mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-23 07:01:23 +00:00
rpcgss: krb5: sanity check sealalg value in the downcall
The sealalg is checked in several places, giving the impression it could be either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to be sufficient only for making mic's, and all the contexts we get must be capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As with signalg, just check for the right value on the downcall and ignore it otherwise. Similarly, tighten expectations for the sealalg on incoming tokens, in case we do support other values eventually. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
J. Bruce Fields
Trond Myklebust
parent
39a21dd1b0
commit
d922a84a8b
4 changed files with 5 additions and 31 deletions
|
|
@ -44,7 +44,6 @@ struct krb5_ctx {
|
|||
int initiate; /* 1 = initiating, 0 = accepting */
|
||||
int seed_init;
|
||||
unsigned char seed[16];
|
||||
int sealalg;
|
||||
struct crypto_blkcipher *enc;
|
||||
struct crypto_blkcipher *seq;
|
||||
s32 endtime;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue