tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'ipsec-next-2026-04-08' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2026-04-08

1) Update outdated comment in xfrm_dst_check().
From kexinsun.

2) Drop support for HMAC-RIPEMD-160 from IPsec.
From Eric Biggers.

* tag 'ipsec-next-2026-04-08' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
xfrm: Drop support for HMAC-RIPEMD-160
xfrm: update outdated comment
====================

Link: https://patch.msgid.link/20260408094258.148555-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski ea0f90d1 b3e69fc3

+3 -27
-20
net/xfrm/xfrm_algo.c
··· 291 291 } 292 292 }, 293 293 { 294 - .name = "hmac(rmd160)", 295 - .compat = "rmd160", 296 - 297 - .uinfo = { 298 - .auth = { 299 - .icv_truncbits = 96, 300 - .icv_fullbits = 160, 301 - } 302 - }, 303 - 304 - .pfkey_supported = 1, 305 - 306 - .desc = { 307 - .sadb_alg_id = SADB_X_AALG_RIPEMD160HMAC, 308 - .sadb_alg_ivlen = 0, 309 - .sadb_alg_minbits = 160, 310 - .sadb_alg_maxbits = 160 311 - } 312 - }, 313 - { 314 294 .name = "xcbc(aes)", 315 295 316 296 .uinfo = {
+1 -1
net/xfrm/xfrm_policy.c
··· 3917 3917 3918 3918 static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie) 3919 3919 { 3920 - /* Code (such as __xfrm4_bundle_create()) sets dst->obsolete 3920 + /* Code (such as xfrm_bundle_create()) sets dst->obsolete 3921 3921 * to DST_OBSOLETE_FORCE_CHK to force all XFRM destinations to 3922 3922 * get validated by dst_ops->check on every use. We do this 3923 3923 * because when a normal route referenced by an XFRM dst is
+2 -6
tools/testing/selftests/net/ipsec.c
··· 62 62 #define VETH_FMT "ktst-%d" 63 63 #define VETH_LEN 12 64 64 65 - #define XFRM_ALGO_NR_KEYS 29 66 - 67 65 static int nsfd_parent = -1; 68 66 static int nsfd_childa = -1; 69 67 static int nsfd_childb = -1; ··· 94 96 {"cbc(cast5)", 128}, 95 97 {"cbc(serpent)", 128}, 96 98 {"hmac(sha1)", 160}, 97 - {"hmac(rmd160)", 160}, 98 99 {"cbc(des3_ede)", 192}, 99 100 {"hmac(sha256)", 256}, 100 101 {"cbc(aes)", 256}, ··· 810 813 { 811 814 int i; 812 815 813 - for (i = 0; i < XFRM_ALGO_NR_KEYS; i++) { 816 + for (i = 0; i < ARRAY_SIZE(xfrm_key_entries); i++) { 814 817 if (strncmp(name, xfrm_key_entries[i].algo_name, ALGO_LEN) == 0) 815 818 *key_len = xfrm_key_entries[i].key_len; 816 819 } ··· 2058 2061 int proto_list[] = { IPPROTO_AH, IPPROTO_COMP, IPPROTO_ESP }; 2059 2062 char *ah_list[] = { 2060 2063 "digest_null", "hmac(md5)", "hmac(sha1)", "hmac(sha256)", 2061 - "hmac(sha384)", "hmac(sha512)", "hmac(rmd160)", 2062 - "xcbc(aes)", "cmac(aes)" 2064 + "hmac(sha384)", "hmac(sha512)", "xcbc(aes)", "cmac(aes)" 2063 2065 }; 2064 2066 char *comp_list[] = { 2065 2067 "deflate",