diff options
author | David Howells <dhowells@redhat.com> | 2020-09-16 02:38:15 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2020-11-23 19:09:30 +0100 |
commit | 8d47a43c48af31c0027e1e08fce7af5f9aaa83c7 (patch) | |
tree | 7320f2829cae231950048115bb712afe6d1911c3 /net/rxrpc | |
parent | rxrpc: Fix example key name in a comment (diff) | |
download | linux-8d47a43c48af31c0027e1e08fce7af5f9aaa83c7.tar.xz linux-8d47a43c48af31c0027e1e08fce7af5f9aaa83c7.zip |
rxrpc: Merge prime_packet_security into init_connection_security
Merge the ->prime_packet_security() into the ->init_connection_security()
hook as they're always called together.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'net/rxrpc')
-rw-r--r-- | net/rxrpc/ar-internal.h | 2 | ||||
-rw-r--r-- | net/rxrpc/conn_client.c | 6 | ||||
-rw-r--r-- | net/rxrpc/conn_event.c | 4 | ||||
-rw-r--r-- | net/rxrpc/insecure.c | 6 | ||||
-rw-r--r-- | net/rxrpc/rxkad.c | 20 |
5 files changed, 15 insertions, 23 deletions
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 0fb294725ff2..6aaa0f49dab0 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -234,8 +234,6 @@ struct rxrpc_security { int (*init_connection_security)(struct rxrpc_connection *, struct rxrpc_key_token *); - /* prime a connection's packet security */ - int (*prime_packet_security)(struct rxrpc_connection *); /* impose security on a packet */ int (*secure_packet)(struct rxrpc_call *, diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c index 7e574c75be8e..dbea0bfee48e 100644 --- a/net/rxrpc/conn_client.c +++ b/net/rxrpc/conn_client.c @@ -180,10 +180,6 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp) if (ret < 0) goto error_1; - ret = conn->security->prime_packet_security(conn); - if (ret < 0) - goto error_2; - atomic_inc(&rxnet->nr_conns); write_lock(&rxnet->conn_lock); list_add_tail(&conn->proc_link, &rxnet->conn_proc_list); @@ -203,8 +199,6 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp) _leave(" = %p", conn); return conn; -error_2: - conn->security->clear(conn); error_1: rxrpc_put_client_connection_id(conn); error_0: diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c index 03a482ba770f..aab069701398 100644 --- a/net/rxrpc/conn_event.c +++ b/net/rxrpc/conn_event.c @@ -338,10 +338,6 @@ static int rxrpc_process_event(struct rxrpc_connection *conn, if (ret < 0) return ret; - ret = conn->security->prime_packet_security(conn); - if (ret < 0) - return ret; - spin_lock(&conn->bundle->channel_lock); spin_lock_bh(&conn->state_lock); diff --git a/net/rxrpc/insecure.c b/net/rxrpc/insecure.c index cf3ecffcf424..914e2f2e2990 100644 --- a/net/rxrpc/insecure.c +++ b/net/rxrpc/insecure.c @@ -14,11 +14,6 @@ static int none_init_connection_security(struct rxrpc_connection *conn, return 0; } -static int none_prime_packet_security(struct rxrpc_connection *conn) -{ - return 0; -} - static int none_secure_packet(struct rxrpc_call *call, struct sk_buff *skb, size_t data_size, @@ -87,7 +82,6 @@ const struct rxrpc_security rxrpc_no_security = { .init = none_init, .exit = none_exit, .init_connection_security = none_init_connection_security, - .prime_packet_security = none_prime_packet_security, .free_call_crypto = none_free_call_crypto, .secure_packet = none_secure_packet, .verify_packet = none_verify_packet, diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index 3057f00a6978..301894857473 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -38,6 +38,9 @@ struct rxkad_level2_hdr { __be32 checksum; /* decrypted data checksum */ }; +static int rxkad_prime_packet_security(struct rxrpc_connection *conn, + struct crypto_sync_skcipher *ci); + /* * this holds a pinned cipher so that keventd doesn't get called by the cipher * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE @@ -130,8 +133,15 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn, goto error; } + ret = rxkad_prime_packet_security(conn, ci); + if (ret < 0) + goto error_ci; + conn->cipher = ci; - ret = 0; + return 0; + +error_ci: + crypto_free_sync_skcipher(ci); error: _leave(" = %d", ret); return ret; @@ -141,7 +151,8 @@ error: * prime the encryption state with the invariant parts of a connection's * description */ -static int rxkad_prime_packet_security(struct rxrpc_connection *conn) +static int rxkad_prime_packet_security(struct rxrpc_connection *conn, + struct crypto_sync_skcipher *ci) { struct skcipher_request *req; struct rxrpc_key_token *token; @@ -159,7 +170,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn) if (!tmpbuf) return -ENOMEM; - req = skcipher_request_alloc(&conn->cipher->base, GFP_NOFS); + req = skcipher_request_alloc(&ci->base, GFP_NOFS); if (!req) { kfree(tmpbuf); return -ENOMEM; @@ -174,7 +185,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn) tmpbuf[3] = htonl(conn->security_ix); sg_init_one(&sg, tmpbuf, tmpsize); - skcipher_request_set_sync_tfm(req, conn->cipher); + skcipher_request_set_sync_tfm(req, ci); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x); crypto_skcipher_encrypt(req); @@ -1350,7 +1361,6 @@ const struct rxrpc_security rxkad = { .free_preparse_server_key = rxkad_free_preparse_server_key, .destroy_server_key = rxkad_destroy_server_key, .init_connection_security = rxkad_init_connection_security, - .prime_packet_security = rxkad_prime_packet_security, .secure_packet = rxkad_secure_packet, .verify_packet = rxkad_verify_packet, .free_call_crypto = rxkad_free_call_crypto, |