@@ -64,9 +64,6 @@ struct gss_krb5_enctype {
const char *cksum_name; /* crypto checksum name */
const u16 signalg; /* signing algorithm */
const u16 sealalg; /* sealing algorithm */
- const u32 conflen; /* confounder length
- (normally the same as
- the blocksize) */
const u32 cksumlength; /* checksum length */
const u32 keyed_cksum; /* is it a keyed cksum? */
const u32 keybytes; /* raw key len, in bytes */
@@ -610,6 +610,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
struct encryptor_desc desc;
u32 cbcbytes;
unsigned int usage;
+ unsigned int conflen;
if (kctx->initiate) {
cipher = kctx->initiator_enc;
@@ -623,12 +624,13 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
usage = KG_USAGE_ACCEPTOR_SEAL;
}
blocksize = crypto_sync_skcipher_blocksize(cipher);
+ conflen = crypto_sync_skcipher_blocksize(cipher);
/* hide the gss token header and insert the confounder */
offset += GSS_KRB5_TOK_HDR_LEN;
- if (xdr_extend_head(buf, offset, kctx->gk5e->conflen))
+ if (xdr_extend_head(buf, offset, conflen))
return GSS_S_FAILURE;
- gss_krb5_make_confounder(buf->head[0].iov_base + offset, kctx->gk5e->conflen);
+ gss_krb5_make_confounder(buf->head[0].iov_base + offset, conflen);
offset -= GSS_KRB5_TOK_HDR_LEN;
if (buf->tail[0].iov_base != NULL) {
@@ -744,7 +746,6 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
}
blocksize = crypto_sync_skcipher_blocksize(cipher);
-
/* create a segment skipping the header and leaving out the checksum */
xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN,
(len - offset - GSS_KRB5_TOK_HDR_LEN -
@@ -801,7 +802,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
ret = GSS_S_BAD_SIG;
goto out_err;
}
- *headskip = kctx->gk5e->conflen;
+ *headskip = blocksize;
*tailskip = kctx->gk5e->cksumlength;
out_err:
if (ret && ret != GSS_S_BAD_SIG)
@@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
.sealalg = SEAL_ALG_DES,
.keybytes = 7,
.keylength = 8,
- .conflen = 8,
.cksumlength = 8,
.keyed_cksum = 0,
},
@@ -68,7 +67,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
.sealalg = SEAL_ALG_DES3KD,
.keybytes = 21,
.keylength = 24,
- .conflen = 8,
.cksumlength = 20,
.keyed_cksum = 1,
},
@@ -90,7 +88,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
.sealalg = -1,
.keybytes = 16,
.keylength = 16,
- .conflen = 16,
.cksumlength = 12,
.keyed_cksum = 1,
},
@@ -112,7 +109,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
.sealalg = -1,
.keybytes = 32,
.keylength = 32,
- .conflen = 16,
.cksumlength = 12,
.keyed_cksum = 1,
},
@@ -168,7 +168,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
struct page **tmp_pages;
u32 seq_send;
u8 *cksumkey;
- u32 conflen = kctx->gk5e->conflen;
+ u32 conflen = crypto_sync_skcipher_blocksize(kctx->enc);
dprintk("RPC: %s\n", __func__);
@@ -261,7 +261,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, int len,
void *data_start, *orig_start;
int data_len;
int blocksize;
- u32 conflen = kctx->gk5e->conflen;
+ u32 conflen = crypto_sync_skcipher_blocksize(kctx->enc);
int crypt_offset;
u8 *cksumkey;
unsigned int saved_len = buf->len;