On Mon, 7 Apr 2025 17:11:19 +0100 David Howells wrote:
> + aead = crypto_krb5_prepare_encryption(krb5, &TK, RXGK_CLIENT_ENC_RESPONSE, gfp);
> + if (IS_ERR(aead))
> + goto aead_error;
> + gk->resp_enc = aead;
> +
> + if (crypto_aead_blocksize(gk->resp_enc) != krb5->block_len ||
> + crypto_aead_authsize(gk->resp_enc) != krb5->cksum_len) {
> + pr_notice("algo inconsistent with krb5 table %u!=%u or %u!=%u\n",
> + crypto_aead_blocksize(gk->resp_enc), krb5->block_len,
> + crypto_aead_authsize(gk->resp_enc), krb5->cksum_len);
> + return -EINVAL;
kfree_sensitive(buffer); missing?
> + }
> +
> + if (service) {
> + switch (conn->security_level) {
> + case RXRPC_SECURITY_AUTH:
> + shash = crypto_krb5_prepare_checksum(
> + krb5, &TK, RXGK_SERVER_MIC_PACKET, gfp);
> + if (IS_ERR(shash))
> + goto hash_error;
--
pw-bot: cr
