git.ipfire.org Git - thirdparty/linux.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 15 May 2026 23:05:13 +0000 (00:05 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Wed, 20 May 2026 23:36:45 +0000 (16:36 -0700)
commit	2b50aceafe6606ea52ed42aadd1b4d44a188aade
tree	0613b29044f8b780928f6d1237a45f064539dff1	tree \| snapshot
parent	b1a736f8bcb1b0ec4ce657f6fa9afc1f698f8f7a	commit \| diff

crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks

Change the krb5 crypto library to provide facilities to precheck the length
of the message about to be decrypted or verified.

Fix AF_RXRPC to make use of this to validate DATA packets secured with
RxGK.

Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)")
Closes: https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: Simon Horman <horms@kernel.org>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: linux-afs@lists.infradead.org
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
Link: https://patch.msgid.link/20260515230516.2718212-2-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Documentation/crypto/krb5.rst		diff \| blob \| blame \| history
crypto/krb5/krb5_api.c		diff \| blob \| blame \| history
include/crypto/krb5.h		diff \| blob \| blame \| history
include/trace/events/rxrpc.h		diff \| blob \| blame \| history
net/rxrpc/rxgk.c		diff \| blob \| blame \| history