summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Coffman <kwc@citi.umich.edu>2008-04-30 18:46:08 +0200
committerJ. Bruce Fields <bfields@citi.umich.edu>2008-06-23 19:47:38 +0200
commit863a24882ed0a57ff25daaf39885f3a47b706e4b (patch)
treed36d3829550ba8289a2b3b75cceb187cdb4600b5
parentgss_krb5: move gss_krb5_crypto into the krb5 module (diff)
downloadlinux-863a24882ed0a57ff25daaf39885f3a47b706e4b.tar.xz
linux-863a24882ed0a57ff25daaf39885f3a47b706e4b.zip
gss_krb5: Use random value to initialize confounder
Initialize the value used for the confounder to a random value rather than starting from zero. Allow for confounders of length 8 or 16 (which will be needed for AES). Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 283cb25c6237..ae8e69b59c4c 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -87,8 +87,8 @@ out:
return 0;
}
-static inline void
-make_confounder(char *p, int blocksize)
+static void
+make_confounder(char *p, u32 conflen)
{
static u64 i = 0;
u64 *q = (u64 *)p;
@@ -102,8 +102,22 @@ make_confounder(char *p, int blocksize)
* uniqueness would mean worrying about atomicity and rollover, and I
* don't care enough. */
- BUG_ON(blocksize != 8);
- *q = i++;
+ /* initialize to random value */
+ if (i == 0) {
+ i = random32();
+ i = (i << 32) | random32();
+ }
+
+ switch (conflen) {
+ case 16:
+ *q++ = i++;
+ /* fall through */
+ case 8:
+ *q++ = i++;
+ break;
+ default:
+ BUG();
+ }
}
/* Assumptions: the head and tail of inbuf are ours to play with.