diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2023-01-15 18:20:28 +0100 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2023-02-20 15:20:34 +0100 |
| commit | f03640a1a9782f4bf7c1db63e2e6a9598c6d2c6e (patch) | |
| tree | 5de23c7f1ff72c81bf862e297e721d4d585793da /net | |
| parent | SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h (diff) | |
| download | linux-f03640a1a9782f4bf7c1db63e2e6a9598c6d2c6e.tar.xz linux-f03640a1a9782f4bf7c1db63e2e6a9598c6d2c6e.zip | |
SUNRPC: Remove .blocksize field from struct gss_krb5_enctype
It is not clear from documenting comments, specifications, or code
usage what value the gss_krb5_enctype.blocksize field is supposed
to store. The "encryption blocksize" depends only on the cipher
being used, so that value can be derived where it's needed instead
of stored as a constant.
RFC 3961 Section 5.2 says:
> cipher block size, c
> This is the block size of the block cipher underlying the
> encryption and decryption functions indicated above, used for key
> derivation and for the size of the message confounder and initial
> vector. (If a block cipher is not in use, some comparable
> parameter should be determined.) It must be at least 5 octets.
>
> This is not actually an independent parameter; rather, it is a
> property of the functions E and D. It is listed here to clarify
> the distinction between it and the message block size, m.
In the Linux kernel's implemenation of the SunRPC RPCSEC GSS
Kerberos 5 mechanism, the cipher block size, which is dependent on
the encryption and decryption transforms, is used only in
krb5_derive_key(), so it is straightforward to replace it.
Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_keys.c | 4 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 4 |
2 files changed, 1 insertions, 7 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c index 726c076950c0..554cfd23f288 100644 --- a/net/sunrpc/auth_gss/gss_krb5_keys.c +++ b/net/sunrpc/auth_gss/gss_krb5_keys.c @@ -150,7 +150,6 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e, struct crypto_sync_skcipher *cipher; u32 ret = EINVAL; - blocksize = gk5e->blocksize; keybytes = gk5e->keybytes; keylength = gk5e->keylength; @@ -160,11 +159,10 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e, cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); if (IS_ERR(cipher)) goto err_return; + blocksize = crypto_sync_skcipher_blocksize(cipher); if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len)) goto err_return; - /* allocate and set up buffers */ - ret = ENOMEM; inblockdata = kmalloc(blocksize, gfp_mask); if (inblockdata == NULL) diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 1c092b05c2bb..dd85fc9ca80b 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = SEAL_ALG_DES, .keybytes = 7, .keylength = 8, - .blocksize = 8, .conflen = 8, .cksumlength = 8, .keyed_cksum = 0, @@ -69,7 +68,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = SEAL_ALG_DES3KD, .keybytes = 21, .keylength = 24, - .blocksize = 8, .conflen = 8, .cksumlength = 20, .keyed_cksum = 1, @@ -92,7 +90,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = -1, .keybytes = 16, .keylength = 16, - .blocksize = 16, .conflen = 16, .cksumlength = 12, .keyed_cksum = 1, @@ -115,7 +112,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .sealalg = -1, .keybytes = 32, .keylength = 32, - .blocksize = 16, .conflen = 16, .cksumlength = 12, .keyed_cksum = 1, |