Commit 9b48295e authored by Hideaki Yoshifuji's avatar Hideaki Yoshifuji Committed by David S. Miller

[IPSEC]: Use of "sizeof" for header sizes, part II

parent 144894bc
...@@ -188,13 +188,13 @@ struct ip_auth_hdr { ...@@ -188,13 +188,13 @@ struct ip_auth_hdr {
__u16 reserved; __u16 reserved;
__u32 spi; __u32 spi;
__u32 seq_no; /* Sequence number */ __u32 seq_no; /* Sequence number */
__u8 auth_data[4]; /* Variable len but >=4. Mind the 64 bit alignment! */ __u8 auth_data[0]; /* Variable len but >=4. Mind the 64 bit alignment! */
}; };
struct ip_esp_hdr { struct ip_esp_hdr {
__u32 spi; __u32 spi;
__u32 seq_no; /* Sequence number */ __u32 seq_no; /* Sequence number */
__u8 enc_data[8]; /* Variable len but >=8. Mind the 64 bit alignment! */ __u8 enc_data[0]; /* Variable len but >=8. Mind the 64 bit alignment! */
}; };
#endif /* _LINUX_IP_H */ #endif /* _LINUX_IP_H */
...@@ -80,13 +80,13 @@ struct ipv6_auth_hdr { ...@@ -80,13 +80,13 @@ struct ipv6_auth_hdr {
__u16 reserved; __u16 reserved;
__u32 spi; __u32 spi;
__u32 seq_no; /* Sequence number */ __u32 seq_no; /* Sequence number */
__u8 auth_data[4]; /* Length variable but >=4. Mind the 64 bit alignment! */ __u8 auth_data[0]; /* Length variable but >=4. Mind the 64 bit alignment! */
}; };
struct ipv6_esp_hdr { struct ipv6_esp_hdr {
__u32 spi; __u32 spi;
__u32 seq_no; /* Sequence number */ __u32 seq_no; /* Sequence number */
__u8 enc_data[8]; /* Length variable but >=8. Mind the 64 bit alignment! */ __u8 enc_data[0]; /* Length variable but >=8. Mind the 64 bit alignment! */
}; };
/* /*
......
...@@ -9,8 +9,6 @@ ...@@ -9,8 +9,6 @@
#include <asm/scatterlist.h> #include <asm/scatterlist.h>
#define AH_HLEN_NOICV 12
/* Clear mutable options and find final destination to substitute /* Clear mutable options and find final destination to substitute
* into IP header for icv calculation. Options are already checked * into IP header for icv calculation. Options are already checked
* for validity, so paranoia is not required. */ * for validity, so paranoia is not required. */
...@@ -116,8 +114,8 @@ static int ah_output(struct sk_buff *skb) ...@@ -116,8 +114,8 @@ static int ah_output(struct sk_buff *skb)
ah->nexthdr = iph->protocol; ah->nexthdr = iph->protocol;
} }
ahp = x->data; ahp = x->data;
ah->hdrlen = (XFRM_ALIGN8(ahp->icv_trunc_len + ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
AH_HLEN_NOICV) >> 2) - 2; ahp->icv_trunc_len) >> 2) - 2;
ah->reserved = 0; ah->reserved = 0;
ah->spi = x->id.spi; ah->spi = x->id.spi;
...@@ -169,8 +167,8 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -169,8 +167,8 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
ahp = x->data; ahp = x->data;
ah_hlen = (ah->hdrlen + 2) << 2; ah_hlen = (ah->hdrlen + 2) << 2;
if (ah_hlen != XFRM_ALIGN8(ahp->icv_full_len + AH_HLEN_NOICV) && if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
ah_hlen != XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV)) ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
goto out; goto out;
if (!pskb_may_pull(skb, ah_hlen)) if (!pskb_may_pull(skb, ah_hlen))
...@@ -286,7 +284,7 @@ static int ah_init_state(struct xfrm_state *x, void *args) ...@@ -286,7 +284,7 @@ static int ah_init_state(struct xfrm_state *x, void *args)
if (!ahp->work_icv) if (!ahp->work_icv)
goto error; goto error;
x->props.header_len = XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV); x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
if (x->props.mode) if (x->props.mode)
x->props.header_len += sizeof(struct iphdr); x->props.header_len += sizeof(struct iphdr);
x->data = ahp; x->data = ahp;
......
...@@ -134,7 +134,7 @@ int esp_output(struct sk_buff *skb) ...@@ -134,7 +134,7 @@ int esp_output(struct sk_buff *skb)
if (esp->auth.icv_full_len) { if (esp->auth.icv_full_len) {
esp->auth.icv(esp, skb, (u8*)esph-skb->data, esp->auth.icv(esp, skb, (u8*)esph-skb->data,
8+esp->conf.ivlen+clen, trailer->tail); sizeof(struct ip_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);
pskb_put(skb, trailer, alen); pskb_put(skb, trailer, alen);
} }
...@@ -171,7 +171,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -171,7 +171,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
struct sk_buff *trailer; struct sk_buff *trailer;
int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm);
int alen = esp->auth.icv_trunc_len; int alen = esp->auth.icv_trunc_len;
int elen = skb->len - 8 - esp->conf.ivlen - alen; int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
int nfrags; int nfrags;
if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
...@@ -220,7 +220,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -220,7 +220,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
if (!sg) if (!sg)
goto out; goto out;
} }
skb_to_sgvec(skb, sg, 8+esp->conf.ivlen, elen); skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
if (unlikely(sg != sgbuf)) if (unlikely(sg != sgbuf))
kfree(sg); kfree(sg);
...@@ -237,8 +237,8 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -237,8 +237,8 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
iph->protocol = nexthdr[1]; iph->protocol = nexthdr[1];
pskb_trim(skb, skb->len - alen - padlen - 2); pskb_trim(skb, skb->len - alen - padlen - 2);
memcpy(workbuf, skb->nh.raw, iph->ihl*4); memcpy(workbuf, skb->nh.raw, iph->ihl*4);
skb->h.raw = skb_pull(skb, 8 + esp->conf.ivlen); skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen);
skb->nh.raw += 8 + esp->conf.ivlen; skb->nh.raw += sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
memcpy(skb->nh.raw, workbuf, iph->ihl*4); memcpy(skb->nh.raw, workbuf, iph->ihl*4);
skb->nh.iph->tot_len = htons(skb->len); skb->nh.iph->tot_len = htons(skb->len);
} }
...@@ -365,7 +365,7 @@ int esp_init_state(struct xfrm_state *x, void *args) ...@@ -365,7 +365,7 @@ int esp_init_state(struct xfrm_state *x, void *args)
get_random_bytes(esp->conf.ivec, esp->conf.ivlen); get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
} }
crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len); crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
x->props.header_len = 8 + esp->conf.ivlen; x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
if (x->props.mode) if (x->props.mode)
x->props.header_len += sizeof(struct iphdr); x->props.header_len += sizeof(struct iphdr);
x->data = esp; x->data = esp;
......
...@@ -36,8 +36,6 @@ ...@@ -36,8 +36,6 @@
#include <net/xfrm.h> #include <net/xfrm.h>
#include <asm/scatterlist.h> #include <asm/scatterlist.h>
#define AH_HLEN_NOICV 12
/* XXX no ipv6 ah specific */ /* XXX no ipv6 ah specific */
#define NIP6(addr) \ #define NIP6(addr) \
ntohs((addr).s6_addr16[0]),\ ntohs((addr).s6_addr16[0]),\
...@@ -110,8 +108,8 @@ int ah6_output(struct sk_buff *skb) ...@@ -110,8 +108,8 @@ int ah6_output(struct sk_buff *skb)
skb->nh.ipv6h->hop_limit = 0; skb->nh.ipv6h->hop_limit = 0;
ahp = x->data; ahp = x->data;
ah->hdrlen = (XFRM_ALIGN8(ahp->icv_trunc_len + ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) +
AH_HLEN_NOICV) >> 2) - 2; ahp->icv_trunc_len) >> 2) - 2;
ah->reserved = 0; ah->reserved = 0;
ah->spi = x->id.spi; ah->spi = x->id.spi;
...@@ -165,8 +163,8 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -165,8 +163,8 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
ahp = x->data; ahp = x->data;
ah_hlen = (ah->hdrlen + 2) << 2; ah_hlen = (ah->hdrlen + 2) << 2;
if (ah_hlen != XFRM_ALIGN8(ahp->icv_full_len + AH_HLEN_NOICV) && if (ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_full_len) &&
ah_hlen != XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV)) ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len))
goto out; goto out;
if (!pskb_may_pull(skb, ah_hlen)) if (!pskb_may_pull(skb, ah_hlen))
...@@ -285,7 +283,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args) ...@@ -285,7 +283,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
if (!ahp->work_icv) if (!ahp->work_icv)
goto error; goto error;
x->props.header_len = XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV); x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);
if (x->props.mode) if (x->props.mode)
x->props.header_len += sizeof(struct ipv6hdr); x->props.header_len += sizeof(struct ipv6hdr);
x->data = ahp; x->data = ahp;
......
...@@ -232,7 +232,7 @@ int esp6_output(struct sk_buff *skb) ...@@ -232,7 +232,7 @@ int esp6_output(struct sk_buff *skb)
if (esp->auth.icv_full_len) { if (esp->auth.icv_full_len) {
esp->auth.icv(esp, skb, (u8*)esph-skb->data, esp->auth.icv(esp, skb, (u8*)esph-skb->data,
8+esp->conf.ivlen+clen, trailer->tail); sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);
pskb_put(skb, trailer, alen); pskb_put(skb, trailer, alen);
} }
...@@ -262,7 +262,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -262,7 +262,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
struct sk_buff *trailer; struct sk_buff *trailer;
int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm);
int alen = esp->auth.icv_trunc_len; int alen = esp->auth.icv_trunc_len;
int elen = skb->len - 8 - esp->conf.ivlen - alen; int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen;
int hdr_len = skb->h.raw - skb->nh.raw; int hdr_len = skb->h.raw - skb->nh.raw;
int nfrags; int nfrags;
...@@ -319,7 +319,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -319,7 +319,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
if (!sg) if (!sg)
goto out; goto out;
} }
skb_to_sgvec(skb, sg, 8+esp->conf.ivlen, elen); skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen);
crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
if (unlikely(sg != sgbuf)) if (unlikely(sg != sgbuf))
kfree(sg); kfree(sg);
...@@ -338,8 +338,8 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -338,8 +338,8 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
ret_nexthdr = ((struct ipv6hdr*)tmp_hdr)->nexthdr = nexthdr[1]; ret_nexthdr = ((struct ipv6hdr*)tmp_hdr)->nexthdr = nexthdr[1];
pskb_trim(skb, skb->len - alen - padlen - 2); pskb_trim(skb, skb->len - alen - padlen - 2);
skb->h.raw = skb_pull(skb, 8 + esp->conf.ivlen); skb->h.raw = skb_pull(skb, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen);
skb->nh.raw += 8 + esp->conf.ivlen; skb->nh.raw += sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
memcpy(skb->nh.raw, tmp_hdr, hdr_len); memcpy(skb->nh.raw, tmp_hdr, hdr_len);
} }
kfree(tmp_hdr); kfree(tmp_hdr);
...@@ -466,7 +466,7 @@ int esp6_init_state(struct xfrm_state *x, void *args) ...@@ -466,7 +466,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
get_random_bytes(esp->conf.ivec, esp->conf.ivlen); get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
} }
crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len); crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
x->props.header_len = 8 + esp->conf.ivlen; x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
if (x->props.mode) if (x->props.mode)
x->props.header_len += sizeof(struct ipv6hdr); x->props.header_len += sizeof(struct ipv6hdr);
x->data = esp; x->data = esp;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment