/* * linux/net/sunrpc/gss_krb5_seqnum.c * * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/util_seqnum.c * * Copyright (c) 2000 The Regents of the University of Michigan. * All rights reserved. * * Andy Adamson */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) # define RPCDBG_FACILITY RPCDBG_AUTH #endif static s32 krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum, unsigned char *cksum, unsigned char *buf) { struct crypto_skcipher *cipher; unsigned char plain[8]; s32 code; dprintk("RPC: %s:\n", __func__); cipher = crypto_alloc_skcipher(kctx->gk5e->encrypt_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(cipher)) return PTR_ERR(cipher); plain[0] = (unsigned char) ((seqnum >> 24) & 0xff); plain[1] = (unsigned char) ((seqnum >> 16) & 0xff); plain[2] = (unsigned char) ((seqnum >> 8) & 0xff); plain[3] = (unsigned char) ((seqnum >> 0) & 0xff); plain[4] = direction; plain[5] = direction; plain[6] = direction; plain[7] = direction; code = krb5_rc4_setup_seq_key(kctx, cipher, cksum); if (code) goto out; code = krb5_encrypt(cipher, cksum, plain, buf, 8); out: crypto_free_skcipher(cipher); return code; } s32 krb5_make_seq_num(struct krb5_ctx *kctx, struct crypto_skcipher *key, int direction, u32 seqnum, unsigned char *cksum, unsigned char *buf) { unsigned char plain[8]; if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_make_rc4_seq_num(kctx, direction, seqnum, cksum, buf); plain[0] = (unsigned char) (seqnum & 0xff); plain[1] = (unsigned char) ((seqnum >> 8) & 0xff); plain[2] = (unsigned char) ((seqnum >> 16) & 0xff); plain[3] = (unsigned char) ((seqnum >> 24) & 0xff); plain[4] = direction; plain[5] = direction; plain[6] = direction; plain[7] = direction; return krb5_encrypt(key, cksum, plain, buf, 8); } static s32 krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum, unsigned char *buf, int *direction, s32 *seqnum) { struct crypto_skcipher *cipher; unsigned char plain[8]; s32 code; dprintk("RPC: %s:\n", __func__); cipher = crypto_alloc_skcipher(kctx->gk5e->encrypt_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(cipher)) return PTR_ERR(cipher); code = krb5_rc4_setup_seq_key(kctx, cipher, cksum); if (code) goto out; code = krb5_decrypt(cipher, cksum, buf, plain, 8); if (code) goto out; if ((plain[4] != plain[5]) || (plain[4] != plain[6]) || (plain[4] != plain[7])) { code = (s32)KG_BAD_SEQ; goto out; } *direction = plain[4]; *seqnum = ((plain[0] << 24) | (plain[1] << 16) | (plain[2] << 8) | (plain[3])); out: crypto_free_skcipher(cipher); return code; } s32 krb5_get_seq_num(struct krb5_ctx *kctx, unsigned char *cksum, unsigned char *buf, int *direction, u32 *seqnum) { s32 code; unsigned char plain[8]; struct crypto_skcipher *key = kctx->seq; dprintk("RPC: krb5_get_seq_num:\n"); if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_get_rc4_seq_num(kctx, cksum, buf, direction, seqnum); if ((code = krb5_decrypt(key, cksum, buf, plain, 8))) return code; if ((plain[4] != plain[5]) || (plain[4] != plain[6]) || (plain[4] != plain[7])) return (s32)KG_BAD_SEQ; *direction = plain[4]; *seqnum = ((plain[0]) | (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24)); return 0; } 'right'>2017-01-27 12:36:39 -0800 committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-27 12:36:39 -0800 commit2fb78e89405f4321b86274a0c24b30896dd50529 (patch) tree4de241e242441b80bd3f0022fc546bb07374571f /net/ipv4/fib_semantics.c parentdd3b9f25c867cb2507a45e436d6ede8eb08e7b05 (diff)parentc14024dbb156c8392908aaa822097d27c6af8ec8 (diff)
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe: "A set of fixes for this series. This contains: - Set of fixes for the nvme target code - A revert of patch from this merge window, causing a regression with WRITE_SAME on iSCSI targets at least. - A fix for a use-after-free in the new O_DIRECT bdev code. - Two fixes for the xen-blkfront driver" * 'for-linus' of git://git.kernel.dk/linux-block: Revert "sd: remove __data_len hack for WRITE SAME" nvme-fc: use blk_rq_nr_phys_segments nvmet-rdma: Fix missing dma sync to nvme data structures nvmet: Call fatal_error from keep-alive timout expiration nvmet: cancel fatal error and flush async work before free controller nvmet: delete controllers deletion upon subsystem release nvmet_fc: correct logic in disconnect queue LS handling block: fix use after free in __blkdev_direct_IO xen-blkfront: correct maximum segment accounting xen-blkfront: feature flags handling adjustments
Diffstat (limited to 'net/ipv4/fib_semantics.c')