From: Chuck Lever chuck.lever@oracle.com
Now that arcfour-hmac is gone, the confounder length is again the same as the cipher blocksize for every implemented enctype. The gss_krb5_enctype::conflen field is no longer necessary.
Tested-by: Scott Mayhew smayhew@redhat.com Signed-off-by: Chuck Lever chuck.lever@oracle.com --- include/linux/sunrpc/gss_krb5.h | 3 --- net/sunrpc/auth_gss/gss_krb5_crypto.c | 9 +++++---- net/sunrpc/auth_gss/gss_krb5_mech.c | 4 ---- net/sunrpc/auth_gss/gss_krb5_wrap.c | 4 ++-- 4 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index 9a833825b55b..51860e3a0216 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -64,9 +64,6 @@ struct gss_krb5_enctype { const char *cksum_name; /* crypto checksum name */ const u16 signalg; /* signing algorithm */ const u16 sealalg; /* sealing algorithm */ - const u32 conflen; /* confounder length - (normally the same as - the blocksize) */ const u32 cksumlength; /* checksum length */ const u32 keyed_cksum; /* is it a keyed cksum? */ const u32 keybytes; /* raw key len, in bytes */ diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 3ea58175e159..8aa5610ef660 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c @@ -610,6 +610,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, struct encryptor_desc desc; u32 cbcbytes; unsigned int usage; + unsigned int conflen;
if (kctx->initiate) { cipher = kctx->initiator_enc; @@ -623,12 +624,13 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, usage = KG_USAGE_ACCEPTOR_SEAL; } blocksize = crypto_sync_skcipher_blocksize(cipher); + conflen = crypto_sync_skcipher_blocksize(cipher);
/* hide the gss token header and insert the confounder */ offset += GSS_KRB5_TOK_HDR_LEN; - if (xdr_extend_head(buf, offset, kctx->gk5e->conflen)) + if (xdr_extend_head(buf, offset, conflen)) return GSS_S_FAILURE; - gss_krb5_make_confounder(buf->head[0].iov_base + offset, kctx->gk5e->conflen); + gss_krb5_make_confounder(buf->head[0].iov_base + offset, conflen); offset -= GSS_KRB5_TOK_HDR_LEN;
if (buf->tail[0].iov_base != NULL) { @@ -744,7 +746,6 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, } blocksize = crypto_sync_skcipher_blocksize(cipher);
- /* create a segment skipping the header and leaving out the checksum */ xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN, (len - offset - GSS_KRB5_TOK_HDR_LEN - @@ -801,7 +802,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, ret = GSS_S_BAD_SIG; goto out_err; } - *headskip = kctx->gk5e->conflen; + *headskip = blocksize; *tailskip = kctx->gk5e->cksumlength; out_err: if (ret && ret != GSS_S_BAD_SIG) diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index dd85fc9ca80b..08a86ece665e 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = SEAL_ALG_DES, .keybytes = 7, .keylength = 8, - .conflen = 8, .cksumlength = 8, .keyed_cksum = 0, }, @@ -68,7 +67,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = SEAL_ALG_DES3KD, .keybytes = 21, .keylength = 24, - .conflen = 8, .cksumlength = 20, .keyed_cksum = 1, }, @@ -90,7 +88,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = -1, .keybytes = 16, .keylength = 16, - .conflen = 16, .cksumlength = 12, .keyed_cksum = 1, }, @@ -112,7 +109,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = -1, .keybytes = 32, .keylength = 32, - .conflen = 16, .cksumlength = 12, .keyed_cksum = 1, }, diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index 48337687848c..bd068e936947 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c @@ -168,7 +168,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct page **tmp_pages; u32 seq_send; u8 *cksumkey; - u32 conflen = kctx->gk5e->conflen; + u32 conflen = crypto_sync_skcipher_blocksize(kctx->enc);
dprintk("RPC: %s\n", __func__);
@@ -261,7 +261,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, int len, void *data_start, *orig_start; int data_len; int blocksize; - u32 conflen = kctx->gk5e->conflen; + u32 conflen = crypto_sync_skcipher_blocksize(kctx->enc); int crypt_offset; u8 *cksumkey; unsigned int saved_len = buf->len;