gss_krb5: Use random value to initialize confounder

Initialize the value used for the confounder to a random value
rather than starting from zero.
Allow for confounders of length 8 or 16 (which will be needed for AES).

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

1 files changed, 18 insertions, 4 deletions

diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 283cb25c6237..ae8e69b59c4c 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -87,8 +87,8 @@ out:
         return 0;
 }
 
-static inline void
-make_confounder(char *p, int blocksize)
+static void
+make_confounder(char *p, u32 conflen)
 {
         static u64 i = 0;
         u64 *q = (u64 *)p;
@@ -102,8 +102,22 @@ make_confounder(char *p, int blocksize)
          * uniqueness would mean worrying about atomicity and rollover, and I
          * don't care enough. */
 
-        BUG_ON(blocksize != 8);
-        *q = i++;
+        /* initialize to random value */
+        if (i == 0) {
+                i = random32();
+                i = (i << 32) | random32();
+        }
+
+        switch (conflen) {
+        case 16:
+                *q++ = i++;
+                /* fall through */
+        case 8:
+                *q++ = i++;
+                break;
+        default:
+                BUG();
+        }
 }
 
 /* Assumptions: the head and tail of inbuf are ours to play with.