diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-04-06 12:00:21 -0500 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-04-06 12:00:21 -0500 |
commit | 5bf5e37a7486ccdfd14568b43d80c148729a5483 (patch) | |
tree | 27273118bf39dbabe17100fea4fb2e9614f1736c /sunrpc-remove-incorrect-HMAC-request-initialization.patch | |
parent | 9664f61c53daecbcfe15acdae46d0d1c47d63696 (diff) | |
download | kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.gz kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.xz kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.zip |
Linux v4.16-9576-g38c23685b273
Diffstat (limited to 'sunrpc-remove-incorrect-HMAC-request-initialization.patch')
-rw-r--r-- | sunrpc-remove-incorrect-HMAC-request-initialization.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/sunrpc-remove-incorrect-HMAC-request-initialization.patch b/sunrpc-remove-incorrect-HMAC-request-initialization.patch deleted file mode 100644 index c31bb73bb..000000000 --- a/sunrpc-remove-incorrect-HMAC-request-initialization.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5cdbcf4aa78b57c4f10892f20725174829cca191 Mon Sep 17 00:00:00 2001 -From: Eric Biggers <ebiggers@google.com> -Date: Wed, 28 Mar 2018 10:57:22 -0700 -Subject: [PATCH] sunrpc: remove incorrect HMAC request initialization - -make_checksum_hmac_md5() is allocating an HMAC transform and doing -crypto API calls in the following order: - - crypto_ahash_init() - crypto_ahash_setkey() - crypto_ahash_digest() - -This is wrong because it makes no sense to init() the request before a -key has been set, given that the initial state depends on the key. And -digest() is short for init() + update() + final(), so in this case -there's no need to explicitly call init() at all. - -Before commit 9fa68f620041 ("crypto: hash - prevent using keyed hashes -without setting key") the extra init() had no real effect, at least for -the software HMAC implementation. (There are also hardware drivers that -implement HMAC-MD5, and it's not immediately obvious how gracefully they -handle init() before setkey().) But now the crypto API detects this -incorrect initialization and returns -ENOKEY. This is breaking NFS -mounts in some cases. - -Fix it by removing the incorrect call to crypto_ahash_init(). - -Reported-by: Michael Young <m.a.young@durham.ac.uk> -Fixes: 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key") -Fixes: fffdaef2eb4a ("gss_krb5: Add support for rc4-hmac encryption") -Cc: stable@vger.kernel.org -Signed-off-by: Eric Biggers <ebiggers@google.com> -Signed-off-by: Jeremy Cline <jeremy@jcline.org> ---- - net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c -index 12649c9fedab..8654494b4d0a 100644 ---- a/net/sunrpc/auth_gss/gss_krb5_crypto.c -+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c -@@ -237,9 +237,6 @@ make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen, - - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); - -- err = crypto_ahash_init(req); -- if (err) -- goto out; - err = crypto_ahash_setkey(hmac_md5, cksumkey, kctx->gk5e->keylength); - if (err) - goto out; --- -2.16.2 - |