1 files changed, 19 insertions, 11 deletions

diff --git a/include/net/ah.h b/include/net/ah.h
index ceff00afae09..8f257c159902 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -1,6 +1,7 @@
 #ifndef _NET_AH_H
 #define _NET_AH_H
 
+#include <linux/crypto.h>
 #include <net/xfrm.h>
 
 /* This is the maximum truncated ICV length that we know of. */
@@ -14,22 +15,29 @@ struct ah_data
         int                     icv_full_len;
         int                     icv_trunc_len;
 
-        void                    (*icv)(struct ah_data*,
-                                       struct sk_buff *skb, u8 *icv);
-
-        struct crypto_tfm       *tfm;
+        struct crypto_hash      *tfm;
 };
 
-static inline void
-ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data)
+static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
+                                u8 *auth_data)
 {
-        struct crypto_tfm *tfm = ahp->tfm;
+        struct hash_desc desc;
+        int err;
+
+        desc.tfm = ahp->tfm;
+        desc.flags = 0;
 
         memset(auth_data, 0, ahp->icv_trunc_len);
-        crypto_hmac_init(tfm, ahp->key, &ahp->key_len);
-        skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update);
-        crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv);
-        memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len);
+        err = crypto_hash_init(&desc);
+        if (unlikely(err))
+                goto out;
+        err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
+        if (unlikely(err))
+                goto out;
+        err = crypto_hash_final(&desc, ahp->work_icv);
+
+out:
+        return err;
 }
 
 #endif