]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 598de25)
SUNRPC: Switch Camellia decrypt to crypto/krb5
authorChuck Lever <chuck.lever@oracle.com>
Mon, 27 Apr 2026 13:50:52 +0000 (09:50 -0400)
committerChuck Lever <cel@kernel.org>
Tue, 9 Jun 2026 20:32:59 +0000 (16:32 -0400)
The Camellia enctypes (RFC 6803) use the same MtE authenticated
encryption construction as AES-SHA1 (RFC 3962), implemented in
crypto/krb5 by the rfc3961_simplified profile. The encrypt path
already uses gss_krb5_aead_encrypt() for Camellia, but the decrypt
path was left on the old gss_krb5_aes_decrypt() code when the AES
enctypes were migrated.

Switch the Camellia .decrypt callback to gss_krb5_aead_decrypt() to
complete the AEAD migration for all enctypes. The conf_len and
cksum_len values in crypto/krb5's Camellia enctype descriptors match
the block size and checksum length that gss_krb5_aes_decrypt() was
using, so the headskip and tailskip returned to the unwrap layer are
unchanged.

Assisted-by: Claude:claude-opus-4-6
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
net/sunrpc/auth_gss/gss_krb5_mech.c patch | blob | blame | history

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 66372e152c3bba28c21d2e3b7d11158d76900f94..9a5e367fef5b93f227885ef79e0fb255dd90c4bf 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -112,7 +112,7 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
 
                .derive_key     = krb5_kdf_feedback_cmac,
                .encrypt        = gss_krb5_aead_encrypt,
-               .decrypt        = gss_krb5_aes_decrypt,
+               .decrypt        = gss_krb5_aead_decrypt,
 
                .get_mic        = gss_krb5_get_mic_v2,
                .verify_mic     = gss_krb5_verify_mic_v2,
@@ -138,7 +138,7 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
 
                .derive_key     = krb5_kdf_feedback_cmac,
                .encrypt        = gss_krb5_aead_encrypt,
-               .decrypt        = gss_krb5_aes_decrypt,
+               .decrypt        = gss_krb5_aead_decrypt,
 
                .get_mic        = gss_krb5_get_mic_v2,
                .verify_mic     = gss_krb5_verify_mic_v2,
A mirror of Linus' kernel repository