Commit 689f1c9d authored by Herbert Xu's avatar Herbert Xu Committed by Steffen Klassert

ipsec: Remove obsolete MAX_AH_AUTH_LEN

While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.

In fact it seems that we've already done all the work needed
to remove it apart from actually removing it.  This limit was
there in order to limit stack usage.  Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.

This patch kills all references to it, including the BUG_ONs
that led me here.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 880a6fab
...@@ -3,9 +3,6 @@ ...@@ -3,9 +3,6 @@
#include <linux/skbuff.h> #include <linux/skbuff.h>
/* This is the maximum truncated ICV length that we know of. */
#define MAX_AH_AUTH_LEN 64
struct crypto_ahash; struct crypto_ahash;
struct ah_data { struct ah_data {
......
...@@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x) ...@@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x)
ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
if (x->props.flags & XFRM_STATE_ALIGN4) if (x->props.flags & XFRM_STATE_ALIGN4)
x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) +
ahp->icv_trunc_len); ahp->icv_trunc_len);
......
...@@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x) ...@@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x)
ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
ahp->icv_trunc_len); ahp->icv_trunc_len);
switch (x->props.mode) { switch (x->props.mode) {
......
...@@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, ...@@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
algo = xfrm_aalg_get_byname(ualg->alg_name, 1); algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
if (!algo) if (!algo)
return -ENOSYS; return -ENOSYS;
if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
return -EINVAL; return -EINVAL;
*props = algo->desc.sadb_alg_id; *props = algo->desc.sadb_alg_id;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment