diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2026-04-27 09:50:46 -0400 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2026-05-28 11:31:26 -0400 |
| commit | bbe0eed9df4fcea3ed9115aeab66a648cbe1c735 (patch) | |
| tree | 0e7f24e4a4841395cf99248632a3f2faea856ba6 /net | |
| parent | f5cbf04d843a2c2d685f96dbc2631571478a993b (diff) | |
| download | linux-next-history-bbe0eed9df4fcea3ed9115aeab66a648cbe1c735.tar.gz | |
SUNRPC: Add crypto/krb5 enctype lookup to krb5_ctx
Each krb5_ctx currently points to a gss_krb5_enctype, the
rpcsec_gss_krb5 module's own enctype descriptor. To begin
using the common crypto/krb5 library, store a pointer to the
corresponding struct krb5_enctype (from <crypto/krb5.h>) as
well.
The lookup is performed in gss_import_v2_context() immediately
after the existing gss_krb5_lookup_enctype() call. If
crypto_krb5_find_enctype() cannot find a matching enctype the
context import fails, ensuring the module never operates with
a partially-initialized krb5_ctx.
Assisted-by: Claude:claude-opus-4-6
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_internal.h | 3 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h index 8769e9e705bfa..11402c3b4972d 100644 --- a/net/sunrpc/auth_gss/gss_krb5_internal.h +++ b/net/sunrpc/auth_gss/gss_krb5_internal.h @@ -8,6 +8,8 @@ #ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H #define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H +#include <crypto/krb5.h> + /* * The RFCs often specify payload lengths in bits. This helper * converts a specified bit-length to the number of octets/bytes. @@ -62,6 +64,7 @@ struct krb5_ctx { u32 enctype; u32 flags; const struct gss_krb5_enctype *gk5e; /* enctype-specific info */ + const struct krb5_enctype *krb5e; /* crypto/krb5 enctype */ struct crypto_sync_skcipher *enc; struct crypto_sync_skcipher *seq; struct crypto_sync_skcipher *acceptor_enc; diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 6db64a9111a92..060d8fc4358ee 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -432,6 +432,13 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, p = ERR_PTR(-EINVAL); goto out_err; } + ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype); + if (!ctx->krb5e) { + dprintk("gss_kerberos_mech: crypto/krb5 missing enctype %u\n", + ctx->enctype); + p = ERR_PTR(-EINVAL); + goto out_err; + } keylen = ctx->gk5e->keylength; p = simple_get_bytes(p, end, ctx->Ksess, keylen); |