[IPSEC] ah: Remove keys from ah_data structure
The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Herbert Xu
David S. Miller
Родитель
4b7137ff8f
Коммит
bc31d3b2c7
|
|
@ -9,8 +9,6 @@
|
||||||
|
|
||||||
struct ah_data
|
struct ah_data
|
||||||
{
|
{
|
||||||
u8 *key;
|
|
||||||
int key_len;
|
|
||||||
u8 *work_icv;
|
u8 *work_icv;
|
||||||
int icv_full_len;
|
int icv_full_len;
|
||||||
int icv_trunc_len;
|
int icv_trunc_len;
|
||||||
|
|
|
||||||
|
|
@ -219,10 +219,6 @@ static int ah_init_state(struct xfrm_state *x)
|
||||||
if (!x->aalg)
|
if (!x->aalg)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
/* null auth can use a zero length key */
|
|
||||||
if (x->aalg->alg_key_len > 512)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (x->encap)
|
if (x->encap)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
|
@ -230,14 +226,13 @@ static int ah_init_state(struct xfrm_state *x)
|
||||||
if (ahp == NULL)
|
if (ahp == NULL)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ahp->key = x->aalg->alg_key;
|
|
||||||
ahp->key_len = (x->aalg->alg_key_len+7)/8;
|
|
||||||
tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
||||||
if (IS_ERR(tfm))
|
if (IS_ERR(tfm))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
ahp->tfm = tfm;
|
ahp->tfm = tfm;
|
||||||
if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
|
if (crypto_hash_setkey(tfm, x->aalg->alg_key,
|
||||||
|
(x->aalg->alg_key_len + 7) / 8))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
|
|
@ -429,10 +429,6 @@ static int ah6_init_state(struct xfrm_state *x)
|
||||||
if (!x->aalg)
|
if (!x->aalg)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
/* null auth can use a zero length key */
|
|
||||||
if (x->aalg->alg_key_len > 512)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (x->encap)
|
if (x->encap)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
|
@ -440,14 +436,13 @@ static int ah6_init_state(struct xfrm_state *x)
|
||||||
if (ahp == NULL)
|
if (ahp == NULL)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ahp->key = x->aalg->alg_key;
|
|
||||||
ahp->key_len = (x->aalg->alg_key_len+7)/8;
|
|
||||||
tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
|
||||||
if (IS_ERR(tfm))
|
if (IS_ERR(tfm))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
ahp->tfm = tfm;
|
ahp->tfm = tfm;
|
||||||
if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
|
if (crypto_hash_setkey(tfm, x->aalg->alg_key,
|
||||||
|
(x->aalg->alg_key_len + 7) / 8))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче