netdev
[Top] [All Lists]

[PATCH][IPsec] fix process of error from crypto module

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [PATCH][IPsec] fix process of error from crypto module
From: MIYAZAWA Kazunori <kazunori@xxxxxxxxxxxx>
Date: Wed, 26 Jan 2005 19:10:20 +0900
Cc: netdev@xxxxxxxxxxx, usagi-core@xxxxxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: KMail/1.7.1
Hello,

This patch fixes the process under the case that the crypto module
returns error because of its weak keys or etc.


diff -ur a/net/ipv4/esp4.c b/net/ipv4/esp4.c
--- a/net/ipv4/esp4.c 2004-12-25 06:34:58.000000000 +0900
+++ b/net/ipv4/esp4.c 2005-01-26 18:57:18.000000000 +0900
@@ -427,7 +427,8 @@
    goto error;
   get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
  }
- crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
+ if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
+  goto error;
  x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
  if (x->props.mode)
   x->props.header_len += sizeof(struct iphdr);
diff -ur a/net/ipv6/esp6.c b/net/ipv6/esp6.c
--- a/net/ipv6/esp6.c 2004-12-25 06:35:01.000000000 +0900
+++ b/net/ipv6/esp6.c 2005-01-26 18:57:04.000000000 +0900
@@ -364,7 +364,8 @@
    goto error;
   get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
  }
- crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
+ if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
+  goto error;
  x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
  if (x->props.mode)
   x->props.header_len += sizeof(struct ipv6hdr);


--
Kazunori Miyazawa

<Prev in Thread] Current Thread [Next in Thread>