Re: How to get my krb5 crypto lib upstream?

From: David Howells
Date: Wed May 31 2023 - 16:09:02 EST

Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote:

> > int crypto_krb5_decrypt(const struct krb5_enctype *krb5,
> > struct krb5_enc_keys *keys,
> > struct scatterlist *sg, unsigned int nr_sg,
> So are we going to stick with struct scatterlist here,
> or should it be rather an iterator of some kind?

For my purposes, a scatterlist is more useful as I have an skbuff to work
with - plus I have to pass a scatterlist into the crypto functions inside of
the krb5 lib.

> It's not clear why something like this would need to be
> exposed to crypto/krb5 consumers. There are a few items
> in here that XDR needs to know about (lengths and such)
> but that kind of thing can be provided by a function
> call rather than by having direct access to a structure.

Fair point. In rxgk, I use key_len, key_bytes, block_len, cksum_len plus the
name for procfs purposes. I also wonder if I need separate key_len and
key_bytes if I'm not supporting DES (DES keys gets expanded IIRC). Also, some
of the checks I'm doing could perhaps be moved into the krb5 lib.

The krb5 selftest code makes use of more of the fields, but I guess that's
internal to krb5lib.