summaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2023-01-15 12:22:17 -0500
committerChuck Lever <chuck.lever@oracle.com>2023-02-20 09:20:42 -0500
commitec4aaab39afcec749ff7ed78e560213ff9e1c23c (patch)
tree2dbadcea2292f59641e53d9710d5ad3f22e1af2c /net/sunrpc/auth_gss
parent2691a27d9b3e6a48adeb87a9dcf4e8a0ca84a26e (diff)
SUNRPC: Clean up cipher set up for v1 encryption types
De-duplicate some common code. Tested-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c58
1 files changed, 29 insertions, 29 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 9e9551b224f6..9575fb291d33 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -204,17 +204,32 @@ get_gss_krb5_enctype(int etype)
return NULL;
}
+static struct crypto_sync_skcipher *
+gss_krb5_alloc_cipher_v1(struct krb5_ctx *ctx, struct xdr_netobj *key)
+{
+ struct crypto_sync_skcipher *tfm;
+
+ tfm = crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, 0, 0);
+ if (IS_ERR(tfm))
+ return NULL;
+ if (crypto_sync_skcipher_setkey(tfm, key->data, key->len)) {
+ crypto_free_sync_skcipher(tfm);
+ return NULL;
+ }
+ return tfm;
+}
+
static inline const void *
get_key(const void *p, const void *end,
struct krb5_ctx *ctx, struct crypto_sync_skcipher **res)
{
+ struct crypto_sync_skcipher *tfm;
struct xdr_netobj key;
int alg;
p = simple_get_bytes(p, end, &alg, sizeof(alg));
if (IS_ERR(p))
goto out_err;
-
switch (alg) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
@@ -223,37 +238,26 @@ get_key(const void *p, const void *end,
alg = ENCTYPE_DES_CBC_RAW;
break;
}
-
if (!supported_gss_krb5_enctype(alg)) {
- printk(KERN_WARNING "gss_kerberos_mech: unsupported "
- "encryption key algorithm %d\n", alg);
- p = ERR_PTR(-EINVAL);
- goto out_err;
+ pr_warn("gss_krb5: unsupported enctype: %d\n", alg);
+ goto out_err_inval;
}
+
p = simple_get_netobj(p, end, &key);
if (IS_ERR(p))
goto out_err;
-
- *res = crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, 0, 0);
- if (IS_ERR(*res)) {
- printk(KERN_WARNING "gss_kerberos_mech: unable to initialize "
- "crypto algorithm %s\n", ctx->gk5e->encrypt_name);
- *res = NULL;
- goto out_err_free_key;
- }
- if (crypto_sync_skcipher_setkey(*res, key.data, key.len)) {
- printk(KERN_WARNING "gss_kerberos_mech: error setting key for "
- "crypto algorithm %s\n", ctx->gk5e->encrypt_name);
- goto out_err_free_tfm;
+ tfm = gss_krb5_alloc_cipher_v1(ctx, &key);
+ kfree(key.data);
+ if (!tfm) {
+ pr_warn("gss_krb5: failed to initialize cipher '%s'\n",
+ ctx->gk5e->encrypt_name);
+ goto out_err_inval;
}
+ *res = tfm;
- kfree(key.data);
return p;
-out_err_free_tfm:
- crypto_free_sync_skcipher(*res);
-out_err_free_key:
- kfree(key.data);
+out_err_inval:
p = ERR_PTR(-EINVAL);
out_err:
return p;
@@ -372,14 +376,10 @@ gss_krb5_import_ctx_v1(struct krb5_ctx *ctx, gfp_t gfp_mask)
keyin.data = ctx->Ksess;
keyin.len = ctx->gk5e->keylength;
- /* seq uses the raw key */
- ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,
- ctx->Ksess);
+ ctx->seq = gss_krb5_alloc_cipher_v1(ctx, &keyin);
if (ctx->seq == NULL)
goto out_err;
-
- ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,
- ctx->Ksess);
+ ctx->enc = gss_krb5_alloc_cipher_v1(ctx, &keyin);
if (ctx->enc == NULL)
goto out_free_seq;