]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commitdiff
ipsec: Remove obsolete MAX_AH_AUTH_LEN
authorHerbert Xu <herbert@gondor.apana.org.au>
Thu, 18 Sep 2014 08:38:18 +0000 (16:38 +0800)
committerSteffen Klassert <steffen.klassert@secunet.com>
Thu, 18 Sep 2014 08:54:36 +0000 (10:54 +0200)
While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.

In fact it seems that we've already done all the work needed
to remove it apart from actually removing it.  This limit was
there in order to limit stack usage.  Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.

This patch kills all references to it, including the BUG_ONs
that led me here.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
include/net/ah.h
net/ipv4/ah4.c
net/ipv6/ah6.c
net/xfrm/xfrm_user.c

index ca95b98969ddf21860590e8252f7ad8a53f690b4..4e2dfa474a7e6e8deaeb56ec2a9115345141ac58 100644 (file)
@@ -3,9 +3,6 @@
 
 #include <linux/skbuff.h>
 
-/* This is the maximum truncated ICV length that we know of. */
-#define MAX_AH_AUTH_LEN        64
-
 struct crypto_ahash;
 
 struct ah_data {
index a2afa89513a06d43ecdac6033dfcf89c16ea8ffc..ac9a32ec3ee465a3ad59798dae19d3a307e77cd4 100644 (file)
@@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x)
        ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
        ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
 
-       BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
-
        if (x->props.flags & XFRM_STATE_ALIGN4)
                x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) +
                                                  ahp->icv_trunc_len);
index fcffd4e522c88276620cd52c56bbc574b159146f..6d16eb0e0c7f938822de68bd57674665dcdcbddf 100644 (file)
@@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x)
        ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
        ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;
 
-       BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
-
        x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
                                          ahp->icv_trunc_len);
        switch (x->props.mode) {
index eaf8a8f1cbe872159401e251f7df6ad67367a3df..e812e988c111b7d83b4e52321f394aabc9a69036 100644 (file)
@@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
        algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
        if (!algo)
                return -ENOSYS;
-       if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN ||
-           ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
+       if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
                return -EINVAL;
        *props = algo->desc.sadb_alg_id;