SUNRPC: Obscure Kerberos signing keys

There's no need to keep the signing keys around if we instead allocate and key an ahash and keep that. This not only enables the subkeys to be destroyed immediately after deriving them, but it makes the Kerberos signing code path more efficient. Tested-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
author: Chuck Lever <chuck.lever@oracle.com> 2023-01-15 12:21:07 -0500
committer: Chuck Lever <chuck.lever@oracle.com> 2023-02-20 09:20:35 -0500
commit: 2dbe0cac3cd6d747579b0b347145326eddfd4e5c (patch)
tree: 318337d99016ac4ec834e841712c9d26d9fc941a /net/sunrpc/auth_gss/gss_krb5_internal.h
parent: 9f0b49f933ab1ec5e7140a43eec72b0c5181cabf (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h
index 16a83d507075..42f7fd0bbf3a 100644
--- a/net/sunrpc/auth_gss/gss_krb5_internal.h
+++ b/net/sunrpc/auth_gss/gss_krb5_internal.h
@@ -10,4 +10,8 @@
 
 void krb5_make_confounder(u8 *p, int conflen);
 
+u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen,
+		      const struct xdr_buf *body, int body_offset,
+		      struct xdr_netobj *cksumout);
+
 #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
author	Chuck Lever <chuck.lever@oracle.com>	2023-01-15 12:21:07 -0500
committer	Chuck Lever <chuck.lever@oracle.com>	2023-02-20 09:20:35 -0500
commit	2dbe0cac3cd6d747579b0b347145326eddfd4e5c (patch)
tree	318337d99016ac4ec834e841712c9d26d9fc941a /net/sunrpc/auth_gss/gss_krb5_internal.h
parent	9f0b49f933ab1ec5e7140a43eec72b0c5181cabf (diff)