality & Integrity */
10 struct crypto_aead *aead;
11};
12
13void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 6void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
14 7
15struct ip_esp_hdr; 8struct ip_esp_hdr;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 8b5386a6cb88..7785b28061ac 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -121,7 +121,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
121 struct aead_givcrypt_request *req; 121 struct aead_givcrypt_request *req;
122 struct scatterlist *sg; 122 struct scatterlist *sg;
123 struct scatterlist *asg; 123 struct scatterlist *asg;
124 struct esp_data *esp;
125 struct sk_buff *trailer; 124 struct sk_buff *trailer;
126 void *tmp; 125 void *tmp;
127 u8 *iv; 126 u8 *iv;
@@ -139,8 +138,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
139 138
140 /* skb is pure payload to encrypt */ 139 /* skb is pure payload to encrypt */
141 140
142 esp = x->data; 141 aead = x->data;
143 aead = esp->aead;
144 alen = crypto_aead_authsize(aead); 142 alen = crypto_aead_authsize(aead);
145 143
146 tfclen = 0; 144 tfclen = 0;
@@ -278,8 +276,7 @@ static int esp_input_done2(struct sk_buff *skb, int err)
278{ 276{
279 const struct iphdr *iph; 277 const struct iphdr *iph;
280 struct xfrm_state *x = xfrm_input_state(skb); 278 struct xfrm_state *x = xfrm_input_state(skb);
281 struct esp_data *esp = x->data; 279 struct crypto_aead *aead = x->data;
282 struct crypto_aead *aead = esp->aead;
283 int alen = crypto_aead_authsize(aead); 280 int alen = crypto_aead_authsize(aead);
284 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); 281 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
285 int elen = skb->len - hlen; 282 int elen = skb->len - hlen;
@@ -374,8 +371,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
374static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 371static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
375{ 372{
376 struct ip_esp_hdr *esph; 373 struct ip_esp_hdr *esph;
377 struct esp_data *esp = x->data; 374 struct crypto_aead *aead = x->data;
378 struct crypto_aead *aead = esp->aead;
379 struct aead_request *req; 375 struct aead_request *req;
380 struct sk_buff *trailer; 376 struct sk_buff *trailer;
381 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); 377 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
@@ -457,8 +453,8 @@ out:
457 453
458static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) 454static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
459{ 455{
460 struct esp_data *esp = x->data; 456 struct crypto_aead *aead = x->data;
461 u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); 457 u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
462 unsigned int net_adj; 458 unsigned int net_adj;
463 459
464 switch (x->props.mode) { 460 switch (x->props.mode) {
@@ -473,7 +469,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
473 BUG(); 469 BUG();
474 } 470 }
475 471
476 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 472 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
477 net_adj) & ~(blksize - 1)) + net_adj - 2; 473 net_adj) & ~(blksize - 1)) + net_adj - 2;
478} 474}
479 475
@@ -508,18 +504,16 @@ static void esp4_err(struct sk_buff *skb, u32 info)
508 504
509static void esp_destroy(struct xfrm_state *x) 505static void esp_destroy(struct xfrm_state *x)
510{ 506{
511 struct esp_data *esp = x->data; 507 struct crypto_aead *aead = x->data;
512 508
513 if (!esp) 509 if (!aead)
514 return; 510 return;
515 511
516 crypto_free_aead(esp->aead); 512 crypto_free_aead(aead);
517 kfree(esp);
518} 513}
519 514
520static int esp_init_aead(struct xfrm_state *x) 515static int esp_init_aead(struct xfrm_state *x)
521{ 516{
522 struct esp_data *esp = x->data;
523 struct crypto_aead *aead; 517 struct crypto_aead *aead;
524 int err; 518 int err;
525 519
@@ -528,7 +522,7 @@ static int esp_init_aead(struct xfrm_state *x)
528 if (IS_ERR(aead)) 522 if (IS_ERR(aead))
529 goto error; 523 goto error;
530 524
531 esp->aead = aead; 525 x->data = aead;
532 526
533 err = crypto_aead_setkey(aead, x->aead->alg_key, 527 err = crypto_aead_setkey(aead, x->aead->alg_key,
534 (x->aead->alg_key_len + 7) / 8); 528 (x->aead->alg_key_len + 7) / 8);
@@ -545,7 +539,6 @@ error:
545 539
546static int esp_init_authenc(struct xfrm_state *x) 540static int esp_init_authenc(struct xfrm_state *x)
547{ 541{
548 struct esp_data *esp = x->data;
549 struct crypto_aead *aead; 542 struct crypto_aead *aead;
550 struct crypto_authenc_key_param *param; 543 struct crypto_authenc_key_param *param;
551 struct rtattr *rta; 544 struct rtattr *rta;
@@ -580,7 +573,7 @@ static int esp_init_authenc(struct xfrm_state *x)
580 if (IS_ERR(aead)) 573 if (IS_ERR(aead))
581 goto error; 574 goto error;
582 575
583 esp->aead = aead; 576 x->data = aead;
584 577
585 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + 578 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
586 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); 579 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
@@ -635,16 +628,11 @@ error:
635 628
636static int esp_init_state(struct xfrm_state *x) 629static int esp_init_state(struct xfrm_state *x)
637{ 630{
638 struct esp_data *esp;
639 struct crypto_aead *aead; 631 struct crypto_aead *aead;
640 u32 align; 632 u32 align;
641 int err; 633 int err;
642 634
643 esp = kzalloc(sizeof(*esp), GFP_KERNEL); 635 x->data = NULL;
644 if (esp == NULL)
645 return -ENOMEM;
646
647 x->data = esp;
648 636
649 if (x->aead) 637 if (x->aead)
650 err = esp_init_aead(x); 638 err = esp_init_aead(x);
@@ -654,7 +642,7 @@ static int esp_init_state(struct xfrm_state *x)
654 if (err) 642 if (err)
655 goto error; 643 goto error;
656 644
657 aead = esp->aead; 645 aead = x->data;
658 646
659 x->props.header_len = sizeof(struct ip_esp_hdr) + 647 x->props.header_len = sizeof(struct ip_esp_hdr) +
660 crypto_aead_ivsize(aead); 648 crypto_aead_ivsize(aead);
@@ -678,7 +666,7 @@ static int esp_init_state(struct xfrm_state *x)
678 } 666 }
679 667
680 align = ALIGN(crypto_aead_blocksize(aead), 4); 668 align = ALIGN(crypto_aead_blocksize(aead), 4);
681 x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); 669 x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
682 670
683error: 671error:
684 return err; 672 return err;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 0073cd096984..87eb79e65e49 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -164,10 +164,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
164 u8 *iv; 164 u8 *iv;
165 u8 *tail; 165 u8 *tail;
166 __be32 *seqhi; 166 __be32 *seqhi;
167 struct esp_data *esp = x->data;
168 167
169 /* skb is pure payload to encrypt */ 168 /* skb is pure payload to encrypt */
170 aead = esp->aead; 169 aead = x->data;
171 alen = crypto_aead_authsize(aead); 170 alen = crypto_aead_authsize(aead);
172 171
173 tfclen = 0; 172 tfclen = 0;
@@ -269,8 +268,7 @@ error:
269static int esp_input_done2(struct sk_buff *skb, int err) 268static int esp_input_done2(struct sk_buff *skb, int err)
270{ 269{
271 struct xfrm_state *x = xfrm_input_state(skb); 270 struct xfrm_state *x = xfrm_input_state(skb);
272 struct esp_data *esp = x->data; 271 struct crypto_aead *aead = x->data;
273 struct crypto_aead *aead = esp->aead;
274 int alen = crypto_aead_authsize(aead); 272 int alen = crypto_aead_authsize(aead);
275 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); 273 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
276 int elen = skb->len - hlen; 274 int elen = skb->len - hlen;
@@ -323,8 +321,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
323static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) 321static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
324{ 322{
325 struct ip_esp_hdr *esph; 323 struct ip_esp_hdr *esph;
326 struct esp_data *esp = x->data; 324 struct crypto_aead *aead = x->data;
327 struct crypto_aead *aead = esp->aead;
328 struct aead_request *req; 325 struct aead_request *req;
329 struct sk_buff *trailer; 326 struct sk_buff *trailer;
330 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); 327 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
@@ -412,8 +409,8 @@ out:
412 409
413static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) 410static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
414{ 411{
415 struct esp_data *esp = x->data; 412 struct crypto_aead *aead = x->data;
416 u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); 413 u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
417 unsigned int net_adj; 414 unsigned int net_adj;
418 415
419 if (x->props.mode != XFRM_MODE_TUNNEL) 416 if (x->props.mode != XFRM_MODE_TUNNEL)
@@ -421,7 +418,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
421 else 418 else
422 net_adj = 0; 419 net_adj = 0;
423 420
424 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 421 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
425 net_adj) & ~(blksize - 1)) + net_adj - 2; 422 net_adj) & ~(blksize - 1)) + net_adj - 2;
426} 423}
427 424
@@ -452,18 +449,16 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
452 449
453static void esp6_destroy(struct xfrm_state *x) 450static void esp6_destroy(struct xfrm_state *x)
454{ 451{
455 struct esp_data *esp = x->data; 452 struct crypto_aead *aead = x->data;
456 453
457 if (!esp) 454 if (!aead)
458 return; 455 return;
459 456
460 crypto_free_aead(esp->aead); 457 crypto_free_aead(aead);
461 kfree(esp);
462} 458}
463 459
464static int esp_init_aead(struct xfrm_state *x) 460static int esp_init_aead(struct xfrm_state *x)
465{ 461{
466 struct esp_data *esp = x->data;
467 struct crypto_aead *aead; 462 struct crypto_aead *aead;
468 int err; 463 int err;
469 464
@@ -472,7 +467,7 @@ static int esp_init_aead(struct xfrm_state *x)
472 if (IS_ERR(aead)) 467 if (IS_ERR(aead))
473 goto error; 468 goto error;
474 469
475 esp->aead = aead; 470 x->data = aead;
476 471
477 err = crypto_aead_setkey(aead, x->aead->alg_key, 472 err = crypto_aead_setkey(aead, x->aead->alg_key,
478 (x->aead->alg_key_len + 7) / 8); 473 (x->aead->alg_key_len + 7) / 8);
@@ -489,7 +484,6 @@ error:
489 484
490static int esp_init_authenc(struct xfrm_state *x) 485static int esp_init_authenc(struct xfrm_state *x)
491{ 486{
492 struct esp_data *esp = x->data;
493 struct crypto_aead *aead; 487 struct crypto_aead *aead;
494 struct crypto_authenc_key_param *param; 488 struct crypto_authenc_key_param *param;
495 struct rtattr *rta; 489 struct rtattr *rta;
@@ -524,7 +518,7 @@ static int esp_init_authenc(struct xfrm_state *x)
524 if (IS_ERR(aead)) 518 if (IS_ERR(aead))
525 goto error; 519 goto error;
526 520
527 esp->aead = aead; 521 x->data = aead;
528 522
529 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + 523 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
530 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); 524 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
@@ -579,7 +573,6 @@ error:
579 573
580static int esp6_init_state(struct xfrm_state *x) 574static int esp6_init_state(struct xfrm_state *x)
581{ 575{
582 struct esp_data *esp;
583 struct crypto_aead *aead; 576 struct crypto_aead *aead;
584 u32 align; 577 u32 align;
585 int err; 578 int err;
@@ -587,11 +580,7 @@ static int esp6_init_state(struct xfrm_state *x)
587 if (x->encap) 580 if (x->encap)
588 return -EINVAL; 581 return -EINVAL;
589 582
590 esp = kzalloc(sizeof(*esp), GFP_KERNEL); 583 x->data = NULL;
591 if (esp == NULL)
592 return -ENOMEM;
593
594 x->data = esp;
595 584
596 if (x->aead) 585 if (x->aead)
597 err = esp_init_aead(x); 586 err = esp_init_aead(x);
@@ -601,7 +590,7 @@ static int esp6_init_state(struct xfrm_state *x)
601 if (err) 590 if (err)
602 goto error; 591 goto error;
603 592
604 aead = esp->aead; 593 aead = x->data;
605 594
606 x->props.header_len = sizeof(struct ip_esp_hdr) + 595 x->props.header_len = sizeof(struct ip_esp_hdr) +
607 crypto_aead_ivsize(aead); 596 crypto_aead_ivsize(aead);
@@ -621,7 +610,7 @@ static int esp6_init_state(struct xfrm_state *x)
621 } 610 }
622 611
623 align = ALIGN(crypto_aead_blocksize(aead), 4); 612 align = ALIGN(crypto_aead_blocksize(aead), 4);
624 x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); 613 x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
625 614
626error: 615error:
627 return err; 616 return err;
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-28 23:23:18 -0500