From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Johannes Berg <johannes@sipsolutions.net>,
linux-cifs@vger.kernel.org, Steve French <sfrench@samba.org>
Subject: Re: [PATCH v3 7/7] fs: cifs: switch to RC4 library interface
Date: Tue, 11 Jun 2019 11:17:35 -0700 [thread overview]
Message-ID: <20190611181735.GE66728@gmail.com> (raw)
In-Reply-To: <20190611134750.2974-8-ard.biesheuvel@linaro.org>
On Tue, Jun 11, 2019 at 03:47:50PM +0200, Ard Biesheuvel wrote:
> The CIFS code uses the sync skcipher API to invoke the ecb(arc4) skcipher,
> of which only a single generic C code implementation exists. This means
> that going through all the trouble of using scatterlists etc buys us
> very little, and we're better off just invoking the arc4 library directly.
>
> Cc: linux-cifs@vger.kernel.org
> Cc: Steve French <sfrench@samba.org>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> fs/cifs/Kconfig | 2 +-
> fs/cifs/cifsencrypt.c | 53 ++++++--------------
> 2 files changed, 16 insertions(+), 39 deletions(-)
>
> diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
> index aae2b8b2adf5..523e9ea78a28 100644
> --- a/fs/cifs/Kconfig
> +++ b/fs/cifs/Kconfig
> @@ -10,7 +10,7 @@ config CIFS
> select CRYPTO_SHA512
> select CRYPTO_CMAC
> select CRYPTO_HMAC
> - select CRYPTO_ARC4
> + select CRYPTO_LIB_ARC4
> select CRYPTO_AEAD2
> select CRYPTO_CCM
> select CRYPTO_ECB
Since the "arc4" module is no longer needed, the
MODULE_SOFTDEP("pre: arc4");
in fs/cifs/cifsfs.c should be removed too.
(Note that it doesn't need a soft dependency on libarc4 instead, since the cifs
module will link directly to it.)
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index d2a05e46d6f5..3b7b5e83493d 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -33,7 +33,8 @@
> #include <linux/ctype.h>
> #include <linux/random.h>
> #include <linux/highmem.h>
> -#include <crypto/skcipher.h>
> +#include <linux/fips.h>
> +#include <crypto/arc4.h>
> #include <crypto/aead.h>
>
> int __cifs_calc_signature(struct smb_rqst *rqst,
> @@ -772,11 +773,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
> int
> calc_seckey(struct cifs_ses *ses)
> {
> - int rc;
> - struct crypto_skcipher *tfm_arc4;
> - struct scatterlist sgin, sgout;
> - struct skcipher_request *req;
> + struct arc4_ctx *ctx_arc4;
> unsigned char *sec_key;
> + int rc = 0;
> +
> + if (fips_enabled)
> + return -ENODEV;
>
> sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
> if (sec_key == NULL)
sec_key should be moved back to the stack now, basically reverting this commit:
commit 5f4b55699aaff1028468e3f53853d781cdafedd6
Author: Sachin Prabhu <sprabhu@redhat.com>
Date: Mon Oct 17 16:40:22 2016 -0400
CIFS: Fix BUG() in calc_seckey()
It was only moved to the heap because it had to go in a scatterlist.
> + arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE);
> + arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key,
> + CIFS_CPHTXT_SIZE);
>
> /* make secondary_key/nonce as session key */
> memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE);
> /* and make len as that of session key only */
> ses->auth_key.len = CIFS_SESS_KEY_SIZE;
>
> -out_free_cipher:
> - crypto_free_skcipher(tfm_arc4);
> out:
> + kfree(ctx_arc4);
Should be kzfree().
- Eric
prev parent reply other threads:[~2019-06-11 18:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-11 13:47 [PATCH v3 0/7] crypto: rc4 cleanup Ard Biesheuvel
2019-06-11 13:47 ` [PATCH v3 1/7] crypto: arc4 - refactor arc4 core code into separate library Ard Biesheuvel
2019-06-11 13:47 ` [PATCH v3 2/7] net/mac80211: move WEP handling to ARC4 library interface Ard Biesheuvel
2019-06-11 13:51 ` Johannes Berg
2019-06-11 13:53 ` Ard Biesheuvel
2019-06-11 13:55 ` Johannes Berg
2019-06-11 13:56 ` Ard Biesheuvel
2019-06-11 13:58 ` Johannes Berg
2019-06-11 17:54 ` Eric Biggers
2019-06-11 13:47 ` [PATCH v3 3/7] net/lib80211: move WEP handling to ARC4 library code Ard Biesheuvel
2019-06-11 17:59 ` Eric Biggers
2019-06-11 13:47 ` [PATCH v3 4/7] net/lib80211: move TKIP " Ard Biesheuvel
2019-06-11 13:47 ` [PATCH v3 5/7] crypto: arc4 - remove cipher implementation Ard Biesheuvel
2019-06-11 17:39 ` Eric Biggers
2019-06-12 15:33 ` Eric Biggers
2019-06-12 15:39 ` Ard Biesheuvel
2019-06-11 13:47 ` [PATCH v3 6/7] ppp: mppe: switch to RC4 library interface Ard Biesheuvel
2019-06-11 13:47 ` Ard Biesheuvel
2019-06-11 18:08 ` Eric Biggers
2019-06-11 18:08 ` Eric Biggers
2019-06-11 13:47 ` [PATCH v3 7/7] fs: cifs: " Ard Biesheuvel
2019-06-11 18:17 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190611181735.GE66728@gmail.com \
--to=ebiggers@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=johannes@sipsolutions.net \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.