SUNRPC: Remove .conflen field from struct gss_krb5_enctype

Now that arcfour-hmac is gone, the confounder length is again the
same as the cipher blocksize for every implemented enctype. The
gss_krb5_enctype::conflen field is no longer necessary.

Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 9a833825b55baa56d0bd4fcee489cd4448321669..51860e3a0216f60edcf8800eebc4866049ccf6f2 100644 (file)
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -64,9 +64,6 @@ struct gss_krb5_enctype {
        const char              *cksum_name;    /* crypto checksum name */
        const u16               signalg;        /* signing algorithm */
        const u16               sealalg;        /* sealing algorithm */
-       const u32               conflen;        /* confounder length
-                                                  (normally the same as
-                                                  the blocksize) */
        const u32               cksumlength;    /* checksum length */
        const u32               keyed_cksum;    /* is it a keyed cksum? */
        const u32               keybytes;       /* raw key len, in bytes */

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 3ea58175e15999a3fc3c559af0a285ca9f17f8f8..8aa5610ef660b070c7011df4775d912261f52578 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -610,6 +610,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
        struct encryptor_desc desc;
        u32 cbcbytes;
        unsigned int usage;
+       unsigned int conflen;
 
        if (kctx->initiate) {
                cipher = kctx->initiator_enc;
@@ -623,12 +624,13 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
                usage = KG_USAGE_ACCEPTOR_SEAL;
        }
        blocksize = crypto_sync_skcipher_blocksize(cipher);
+       conflen = crypto_sync_skcipher_blocksize(cipher);
 
        /* hide the gss token header and insert the confounder */
        offset += GSS_KRB5_TOK_HDR_LEN;
-       if (xdr_extend_head(buf, offset, kctx->gk5e->conflen))
+       if (xdr_extend_head(buf, offset, conflen))
                return GSS_S_FAILURE;
-       gss_krb5_make_confounder(buf->head[0].iov_base + offset, kctx->gk5e->conflen);
+       gss_krb5_make_confounder(buf->head[0].iov_base + offset, conflen);
        offset -= GSS_KRB5_TOK_HDR_LEN;
 
        if (buf->tail[0].iov_base != NULL) {
@@ -744,7 +746,6 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
        }
        blocksize = crypto_sync_skcipher_blocksize(cipher);
 
-
        /* create a segment skipping the header and leaving out the checksum */
        xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN,
                                    (len - offset - GSS_KRB5_TOK_HDR_LEN -
@@ -801,7 +802,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
                ret = GSS_S_BAD_SIG;
                goto out_err;
        }
-       *headskip = kctx->gk5e->conflen;
+       *headskip = blocksize;
        *tailskip = kctx->gk5e->cksumlength;
 out_err:
        if (ret && ret != GSS_S_BAD_SIG)

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index dd85fc9ca80bbc648592245d0c411dac0752170d..08a86ece665e6739a1d0648871b75e309de80aaa 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = SEAL_ALG_DES,
          .keybytes = 7,
          .keylength = 8,
-         .conflen = 8,
          .cksumlength = 8,
          .keyed_cksum = 0,
        },
@@ -68,7 +67,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = SEAL_ALG_DES3KD,
          .keybytes = 21,
          .keylength = 24,
-         .conflen = 8,
          .cksumlength = 20,
          .keyed_cksum = 1,
        },
@@ -90,7 +88,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = -1,
          .keybytes = 16,
          .keylength = 16,
-         .conflen = 16,
          .cksumlength = 12,
          .keyed_cksum = 1,
        },
@@ -112,7 +109,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = -1,
          .keybytes = 32,
          .keylength = 32,
-         .conflen = 16,
          .cksumlength = 12,
          .keyed_cksum = 1,
        },

diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 48337687848c6654fdcfe08fe26d10a5fda12b62..bd068e936947ac3242655da584f3c40fe2095579 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -168,7 +168,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
        struct page             **tmp_pages;
        u32                     seq_send;
        u8                      *cksumkey;
-       u32                     conflen = kctx->gk5e->conflen;
+       u32                     conflen = crypto_sync_skcipher_blocksize(kctx->enc);
 
        dprintk("RPC:       %s\n", __func__);
 
@@ -261,7 +261,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, int len,
        void                    *data_start, *orig_start;
        int                     data_len;
        int                     blocksize;
-       u32                     conflen = kctx->gk5e->conflen;
+       u32                     conflen = crypto_sync_skcipher_blocksize(kctx->enc);
        int                     crypt_offset;
        u8                      *cksumkey;
        unsigned int            saved_len = buf->len;