diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2023-01-15 12:20:35 -0500 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2023-02-20 09:20:34 -0500 |
| commit | 4be416a5f2803d421c950cc48e8e0c1eaaa8c773 (patch) | |
| tree | 0d799cf7a8d8e92945694aca202d004a7977f44a /net/sunrpc/auth_gss/gss_krb5_crypto.c | |
| parent | f03640a1a9782f4bf7c1db63e2e6a9598c6d2c6e (diff) | |
| download | linux-4be416a5f2803d421c950cc48e8e0c1eaaa8c773.tar.gz linux-4be416a5f2803d421c950cc48e8e0c1eaaa8c773.tar.bz2 linux-4be416a5f2803d421c950cc48e8e0c1eaaa8c773.zip | |
SUNRPC: Remove .conflen field from struct gss_krb5_enctype
Now that arcfour-hmac is gone, the confounder length is again the
same as the cipher blocksize for every implemented enctype. The
gss_krb5_enctype::conflen field is no longer necessary.
Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_crypto.c')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_crypto.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 3ea58175e159..8aa5610ef660 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c @@ -610,6 +610,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, struct encryptor_desc desc; u32 cbcbytes; unsigned int usage; + unsigned int conflen; if (kctx->initiate) { cipher = kctx->initiator_enc; @@ -623,12 +624,13 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, usage = KG_USAGE_ACCEPTOR_SEAL; } blocksize = crypto_sync_skcipher_blocksize(cipher); + conflen = crypto_sync_skcipher_blocksize(cipher); /* hide the gss token header and insert the confounder */ offset += GSS_KRB5_TOK_HDR_LEN; - if (xdr_extend_head(buf, offset, kctx->gk5e->conflen)) + if (xdr_extend_head(buf, offset, conflen)) return GSS_S_FAILURE; - gss_krb5_make_confounder(buf->head[0].iov_base + offset, kctx->gk5e->conflen); + gss_krb5_make_confounder(buf->head[0].iov_base + offset, conflen); offset -= GSS_KRB5_TOK_HDR_LEN; if (buf->tail[0].iov_base != NULL) { @@ -744,7 +746,6 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, } blocksize = crypto_sync_skcipher_blocksize(cipher); - /* create a segment skipping the header and leaving out the checksum */ xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN, (len - offset - GSS_KRB5_TOK_HDR_LEN - @@ -801,7 +802,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, ret = GSS_S_BAD_SIG; goto out_err; } - *headskip = kctx->gk5e->conflen; + *headskip = blocksize; *tailskip = kctx->gk5e->cksumlength; out_err: if (ret && ret != GSS_S_BAD_SIG) |