SUNRPC: Remove .blocksize field from struct gss_krb5_enctype

It is not clear from documenting comments, specifications, or code
usage what value the gss_krb5_enctype.blocksize field is supposed
to store. The "encryption blocksize" depends only on the cipher
being used, so that value can be derived where it's needed instead
of stored as a constant.

RFC 3961 Section 5.2 says:

> cipher block size, c
>    This is the block size of the block cipher underlying the
>    encryption and decryption functions indicated above, used for key
>    derivation and for the size of the message confounder and initial
>    vector.  (If a block cipher is not in use, some comparable
>    parameter should be determined.)  It must be at least 5 octets.
>
>    This is not actually an independent parameter; rather, it is a
>    property of the functions E and D.  It is listed here to clarify
>    the distinction between it and the message block size, m.

In the Linux kernel's implemenation of the SunRPC RPCSEC GSS
Kerberos 5 mechanism, the cipher block size, which is dependent on
the encryption and decryption transforms, is used only in
krb5_derive_key(), so it is straightforward to replace it.

Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 0135139ddf20ec41d506b7ed4b2fce754a966c4a..9a833825b55baa56d0bd4fcee489cd4448321669 100644 (file)
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -64,7 +64,6 @@ struct gss_krb5_enctype {
        const char              *cksum_name;    /* crypto checksum name */
        const u16               signalg;        /* signing algorithm */
        const u16               sealalg;        /* sealing algorithm */
-       const u32               blocksize;      /* encryption blocksize */
        const u32               conflen;        /* confounder length
                                                   (normally the same as
                                                   the blocksize) */

diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c
index 726c076950c042fbc86a68c08fedb715bfd1056b..554cfd23f2889df388117222d006929d7ea54ad9 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_keys.c
+++ b/net/sunrpc/auth_gss/gss_krb5_keys.c
@@ -150,7 +150,6 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
        struct crypto_sync_skcipher *cipher;
        u32 ret = EINVAL;
 
-       blocksize = gk5e->blocksize;
        keybytes = gk5e->keybytes;
        keylength = gk5e->keylength;
 
@@ -160,11 +159,10 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
        cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
        if (IS_ERR(cipher))
                goto err_return;
+       blocksize = crypto_sync_skcipher_blocksize(cipher);
        if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len))
                goto err_return;
 
-       /* allocate and set up buffers */
-
        ret = ENOMEM;
        inblockdata = kmalloc(blocksize, gfp_mask);
        if (inblockdata == NULL)

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 1c092b05c2bba01e8181a4140d58eee2f1b057b7..dd85fc9ca80bbc648592245d0c411dac0752170d 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -47,7 +47,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = SEAL_ALG_DES,
          .keybytes = 7,
          .keylength = 8,
-         .blocksize = 8,
          .conflen = 8,
          .cksumlength = 8,
          .keyed_cksum = 0,
@@ -69,7 +68,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = SEAL_ALG_DES3KD,
          .keybytes = 21,
          .keylength = 24,
-         .blocksize = 8,
          .conflen = 8,
          .cksumlength = 20,
          .keyed_cksum = 1,
@@ -92,7 +90,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = -1,
          .keybytes = 16,
          .keylength = 16,
-         .blocksize = 16,
          .conflen = 16,
          .cksumlength = 12,
          .keyed_cksum = 1,
@@ -115,7 +112,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
          .sealalg = -1,
          .keybytes = 32,
          .keylength = 32,
-         .blocksize = 16,
          .conflen = 16,
          .cksumlength = 12,
          .keyed_cksum = 1,