mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-01 08:04:22 +08:00
SUNRPC: Remove .blocksize field from struct gss_krb5_enctype
It is not clear from documenting comments, specifications, or code usage what value the gss_krb5_enctype.blocksize field is supposed to store. The "encryption blocksize" depends only on the cipher being used, so that value can be derived where it's needed instead of stored as a constant. RFC 3961 Section 5.2 says: > cipher block size, c > This is the block size of the block cipher underlying the > encryption and decryption functions indicated above, used for key > derivation and for the size of the message confounder and initial > vector. (If a block cipher is not in use, some comparable > parameter should be determined.) It must be at least 5 octets. > > This is not actually an independent parameter; rather, it is a > property of the functions E and D. It is listed here to clarify > the distinction between it and the message block size, m. In the Linux kernel's implemenation of the SunRPC RPCSEC GSS Kerberos 5 mechanism, the cipher block size, which is dependent on the encryption and decryption transforms, is used only in krb5_derive_key(), so it is straightforward to replace it. Tested-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
This commit is contained in:
parent
97648b94bd
commit
f03640a1a9
@ -64,7 +64,6 @@ struct gss_krb5_enctype {
|
||||
const char *cksum_name; /* crypto checksum name */
|
||||
const u16 signalg; /* signing algorithm */
|
||||
const u16 sealalg; /* sealing algorithm */
|
||||
const u32 blocksize; /* encryption blocksize */
|
||||
const u32 conflen; /* confounder length
|
||||
(normally the same as
|
||||
the blocksize) */
|
||||
|
@ -150,7 +150,6 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
|
||||
struct crypto_sync_skcipher *cipher;
|
||||
u32 ret = EINVAL;
|
||||
|
||||
blocksize = gk5e->blocksize;
|
||||
keybytes = gk5e->keybytes;
|
||||
keylength = gk5e->keylength;
|
||||
|
||||
@ -160,11 +159,10 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
|
||||
cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
|
||||
if (IS_ERR(cipher))
|
||||
goto err_return;
|
||||
blocksize = crypto_sync_skcipher_blocksize(cipher);
|
||||
if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len))
|
||||
goto err_return;
|
||||
|
||||
/* allocate and set up buffers */
|
||||
|
||||
ret = ENOMEM;
|
||||
inblockdata = kmalloc(blocksize, gfp_mask);
|
||||
if (inblockdata == NULL)
|
||||
|
@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
|
||||
.sealalg = SEAL_ALG_DES,
|
||||
.keybytes = 7,
|
||||
.keylength = 8,
|
||||
.blocksize = 8,
|
||||
.conflen = 8,
|
||||
.cksumlength = 8,
|
||||
.keyed_cksum = 0,
|
||||
@ -69,7 +68,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
|
||||
.sealalg = SEAL_ALG_DES3KD,
|
||||
.keybytes = 21,
|
||||
.keylength = 24,
|
||||
.blocksize = 8,
|
||||
.conflen = 8,
|
||||
.cksumlength = 20,
|
||||
.keyed_cksum = 1,
|
||||
@ -92,7 +90,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
|
||||
.sealalg = -1,
|
||||
.keybytes = 16,
|
||||
.keylength = 16,
|
||||
.blocksize = 16,
|
||||
.conflen = 16,
|
||||
.cksumlength = 12,
|
||||
.keyed_cksum = 1,
|
||||
@ -115,7 +112,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
|
||||
.sealalg = -1,
|
||||
.keybytes = 32,
|
||||
.keylength = 32,
|
||||
.blocksize = 16,
|
||||
.conflen = 16,
|
||||
.cksumlength = 12,
|
||||
.keyed_cksum = 1,
|
||||
|
Loading…
Reference in New Issue
Block a user