From: Herbert Xu <herbert.xu@redhat.com>
Date: Sat, 29 Mar 2008 15:41:16 +0800
Subject: [ipsec] use hmac instead of digest_null
Message-id: 20080329074116.GA31093@gondor.apana.org.au
O-Subject: [RHEL5.2 PATCH] [IPSEC]: Use hmac(digest_null) instead of digest_null
Bugzilla: 436267

Hi:

HEL5.2 BZ 436267

[IPSEC]: Use hmac(digest_null) instead of digest_null

As the backport of the crypto layer in RHEL5.2 uses different
types for digest_null and hmac we can't use digest_null directly
from ESP.  Instead it needs to be wrapped around in hmac.

This patch does exactly that and has been successfully tested by
IBM.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--

Acked-by: Thomas Graf <tgraf@redhat.com>
Acked-by: James Morris <jmorris@redhat.com>
Acked-by: "David S. Miller" <davem@redhat.com>

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 7f457e3..f0dba29 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -468,7 +468,7 @@ static int esp_init_authenc(struct xfrm_state *x)
 
 	err = -ENAMETOOLONG;
 	if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME, "authenc(%s,%s)",
-		     aalg_desc ? aalg_desc->name : "digest_null",
+		     aalg_desc ? aalg_desc->name : "hmac(digest_null)",
 		     ealg_desc->name) >= CRYPTO_MAX_ALG_NAME)
 		goto error;
 
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 8434b56..68e3099 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -433,7 +433,7 @@ static int esp_init_authenc(struct xfrm_state *x)
 
 	err = -ENAMETOOLONG;
 	if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME, "authenc(%s,%s)",
-		     x->aalg ? x->aalg->alg_name : "digest_null",
+		     x->aalg ? x->aalg->alg_name : "hmac(digest_null)",
 		     x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME)
 		goto error;