tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ipsec: Remove obsolete MAX_AH_AUTH_LEN

While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.

In fact it seems that we've already done all the work needed
to remove it apart from actually removing it. This limit was
there in order to limit stack usage. Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.

This patch kills all references to it, including the BUG_ONs
that led me here.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Herbert Xu and committed by
Steffen Klassert 689f1c9d 880a6fab

+1 -9
-3
include/net/ah.h
··· 3 3 4 4 #include <linux/skbuff.h> 5 5 6 - /* This is the maximum truncated ICV length that we know of. */ 7 - #define MAX_AH_AUTH_LEN 64 8 - 9 6 struct crypto_ahash; 10 7 11 8 struct ah_data {
-2
net/ipv4/ah4.c
··· 505 505 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 506 506 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; 507 507 508 - BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); 509 - 510 508 if (x->props.flags & XFRM_STATE_ALIGN4) 511 509 x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + 512 510 ahp->icv_trunc_len);
-2
net/ipv6/ah6.c
··· 713 713 ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; 714 714 ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; 715 715 716 - BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); 717 - 718 716 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + 719 717 ahp->icv_trunc_len); 720 718 switch (x->props.mode) {
+1 -2
net/xfrm/xfrm_user.c
··· 333 333 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 334 334 if (!algo) 335 335 return -ENOSYS; 336 - if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || 337 - ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 336 + if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 338 337 return -EINVAL; 339 338 *props = algo->desc.sadb_alg_id; 340 339