[IPSEC] esp: Remove keys from esp_data structure (4b7137ff) · Commits · e / devices / android_kernel_xiaomi_markw

include/net/esp.h

+0 −7

Original line number	Diff line number	Diff line
		@@ -13,8 +13,6 @@ struct esp_data

		/* Confidentiality */
		struct {
		u8 key; / Key */
		int key_len; /* Key length */
		int padlen; /* 0..255 */
		/* ivlen is offset from enc_data, where encrypted data start.
		* It is logically different of crypto_tfm_alg_ivsize(tfm).
		@@ -28,14 +26,9 @@ struct esp_data

		/* Integrity. It is active when icv_full_len != 0 */
		struct {
		u8 key; / Key */
		int key_len; /* Length of the key */
		u8 *work_icv;
		int icv_full_len;
		int icv_trunc_len;
		void (icv)(struct esp_data,
		struct sk_buff *skb,
		int offset, int len, u8 *icv);
		struct crypto_hash *tfm;
		} auth;
		};

+5 −11

Original line number	Diff line number	Diff line
		@@ -343,11 +343,6 @@ static int esp_init_state(struct xfrm_state *x)
		struct crypto_blkcipher *tfm;
		u32 align;

		/* null auth and encryption can have zero length keys */
		if (x->aalg) {
		if (x->aalg->alg_key_len > 512)
		goto error;
		}
		if (x->ealg == NULL)
		goto error;

		@@ -359,15 +354,14 @@ static int esp_init_state(struct xfrm_state *x)
		struct xfrm_algo_desc *aalg_desc;
		struct crypto_hash *hash;

		esp->auth.key = x->aalg->alg_key;
		esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
		hash = crypto_alloc_hash(x->aalg->alg_name, 0,
		CRYPTO_ALG_ASYNC);
		if (IS_ERR(hash))
		goto error;

		esp->auth.tfm = hash;
		if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
		if (crypto_hash_setkey(hash, x->aalg->alg_key,
		(x->aalg->alg_key_len + 7) / 8))
		goto error;

		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
		@@ -389,8 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
		if (!esp->auth.work_icv)
		goto error;
		}
		esp->conf.key = x->ealg->alg_key;
		esp->conf.key_len = (x->ealg->alg_key_len+7)/8;

		tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
		if (IS_ERR(tfm))
		goto error;
		@@ -403,7 +396,8 @@ static int esp_init_state(struct xfrm_state *x)
		goto error;
		esp->conf.ivinitted = 0;
		}
		if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
		if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
		(x->ealg->alg_key_len + 7) / 8))
		goto error;
		x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
		if (x->props.mode == XFRM_MODE_TUNNEL)

+4 −11

Original line number	Diff line number	Diff line
		@@ -297,11 +297,6 @@ static int esp6_init_state(struct xfrm_state *x)
		struct esp_data *esp = NULL;
		struct crypto_blkcipher *tfm;

		/* null auth and encryption can have zero length keys */
		if (x->aalg) {
		if (x->aalg->alg_key_len > 512)
		goto error;
		}
		if (x->ealg == NULL)
		goto error;

		@@ -316,15 +311,14 @@ static int esp6_init_state(struct xfrm_state *x)
		struct xfrm_algo_desc *aalg_desc;
		struct crypto_hash *hash;

		esp->auth.key = x->aalg->alg_key;
		esp->auth.key_len = (x->aalg->alg_key_len+7)/8;
		hash = crypto_alloc_hash(x->aalg->alg_name, 0,
		CRYPTO_ALG_ASYNC);
		if (IS_ERR(hash))
		goto error;

		esp->auth.tfm = hash;
		if (crypto_hash_setkey(hash, esp->auth.key, esp->auth.key_len))
		if (crypto_hash_setkey(hash, x->aalg->alg_key,
		(x->aalg->alg_key_len + 7) / 8))
		goto error;

		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
		@@ -346,8 +340,6 @@ static int esp6_init_state(struct xfrm_state *x)
		if (!esp->auth.work_icv)
		goto error;
		}
		esp->conf.key = x->ealg->alg_key;
		esp->conf.key_len = (x->ealg->alg_key_len+7)/8;
		tfm = crypto_alloc_blkcipher(x->ealg->alg_name, 0, CRYPTO_ALG_ASYNC);
		if (IS_ERR(tfm))
		goto error;
		@@ -360,7 +352,8 @@ static int esp6_init_state(struct xfrm_state *x)
		goto error;
		esp->conf.ivinitted = 0;
		}
		if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
		if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key,
		(x->ealg->alg_key_len + 7) / 8))
		goto error;
		x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
		if (x->props.mode == XFRM_MODE_TUNNEL)