diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/Kconfig | 1 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 35 | ||||
-rw-r--r-- | net/ipv6/datagram.c | 2 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 90 | ||||
-rw-r--r-- | net/ipv6/icmp.c | 4 | ||||
-rw-r--r-- | net/ipv6/ipcomp6.c | 25 | ||||
-rw-r--r-- | net/ipv6/ipv6_sockglue.c | 4 | ||||
-rw-r--r-- | net/ipv6/raw.c | 2 |
8 files changed, 96 insertions, 67 deletions
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index e923d4dea418..0ba06c0c5d39 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig | |||
@@ -77,6 +77,7 @@ config INET6_ESP | |||
77 | select CRYPTO | 77 | select CRYPTO |
78 | select CRYPTO_HMAC | 78 | select CRYPTO_HMAC |
79 | select CRYPTO_MD5 | 79 | select CRYPTO_MD5 |
80 | select CRYPTO_CBC | ||
80 | select CRYPTO_SHA1 | 81 | select CRYPTO_SHA1 |
81 | select CRYPTO_DES | 82 | select CRYPTO_DES |
82 | ---help--- | 83 | ---help--- |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 9d4831bd4335..00ffa7bc6c9f 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -213,7 +213,10 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
213 | ah->spi = x->id.spi; | 213 | ah->spi = x->id.spi; |
214 | ah->seq_no = htonl(++x->replay.oseq); | 214 | ah->seq_no = htonl(++x->replay.oseq); |
215 | xfrm_aevent_doreplay(x); | 215 | xfrm_aevent_doreplay(x); |
216 | ahp->icv(ahp, skb, ah->auth_data); | 216 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
217 | if (err) | ||
218 | goto error_free_iph; | ||
219 | memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len); | ||
217 | 220 | ||
218 | err = 0; | 221 | err = 0; |
219 | 222 | ||
@@ -251,6 +254,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
251 | u16 hdr_len; | 254 | u16 hdr_len; |
252 | u16 ah_hlen; | 255 | u16 ah_hlen; |
253 | int nexthdr; | 256 | int nexthdr; |
257 | int err = -EINVAL; | ||
254 | 258 | ||
255 | if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr))) | 259 | if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr))) |
256 | goto out; | 260 | goto out; |
@@ -292,8 +296,11 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
292 | memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len); | 296 | memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len); |
293 | memset(ah->auth_data, 0, ahp->icv_trunc_len); | 297 | memset(ah->auth_data, 0, ahp->icv_trunc_len); |
294 | skb_push(skb, hdr_len); | 298 | skb_push(skb, hdr_len); |
295 | ahp->icv(ahp, skb, ah->auth_data); | 299 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
296 | if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) { | 300 | if (err) |
301 | goto free_out; | ||
302 | err = -EINVAL; | ||
303 | if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) { | ||
297 | LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n"); | 304 | LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n"); |
298 | x->stats.integrity_failed++; | 305 | x->stats.integrity_failed++; |
299 | goto free_out; | 306 | goto free_out; |
@@ -310,7 +317,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
310 | free_out: | 317 | free_out: |
311 | kfree(tmp_hdr); | 318 | kfree(tmp_hdr); |
312 | out: | 319 | out: |
313 | return -EINVAL; | 320 | return err; |
314 | } | 321 | } |
315 | 322 | ||
316 | static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | 323 | static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
@@ -338,6 +345,7 @@ static int ah6_init_state(struct xfrm_state *x) | |||
338 | { | 345 | { |
339 | struct ah_data *ahp = NULL; | 346 | struct ah_data *ahp = NULL; |
340 | struct xfrm_algo_desc *aalg_desc; | 347 | struct xfrm_algo_desc *aalg_desc; |
348 | struct crypto_hash *tfm; | ||
341 | 349 | ||
342 | if (!x->aalg) | 350 | if (!x->aalg) |
343 | goto error; | 351 | goto error; |
@@ -355,24 +363,27 @@ static int ah6_init_state(struct xfrm_state *x) | |||
355 | 363 | ||
356 | ahp->key = x->aalg->alg_key; | 364 | ahp->key = x->aalg->alg_key; |
357 | ahp->key_len = (x->aalg->alg_key_len+7)/8; | 365 | ahp->key_len = (x->aalg->alg_key_len+7)/8; |
358 | ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0); | 366 | tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC); |
359 | if (!ahp->tfm) | 367 | if (IS_ERR(tfm)) |
368 | goto error; | ||
369 | |||
370 | ahp->tfm = tfm; | ||
371 | if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len)) | ||
360 | goto error; | 372 | goto error; |
361 | ahp->icv = ah_hmac_digest; | ||
362 | 373 | ||
363 | /* | 374 | /* |
364 | * Lookup the algorithm description maintained by xfrm_algo, | 375 | * Lookup the algorithm description maintained by xfrm_algo, |
365 | * verify crypto transform properties, and store information | 376 | * verify crypto transform properties, and store information |
366 | * we need for AH processing. This lookup cannot fail here | 377 | * we need for AH processing. This lookup cannot fail here |
367 | * after a successful crypto_alloc_tfm(). | 378 | * after a successful crypto_alloc_hash(). |
368 | */ | 379 | */ |
369 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 380 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
370 | BUG_ON(!aalg_desc); | 381 | BUG_ON(!aalg_desc); |
371 | 382 | ||
372 | if (aalg_desc->uinfo.auth.icv_fullbits/8 != | 383 | if (aalg_desc->uinfo.auth.icv_fullbits/8 != |
373 | crypto_tfm_alg_digestsize(ahp->tfm)) { | 384 | crypto_hash_digestsize(tfm)) { |
374 | printk(KERN_INFO "AH: %s digestsize %u != %hu\n", | 385 | printk(KERN_INFO "AH: %s digestsize %u != %hu\n", |
375 | x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm), | 386 | x->aalg->alg_name, crypto_hash_digestsize(tfm), |
376 | aalg_desc->uinfo.auth.icv_fullbits/8); | 387 | aalg_desc->uinfo.auth.icv_fullbits/8); |
377 | goto error; | 388 | goto error; |
378 | } | 389 | } |
@@ -396,7 +407,7 @@ static int ah6_init_state(struct xfrm_state *x) | |||
396 | error: | 407 | error: |
397 | if (ahp) { | 408 | if (ahp) { |
398 | kfree(ahp->work_icv); | 409 | kfree(ahp->work_icv); |
399 | crypto_free_tfm(ahp->tfm); | 410 | crypto_free_hash(ahp->tfm); |
400 | kfree(ahp); | 411 | kfree(ahp); |
401 | } | 412 | } |
402 | return -EINVAL; | 413 | return -EINVAL; |
@@ -411,7 +422,7 @@ static void ah6_destroy(struct xfrm_state *x) | |||
411 | 422 | ||
412 | kfree(ahp->work_icv); | 423 | kfree(ahp->work_icv); |
413 | ahp->work_icv = NULL; | 424 | ahp->work_icv = NULL; |
414 | crypto_free_tfm(ahp->tfm); | 425 | crypto_free_hash(ahp->tfm); |
415 | ahp->tfm = NULL; | 426 | ahp->tfm = NULL; |
416 | kfree(ahp); | 427 | kfree(ahp); |
417 | } | 428 | } |
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 99a6eb23378b..3b55b4c8e2d1 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c | |||
@@ -696,7 +696,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, | |||
696 | } | 696 | } |
697 | 697 | ||
698 | tc = *(int *)CMSG_DATA(cmsg); | 698 | tc = *(int *)CMSG_DATA(cmsg); |
699 | if (tc < 0 || tc > 0xff) | 699 | if (tc < -1 || tc > 0xff) |
700 | goto exit_f; | 700 | goto exit_f; |
701 | 701 | ||
702 | err = 0; | 702 | err = 0; |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index a278d5e862fe..2ebfd281e721 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -24,6 +24,7 @@ | |||
24 | * This file is derived from net/ipv4/esp.c | 24 | * This file is derived from net/ipv4/esp.c |
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include <linux/err.h> | ||
27 | #include <linux/module.h> | 28 | #include <linux/module.h> |
28 | #include <net/ip.h> | 29 | #include <net/ip.h> |
29 | #include <net/xfrm.h> | 30 | #include <net/xfrm.h> |
@@ -44,7 +45,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
44 | int hdr_len; | 45 | int hdr_len; |
45 | struct ipv6hdr *top_iph; | 46 | struct ipv6hdr *top_iph; |
46 | struct ipv6_esp_hdr *esph; | 47 | struct ipv6_esp_hdr *esph; |
47 | struct crypto_tfm *tfm; | 48 | struct crypto_blkcipher *tfm; |
49 | struct blkcipher_desc desc; | ||
48 | struct esp_data *esp; | 50 | struct esp_data *esp; |
49 | struct sk_buff *trailer; | 51 | struct sk_buff *trailer; |
50 | int blksize; | 52 | int blksize; |
@@ -67,7 +69,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
67 | 69 | ||
68 | alen = esp->auth.icv_trunc_len; | 70 | alen = esp->auth.icv_trunc_len; |
69 | tfm = esp->conf.tfm; | 71 | tfm = esp->conf.tfm; |
70 | blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); | 72 | desc.tfm = tfm; |
73 | desc.flags = 0; | ||
74 | blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); | ||
71 | clen = ALIGN(clen + 2, blksize); | 75 | clen = ALIGN(clen + 2, blksize); |
72 | if (esp->conf.padlen) | 76 | if (esp->conf.padlen) |
73 | clen = ALIGN(clen, esp->conf.padlen); | 77 | clen = ALIGN(clen, esp->conf.padlen); |
@@ -96,7 +100,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
96 | xfrm_aevent_doreplay(x); | 100 | xfrm_aevent_doreplay(x); |
97 | 101 | ||
98 | if (esp->conf.ivlen) | 102 | if (esp->conf.ivlen) |
99 | crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 103 | crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
100 | 104 | ||
101 | do { | 105 | do { |
102 | struct scatterlist *sg = &esp->sgbuf[0]; | 106 | struct scatterlist *sg = &esp->sgbuf[0]; |
@@ -107,24 +111,25 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
107 | goto error; | 111 | goto error; |
108 | } | 112 | } |
109 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); | 113 | skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); |
110 | crypto_cipher_encrypt(tfm, sg, sg, clen); | 114 | err = crypto_blkcipher_encrypt(&desc, sg, sg, clen); |
111 | if (unlikely(sg != &esp->sgbuf[0])) | 115 | if (unlikely(sg != &esp->sgbuf[0])) |
112 | kfree(sg); | 116 | kfree(sg); |
113 | } while (0); | 117 | } while (0); |
114 | 118 | ||
119 | if (unlikely(err)) | ||
120 | goto error; | ||
121 | |||
115 | if (esp->conf.ivlen) { | 122 | if (esp->conf.ivlen) { |
116 | memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 123 | memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen); |
117 | crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm)); | 124 | crypto_blkcipher_get_iv(tfm, esp->conf.ivec, esp->conf.ivlen); |
118 | } | 125 | } |
119 | 126 | ||
120 | if (esp->auth.icv_full_len) { | 127 | if (esp->auth.icv_full_len) { |
121 | esp->auth.icv(esp, skb, (u8*)esph-skb->data, | 128 | err = esp_mac_digest(esp, skb, (u8 *)esph - skb->data, |
122 | sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen+clen, trailer->tail); | 129 | sizeof(*esph) + esp->conf.ivlen + clen); |
123 | pskb_put(skb, trailer, alen); | 130 | memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen); |
124 | } | 131 | } |
125 | 132 | ||
126 | err = 0; | ||
127 | |||
128 | error: | 133 | error: |
129 | return err; | 134 | return err; |
130 | } | 135 | } |
@@ -134,8 +139,10 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
134 | struct ipv6hdr *iph; | 139 | struct ipv6hdr *iph; |
135 | struct ipv6_esp_hdr *esph; | 140 | struct ipv6_esp_hdr *esph; |
136 | struct esp_data *esp = x->data; | 141 | struct esp_data *esp = x->data; |
142 | struct crypto_blkcipher *tfm = esp->conf.tfm; | ||
143 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
137 | struct sk_buff *trailer; | 144 | struct sk_buff *trailer; |
138 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 145 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); |
139 | int alen = esp->auth.icv_trunc_len; | 146 | int alen = esp->auth.icv_trunc_len; |
140 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; | 147 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; |
141 | 148 | ||
@@ -155,15 +162,16 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
155 | 162 | ||
156 | /* If integrity check is required, do this. */ | 163 | /* If integrity check is required, do this. */ |
157 | if (esp->auth.icv_full_len) { | 164 | if (esp->auth.icv_full_len) { |
158 | u8 sum[esp->auth.icv_full_len]; | 165 | u8 sum[alen]; |
159 | u8 sum1[alen]; | ||
160 | 166 | ||
161 | esp->auth.icv(esp, skb, 0, skb->len-alen, sum); | 167 | ret = esp_mac_digest(esp, skb, 0, skb->len - alen); |
168 | if (ret) | ||
169 | goto out; | ||
162 | 170 | ||
163 | if (skb_copy_bits(skb, skb->len-alen, sum1, alen)) | 171 | if (skb_copy_bits(skb, skb->len - alen, sum, alen)) |
164 | BUG(); | 172 | BUG(); |
165 | 173 | ||
166 | if (unlikely(memcmp(sum, sum1, alen))) { | 174 | if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) { |
167 | x->stats.integrity_failed++; | 175 | x->stats.integrity_failed++; |
168 | ret = -EINVAL; | 176 | ret = -EINVAL; |
169 | goto out; | 177 | goto out; |
@@ -182,7 +190,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
182 | 190 | ||
183 | /* Get ivec. This can be wrong, check against another impls. */ | 191 | /* Get ivec. This can be wrong, check against another impls. */ |
184 | if (esp->conf.ivlen) | 192 | if (esp->conf.ivlen) |
185 | crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); | 193 | crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen); |
186 | 194 | ||
187 | { | 195 | { |
188 | u8 nexthdr[2]; | 196 | u8 nexthdr[2]; |
@@ -197,9 +205,11 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
197 | } | 205 | } |
198 | } | 206 | } |
199 | skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); | 207 | skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); |
200 | crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); | 208 | ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen); |
201 | if (unlikely(sg != &esp->sgbuf[0])) | 209 | if (unlikely(sg != &esp->sgbuf[0])) |
202 | kfree(sg); | 210 | kfree(sg); |
211 | if (unlikely(ret)) | ||
212 | goto out; | ||
203 | 213 | ||
204 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) | 214 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) |
205 | BUG(); | 215 | BUG(); |
@@ -225,7 +235,7 @@ out: | |||
225 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) | 235 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) |
226 | { | 236 | { |
227 | struct esp_data *esp = x->data; | 237 | struct esp_data *esp = x->data; |
228 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); | 238 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); |
229 | 239 | ||
230 | if (x->props.mode) { | 240 | if (x->props.mode) { |
231 | mtu = ALIGN(mtu + 2, blksize); | 241 | mtu = ALIGN(mtu + 2, blksize); |
@@ -266,11 +276,11 @@ static void esp6_destroy(struct xfrm_state *x) | |||
266 | if (!esp) | 276 | if (!esp) |
267 | return; | 277 | return; |
268 | 278 | ||
269 | crypto_free_tfm(esp->conf.tfm); | 279 | crypto_free_blkcipher(esp->conf.tfm); |
270 | esp->conf.tfm = NULL; | 280 | esp->conf.tfm = NULL; |
271 | kfree(esp->conf.ivec); | 281 | kfree(esp->conf.ivec); |
272 | esp->conf.ivec = NULL; | 282 | esp->conf.ivec = NULL; |
273 | crypto_free_tfm(esp->auth.tfm); | 283 | crypto_free_hash(esp->auth.tfm); |
274 | esp->auth.tfm = NULL; | 284 | esp->auth.tfm = NULL; |
275 | kfree(esp->auth.work_icv); | 285 | kfree(esp->auth.work_icv); |
276 | esp->auth.work_icv = NULL; | 286 | esp->auth.work_icv = NULL; |
@@ -280,6 +290,7 @@ static void esp6_destroy(struct xfrm_state *x) | |||
280 | static int esp6_init_state(struct xfrm_state *x) | 290 | static int esp6_init_state(struct xfrm_state *x) |
281 | { | 291 | { |
282 | struct esp_data *esp = NULL; | 292 | struct esp_data *esp = NULL; |
293 | struct crypto_blkcipher *tfm; | ||
283 | 294 | ||
284 | /* null auth and encryption can have zero length keys */ | 295 | /* null auth and encryption can have zero length keys */ |
285 | if (x->aalg) { | 296 | if (x->aalg) { |
@@ -298,24 +309,29 @@ static int esp6_init_state(struct xfrm_state *x) | |||
298 | 309 | ||
299 | if (x->aalg) { | 310 | if (x->aalg) { |
300 | struct xfrm_algo_desc *aalg_desc; | 311 | struct xfrm_algo_desc *aalg_desc; |
312 | struct crypto_hash *hash; | ||
301 | 313 | ||
302 | esp->auth.key = x->aalg->alg_key; | 314 | esp->auth.key = x->aalg->alg_key; |
303 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; | 315 | esp->auth.key_len = (x->aalg->alg_key_len+7)/8; |
304 | esp->auth.tfm = crypto_alloc_tfm(x->aalg->alg_name, 0); | 316 | hash = crypto_alloc_hash(x->aalg->alg_name, 0, |
305 | if (esp->auth.tfm == NULL) | 317 | CRYPTO_ALG_ASYNC); |
318 | if (IS_ERR(hash)) | ||
319 | goto error; | ||
320 | |||
321 | esp->auth.tfm = hash; | ||
322 | if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len)) | ||
306 | goto error; | 323 | goto error; |
307 | esp->auth.icv = esp_hmac_digest; | ||
308 | 324 | ||
309 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 325 | aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
310 | BUG_ON(!aalg_desc); | 326 | BUG_ON(!aalg_desc); |
311 | 327 | ||
312 | if (aalg_desc->uinfo.auth.icv_fullbits/8 != | 328 | if (aalg_desc->uinfo.auth.icv_fullbits/8 != |
313 | crypto_tfm_alg_digestsize(esp->auth.tfm)) { | 329 | crypto_hash_digestsize(hash)) { |
314 | printk(KERN_INFO "ESP: %s digestsize %u != %hu\n", | 330 | NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n", |
315 | x->aalg->alg_name, | 331 | x->aalg->alg_name, |
316 | crypto_tfm_alg_digestsize(esp->auth.tfm), | 332 | crypto_hash_digestsize(hash), |
317 | aalg_desc->uinfo.auth.icv_fullbits/8); | 333 | aalg_desc->uinfo.auth.icv_fullbits/8); |
318 | goto error; | 334 | goto error; |
319 | } | 335 | } |
320 | 336 | ||
321 | esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; | 337 | esp->auth.icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; |
@@ -327,13 +343,11 @@ static int esp6_init_state(struct xfrm_state *x) | |||
327 | } | 343 | } |
328 | esp->conf.key = x->ealg->alg_key; | 344 | esp->conf.key = x->ealg->alg_key; |
329 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; | 345 | esp->conf.key_len = (x->ealg->alg_key_len+7)/8; |
330 | if (x->props.ealgo == SADB_EALG_NULL) | 346 | tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC); |
331 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_ECB); | 347 | if (IS_ERR(tfm)) |
332 | else | ||
333 | esp->conf.tfm = crypto_alloc_tfm(x->ealg->alg_name, CRYPTO_TFM_MODE_CBC); | ||
334 | if (esp->conf.tfm == NULL) | ||
335 | goto error; | 348 | goto error; |
336 | esp->conf.ivlen = crypto_tfm_alg_ivsize(esp->conf.tfm); | 349 | esp->conf.tfm = tfm; |
350 | esp->conf.ivlen = crypto_blkcipher_ivsize(tfm); | ||
337 | esp->conf.padlen = 0; | 351 | esp->conf.padlen = 0; |
338 | if (esp->conf.ivlen) { | 352 | if (esp->conf.ivlen) { |
339 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); | 353 | esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL); |
@@ -341,7 +355,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
341 | goto error; | 355 | goto error; |
342 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); | 356 | get_random_bytes(esp->conf.ivec, esp->conf.ivlen); |
343 | } | 357 | } |
344 | if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) | 358 | if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) |
345 | goto error; | 359 | goto error; |
346 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; | 360 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; |
347 | if (x->props.mode) | 361 | if (x->props.mode) |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 3d6e9a351150..356a8a7ef22a 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -401,7 +401,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, | |||
401 | if (hlimit < 0) | 401 | if (hlimit < 0) |
402 | hlimit = ipv6_get_hoplimit(dst->dev); | 402 | hlimit = ipv6_get_hoplimit(dst->dev); |
403 | 403 | ||
404 | tclass = np->cork.tclass; | 404 | tclass = np->tclass; |
405 | if (tclass < 0) | 405 | if (tclass < 0) |
406 | tclass = 0; | 406 | tclass = 0; |
407 | 407 | ||
@@ -497,7 +497,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb) | |||
497 | if (hlimit < 0) | 497 | if (hlimit < 0) |
498 | hlimit = ipv6_get_hoplimit(dst->dev); | 498 | hlimit = ipv6_get_hoplimit(dst->dev); |
499 | 499 | ||
500 | tclass = np->cork.tclass; | 500 | tclass = np->tclass; |
501 | if (tclass < 0) | 501 | if (tclass < 0) |
502 | tclass = 0; | 502 | tclass = 0; |
503 | 503 | ||
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 7e4d1c17bfbc..a81e9e9d93bd 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c | |||
@@ -53,7 +53,7 @@ | |||
53 | 53 | ||
54 | struct ipcomp6_tfms { | 54 | struct ipcomp6_tfms { |
55 | struct list_head list; | 55 | struct list_head list; |
56 | struct crypto_tfm **tfms; | 56 | struct crypto_comp **tfms; |
57 | int users; | 57 | int users; |
58 | }; | 58 | }; |
59 | 59 | ||
@@ -70,7 +70,7 @@ static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
70 | int plen, dlen; | 70 | int plen, dlen; |
71 | struct ipcomp_data *ipcd = x->data; | 71 | struct ipcomp_data *ipcd = x->data; |
72 | u8 *start, *scratch; | 72 | u8 *start, *scratch; |
73 | struct crypto_tfm *tfm; | 73 | struct crypto_comp *tfm; |
74 | int cpu; | 74 | int cpu; |
75 | 75 | ||
76 | if (skb_linearize_cow(skb)) | 76 | if (skb_linearize_cow(skb)) |
@@ -129,7 +129,7 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
129 | struct ipcomp_data *ipcd = x->data; | 129 | struct ipcomp_data *ipcd = x->data; |
130 | int plen, dlen; | 130 | int plen, dlen; |
131 | u8 *start, *scratch; | 131 | u8 *start, *scratch; |
132 | struct crypto_tfm *tfm; | 132 | struct crypto_comp *tfm; |
133 | int cpu; | 133 | int cpu; |
134 | 134 | ||
135 | hdr_len = skb->h.raw - skb->data; | 135 | hdr_len = skb->h.raw - skb->data; |
@@ -301,7 +301,7 @@ static void **ipcomp6_alloc_scratches(void) | |||
301 | return scratches; | 301 | return scratches; |
302 | } | 302 | } |
303 | 303 | ||
304 | static void ipcomp6_free_tfms(struct crypto_tfm **tfms) | 304 | static void ipcomp6_free_tfms(struct crypto_comp **tfms) |
305 | { | 305 | { |
306 | struct ipcomp6_tfms *pos; | 306 | struct ipcomp6_tfms *pos; |
307 | int cpu; | 307 | int cpu; |
@@ -323,28 +323,28 @@ static void ipcomp6_free_tfms(struct crypto_tfm **tfms) | |||
323 | return; | 323 | return; |
324 | 324 | ||
325 | for_each_possible_cpu(cpu) { | 325 | for_each_possible_cpu(cpu) { |
326 | struct crypto_tfm *tfm = *per_cpu_ptr(tfms, cpu); | 326 | struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu); |
327 | crypto_free_tfm(tfm); | 327 | crypto_free_comp(tfm); |
328 | } | 328 | } |
329 | free_percpu(tfms); | 329 | free_percpu(tfms); |
330 | } | 330 | } |
331 | 331 | ||
332 | static struct crypto_tfm **ipcomp6_alloc_tfms(const char *alg_name) | 332 | static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name) |
333 | { | 333 | { |
334 | struct ipcomp6_tfms *pos; | 334 | struct ipcomp6_tfms *pos; |
335 | struct crypto_tfm **tfms; | 335 | struct crypto_comp **tfms; |
336 | int cpu; | 336 | int cpu; |
337 | 337 | ||
338 | /* This can be any valid CPU ID so we don't need locking. */ | 338 | /* This can be any valid CPU ID so we don't need locking. */ |
339 | cpu = raw_smp_processor_id(); | 339 | cpu = raw_smp_processor_id(); |
340 | 340 | ||
341 | list_for_each_entry(pos, &ipcomp6_tfms_list, list) { | 341 | list_for_each_entry(pos, &ipcomp6_tfms_list, list) { |
342 | struct crypto_tfm *tfm; | 342 | struct crypto_comp *tfm; |
343 | 343 | ||
344 | tfms = pos->tfms; | 344 | tfms = pos->tfms; |
345 | tfm = *per_cpu_ptr(tfms, cpu); | 345 | tfm = *per_cpu_ptr(tfms, cpu); |
346 | 346 | ||
347 | if (!strcmp(crypto_tfm_alg_name(tfm), alg_name)) { | 347 | if (!strcmp(crypto_comp_name(tfm), alg_name)) { |
348 | pos->users++; | 348 | pos->users++; |
349 | return tfms; | 349 | return tfms; |
350 | } | 350 | } |
@@ -358,12 +358,13 @@ static struct crypto_tfm **ipcomp6_alloc_tfms(const char *alg_name) | |||
358 | INIT_LIST_HEAD(&pos->list); | 358 | INIT_LIST_HEAD(&pos->list); |
359 | list_add(&pos->list, &ipcomp6_tfms_list); | 359 | list_add(&pos->list, &ipcomp6_tfms_list); |
360 | 360 | ||
361 | pos->tfms = tfms = alloc_percpu(struct crypto_tfm *); | 361 | pos->tfms = tfms = alloc_percpu(struct crypto_comp *); |
362 | if (!tfms) | 362 | if (!tfms) |
363 | goto error; | 363 | goto error; |
364 | 364 | ||
365 | for_each_possible_cpu(cpu) { | 365 | for_each_possible_cpu(cpu) { |
366 | struct crypto_tfm *tfm = crypto_alloc_tfm(alg_name, 0); | 366 | struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0, |
367 | CRYPTO_ALG_ASYNC); | ||
367 | if (!tfm) | 368 | if (!tfm) |
368 | goto error; | 369 | goto error; |
369 | *per_cpu_ptr(tfms, cpu) = tfm; | 370 | *per_cpu_ptr(tfms, cpu) = tfm; |
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 43327264e69c..a5eaaf693abf 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c | |||
@@ -362,7 +362,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, | |||
362 | break; | 362 | break; |
363 | 363 | ||
364 | case IPV6_TCLASS: | 364 | case IPV6_TCLASS: |
365 | if (val < 0 || val > 0xff) | 365 | if (val < -1 || val > 0xff) |
366 | goto e_inval; | 366 | goto e_inval; |
367 | np->tclass = val; | 367 | np->tclass = val; |
368 | retv = 0; | 368 | retv = 0; |
@@ -947,6 +947,8 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, | |||
947 | 947 | ||
948 | case IPV6_TCLASS: | 948 | case IPV6_TCLASS: |
949 | val = np->tclass; | 949 | val = np->tclass; |
950 | if (val < 0) | ||
951 | val = 0; | ||
950 | break; | 952 | break; |
951 | 953 | ||
952 | case IPV6_RECVTCLASS: | 954 | case IPV6_RECVTCLASS: |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index d57e61ce4a7d..15b862d8acab 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
@@ -781,7 +781,7 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, | |||
781 | } | 781 | } |
782 | 782 | ||
783 | if (tclass < 0) { | 783 | if (tclass < 0) { |
784 | tclass = np->cork.tclass; | 784 | tclass = np->tclass; |
785 | if (tclass < 0) | 785 | if (tclass < 0) |
786 | tclass = 0; | 786 | tclass = 0; |
787 | } | 787 | } |