From: <gregkh@linuxfoundation.org>
To: idryomov@gmail.com, gregkh@linuxfoundation.org, sage@redhat.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "libceph: switch ceph_x_encrypt() to ceph_crypt()" has been added to the 4.9-stable tree
Date: Mon, 23 Jan 2017 16:35:12 +0100 [thread overview]
Message-ID: <1485185712181151@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
libceph: switch ceph_x_encrypt() to ceph_crypt()
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
libceph-switch-ceph_x_encrypt-to-ceph_crypt.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From d03857c63bb036edff0aa7a107276360173aca4e Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Fri, 2 Dec 2016 16:35:07 +0100
Subject: libceph: switch ceph_x_encrypt() to ceph_crypt()
From: Ilya Dryomov <idryomov@gmail.com>
commit d03857c63bb036edff0aa7a107276360173aca4e upstream.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ceph/auth_x.c | 71 ++++++++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 34 deletions(-)
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -49,22 +49,24 @@ static int ceph_x_encrypt_buflen(int ile
return ceph_x_encrypt_offset() + ilen + 16;
}
-static int ceph_x_encrypt(struct ceph_crypto_key *secret,
- void *ibuf, int ilen, void *obuf, size_t olen)
+static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf,
+ int buf_len, int plaintext_len)
{
- struct ceph_x_encrypt_header head = {
- .struct_v = 1,
- .magic = cpu_to_le64(CEPHX_ENC_MAGIC)
- };
- size_t len = olen - sizeof(u32);
+ struct ceph_x_encrypt_header *hdr = buf + sizeof(u32);
+ int ciphertext_len;
int ret;
- ret = ceph_encrypt2(secret, obuf + sizeof(u32), &len,
- &head, sizeof(head), ibuf, ilen);
+ hdr->struct_v = 1;
+ hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC);
+
+ ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32),
+ plaintext_len + sizeof(struct ceph_x_encrypt_header),
+ &ciphertext_len);
if (ret)
return ret;
- ceph_encode_32(&obuf, len);
- return len + sizeof(u32);
+
+ ceph_encode_32(&buf, ciphertext_len);
+ return sizeof(u32) + ciphertext_len;
}
static int ceph_x_decrypt(struct ceph_crypto_key *secret,
@@ -296,7 +298,7 @@ static int ceph_x_build_authorizer(struc
{
int maxlen;
struct ceph_x_authorize_a *msg_a;
- struct ceph_x_authorize_b msg_b;
+ struct ceph_x_authorize_b *msg_b;
void *p, *end;
int ret;
int ticket_blob_len =
@@ -311,7 +313,7 @@ static int ceph_x_build_authorizer(struc
goto out_au;
maxlen = sizeof(*msg_a) + ticket_blob_len +
- ceph_x_encrypt_buflen(sizeof(msg_b));
+ ceph_x_encrypt_buflen(sizeof(*msg_b));
dout(" need len %d\n", maxlen);
if (au->buf && au->buf->alloc_len < maxlen) {
ceph_buffer_put(au->buf);
@@ -345,11 +347,11 @@ static int ceph_x_build_authorizer(struc
p += ticket_blob_len;
end = au->buf->vec.iov_base + au->buf->vec.iov_len;
+ msg_b = p + ceph_x_encrypt_offset();
+ msg_b->struct_v = 1;
get_random_bytes(&au->nonce, sizeof(au->nonce));
- msg_b.struct_v = 1;
- msg_b.nonce = cpu_to_le64(au->nonce);
- ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
- p, end - p);
+ msg_b->nonce = cpu_to_le64(au->nonce);
+ ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));
if (ret < 0)
goto out_au;
@@ -455,8 +457,9 @@ static int ceph_x_build_request(struct c
if (need & CEPH_ENTITY_TYPE_AUTH) {
struct ceph_x_authenticate *auth = (void *)(head + 1);
void *p = auth + 1;
- struct ceph_x_challenge_blob tmp;
- char tmp_enc[40];
+ void *enc_buf = xi->auth_authorizer.enc_buf;
+ struct ceph_x_challenge_blob *blob = enc_buf +
+ ceph_x_encrypt_offset();
u64 *u;
if (p > end)
@@ -467,16 +470,16 @@ static int ceph_x_build_request(struct c
/* encrypt and hash */
get_random_bytes(&auth->client_challenge, sizeof(u64));
- tmp.client_challenge = auth->client_challenge;
- tmp.server_challenge = cpu_to_le64(xi->server_challenge);
- ret = ceph_x_encrypt(&xi->secret, &tmp, sizeof(tmp),
- tmp_enc, sizeof(tmp_enc));
+ blob->client_challenge = auth->client_challenge;
+ blob->server_challenge = cpu_to_le64(xi->server_challenge);
+ ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN,
+ sizeof(*blob));
if (ret < 0)
return ret;
auth->struct_v = 1;
auth->key = 0;
- for (u = (u64 *)tmp_enc; u + 1 <= (u64 *)(tmp_enc + ret); u++)
+ for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)
auth->key ^= *(__le64 *)u;
dout(" server_challenge %llx client_challenge %llx key %llx\n",
xi->server_challenge, le64_to_cpu(auth->client_challenge),
@@ -710,27 +713,27 @@ static void ceph_x_invalidate_authorizer
static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
__le64 *psig)
{
- char tmp_enc[40];
+ void *enc_buf = au->enc_buf;
struct {
__le32 len;
__le32 header_crc;
__le32 front_crc;
__le32 middle_crc;
__le32 data_crc;
- } __packed sigblock;
+ } __packed *sigblock = enc_buf + ceph_x_encrypt_offset();
int ret;
- sigblock.len = cpu_to_le32(4*sizeof(u32));
- sigblock.header_crc = msg->hdr.crc;
- sigblock.front_crc = msg->footer.front_crc;
- sigblock.middle_crc = msg->footer.middle_crc;
- sigblock.data_crc = msg->footer.data_crc;
- ret = ceph_x_encrypt(&au->session_key, &sigblock, sizeof(sigblock),
- tmp_enc, sizeof(tmp_enc));
+ sigblock->len = cpu_to_le32(4*sizeof(u32));
+ sigblock->header_crc = msg->hdr.crc;
+ sigblock->front_crc = msg->footer.front_crc;
+ sigblock->middle_crc = msg->footer.middle_crc;
+ sigblock->data_crc = msg->footer.data_crc;
+ ret = ceph_x_encrypt(&au->session_key, enc_buf, CEPHX_AU_ENC_BUF_LEN,
+ sizeof(*sigblock));
if (ret < 0)
return ret;
- *psig = *(__le64 *)(tmp_enc + sizeof(u32));
+ *psig = *(__le64 *)(enc_buf + sizeof(u32));
return 0;
}
Patches currently in stable-queue which might be from idryomov@gmail.com are
queue-4.9/libceph-switch-ceph_x_decrypt-to-ceph_crypt.patch
queue-4.9/libceph-introduce-ceph_x_encrypt_offset.patch
queue-4.9/libceph-rename-and-align-ceph_x_authorizer-reply_buf.patch
queue-4.9/libceph-ceph_x_encrypt_buflen-takes-in_len.patch
queue-4.9/libceph-introduce-ceph_crypt-for-in-place-en-decryption.patch
queue-4.9/libceph-old_key-in-process_one_ticket-is-redundant.patch
queue-4.9/libceph-tweak-calcu_signature-a-little.patch
queue-4.9/libceph-remove-now-unused-ceph_-en-de-crypt-functions.patch
queue-4.9/ceph-fix-bad-endianness-handling-in-parse_reply_info_extra.patch
queue-4.9/libceph-switch-ceph_x_encrypt-to-ceph_crypt.patch
reply other threads:[~2017-01-23 15:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485185712181151@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=idryomov@gmail.com \
--cc=sage@redhat.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.