From: Chuck Lever Date: Mon, 27 Apr 2026 13:50:52 +0000 (-0400) Subject: SUNRPC: Switch Camellia decrypt to crypto/krb5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=315fc6f2a132f17f1c2b27791031e7e500c4d441;p=thirdparty%2Fkernel%2Flinux.git SUNRPC: Switch Camellia decrypt to crypto/krb5 The Camellia enctypes (RFC 6803) use the same MtE authenticated encryption construction as AES-SHA1 (RFC 3962), implemented in crypto/krb5 by the rfc3961_simplified profile. The encrypt path already uses gss_krb5_aead_encrypt() for Camellia, but the decrypt path was left on the old gss_krb5_aes_decrypt() code when the AES enctypes were migrated. Switch the Camellia .decrypt callback to gss_krb5_aead_decrypt() to complete the AEAD migration for all enctypes. The conf_len and cksum_len values in crypto/krb5's Camellia enctype descriptors match the block size and checksum length that gss_krb5_aes_decrypt() was using, so the headskip and tailskip returned to the unwrap layer are unchanged. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton Acked-by: Anna Schumaker Signed-off-by: Chuck Lever --- diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 66372e152c3bb..9a5e367fef5b9 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -112,7 +112,7 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .derive_key = krb5_kdf_feedback_cmac, .encrypt = gss_krb5_aead_encrypt, - .decrypt = gss_krb5_aes_decrypt, + .decrypt = gss_krb5_aead_decrypt, .get_mic = gss_krb5_get_mic_v2, .verify_mic = gss_krb5_verify_mic_v2, @@ -138,7 +138,7 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { .derive_key = krb5_kdf_feedback_cmac, .encrypt = gss_krb5_aead_encrypt, - .decrypt = gss_krb5_aes_decrypt, + .decrypt = gss_krb5_aead_decrypt, .get_mic = gss_krb5_get_mic_v2, .verify_mic = gss_krb5_verify_mic_v2,