Each krb5_ctx currently points to a gss_krb5_enctype, the
rpcsec_gss_krb5 module's own enctype descriptor. To begin
using the common crypto/krb5 library, store a pointer to the
corresponding struct krb5_enctype (from <crypto/krb5.h>) as
well.
The lookup is performed in gss_import_v2_context() immediately
after the existing gss_krb5_lookup_enctype() call. If
crypto_krb5_find_enctype() cannot find a matching enctype the
context import fails, ensuring the module never operates with
a partially-initialized krb5_ctx.
Assisted-by: Claude:claude-opus-4-6
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
#ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H
#define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H
+#include <crypto/krb5.h>
+
/*
* The RFCs often specify payload lengths in bits. This helper
* converts a specified bit-length to the number of octets/bytes.
u32 enctype;
u32 flags;
const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
+ const struct krb5_enctype *krb5e; /* crypto/krb5 enctype */
struct crypto_sync_skcipher *enc;
struct crypto_sync_skcipher *seq;
struct crypto_sync_skcipher *acceptor_enc;
p = ERR_PTR(-EINVAL);
goto out_err;
}
+ ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype);
+ if (!ctx->krb5e) {
+ dprintk("gss_kerberos_mech: crypto/krb5 missing enctype %u\n",
+ ctx->enctype);
+ p = ERR_PTR(-EINVAL);
+ goto out_err;
+ }
keylen = ctx->gk5e->keylength;
p = simple_get_bytes(p, end, ctx->Ksess, keylen);
projects / thirdparty / kernel / linux.git / commitdiff
