From patchwork Wed Mar 28 17:57:22 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers@google.com>
X-Patchwork-Id: 10313759
Return-Path: <linux-nfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C6C8A60353 for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 28 Mar 2018 18:00:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B643829087
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 28 Mar 2018 18:00:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AA5AA29103; Wed, 28 Mar 2018 18:00:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D377429087
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 28 Mar 2018 18:00:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753383AbeC1SAh (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Wed, 28 Mar 2018 14:00:37 -0400
Received: from mail-pf0-f194.google.com ([209.85.192.194]:32790 "EHLO
	mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753048AbeC1SAf (ORCPT
	<rfc822; linux-nfs@vger.kernel.org>); Wed, 28 Mar 2018 14:00:35 -0400
Received: by mail-pf0-f194.google.com with SMTP id f15so1324074pfn.0
	for <linux-nfs@vger.kernel.org>; Wed, 28 Mar 2018 11:00:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=N53tbTrgn+E0xnS1w3+3b0KB5n67s1XpQga5ZcHgZ5A=;
	b=aNR6KXN4J1y3s4R99lV5GHj3TgYpyGn2/NTAQkT2aGYIYh003YgKXoeeYxKetKo1Bw
	NIAPzIfazaLlETL/pFBCAqnzeK9yqQwig9zlBfoB02mTi9JaUleSFD4TZZa7b8HPxN7C
	/CeonewRweZ6Wcc3MfKhuv7zsQ6Q/NJHHWGXzGavFbMBdWN4QQWNCdFW0vT7MWdDYNyz
	T88dIdk2PvRSpkBOIEtzmH33DjHTQmQJE+EUqdhlRxGgL15guc9bXh38xhk8BLR0gAdY
	ipEL1QJ2fphKn1fmIZIPvSDo7hxYiC+8doQS+Q8KyOs8JhGxksKctmpvAoYAPEjwSrto
	wubQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=N53tbTrgn+E0xnS1w3+3b0KB5n67s1XpQga5ZcHgZ5A=;
	b=h05bdIX+dQ7EKAxOGNUvFPKEq3dTmps8NeOOSoRC73WNLqUSNXshZQvKTuO0dtfv6B
	lPK0UjPRXj794CUMYXTTlItwGSIHgM6DorLHqXMoKSQFnmlP6Njs/npUm0rZdbQHQknG
	ZYM4T0tB2Saczvjcd8V5W3AuxwzYs+0vGtpOyKL86Xs26txrt8JLw/5hOS9ZyueqFXeF
	Jr8bNN7INcSbHrIbbfvLnAUOOwKamzZ1N22vV7XLkFbXyxB6B6NjMC2mize8oEQdT0jb
	tWf+H72ebEkoUyfhPyw1XkCRMcBEut1WPDPqqWrrLMKLa8eP9dWm2Tn3vADZuGdhHNJD
	UHCg==
X-Gm-Message-State: AElRT7HBUDkuoNZCesFoH7bXVGTas4DpF8fLykm5so7jYWqvT+Kzy/Xo
	r2sSKJAXI2fwJbDngu5qu+Tnmw==
X-Google-Smtp-Source: 
 AIpwx4/AjREhkQCkUVPSelr/O4zT0W3a4qlgPBWFZaAF4//hibnnS17WaAw1ohGwzwrwzESVsG3KiA==
X-Received: by 10.99.95.84 with SMTP id t81mr3093588pgb.400.1522260034831;
	Wed, 28 Mar 2018 11:00:34 -0700 (PDT)
Received: from ebiggers-linuxstation.kir.corp.google.com
	([2620:15c:17:3:dc28:5c82:b905:e8a8])
	by smtp.gmail.com with ESMTPSA id
	b5sm8487407pgn.8.2018.03.28.11.00.33
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 28 Mar 2018 11:00:33 -0700 (PDT)
From: Eric Biggers <ebiggers@google.com>
To: Trond Myklebust <trond.myklebust@primarydata.com>,
	Anna Schumaker <anna.schumaker@netapp.com>,
	"J . Bruce Fields" <bfields@fieldses.org>,
	Jeff Layton <jlayton@kernel.org>, linux-nfs@vger.kernel.org
Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Michael Young <m.a.young@durham.ac.uk>,
	Eric Biggers <ebiggers@google.com>, stable@vger.kernel.org
Subject: [PATCH] sunrpc: remove incorrect HMAC request initialization
Date: Wed, 28 Mar 2018 10:57:22 -0700
Message-Id: <20180328175722.193355-1-ebiggers@google.com>
X-Mailer: git-send-email 2.17.0.rc1.321.gba9d0f2565-goog
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

make_checksum_hmac_md5() is allocating an HMAC transform and doing
crypto API calls in the following order:

    crypto_ahash_init()
    crypto_ahash_setkey()
    crypto_ahash_digest()

This is wrong because it makes no sense to init() the request before a
key has been set, given that the initial state depends on the key.  And
digest() is short for init() + update() + final(), so in this case
there's no need to explicitly call init() at all.

Before commit 9fa68f620041 ("crypto: hash - prevent using keyed hashes
without setting key") the extra init() had no real effect, at least for
the software HMAC implementation.  (There are also hardware drivers that
implement HMAC-MD5, and it's not immediately obvious how gracefully they
handle init() before setkey().)  But now the crypto API detects this
incorrect initialization and returns -ENOKEY.  This is breaking NFS
mounts in some cases.

Fix it by removing the incorrect call to crypto_ahash_init().

Reported-by: Michael Young <m.a.young@durham.ac.uk>
Fixes: 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key")
Fixes: fffdaef2eb4a ("gss_krb5: Add support for rc4-hmac encryption")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 12649c9fedab..8654494b4d0a 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -237,9 +237,6 @@ make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen,
 
 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
 
-	err = crypto_ahash_init(req);
-	if (err)
-		goto out;
 	err = crypto_ahash_setkey(hmac_md5, cksumkey, kctx->gk5e->keylength);
 	if (err)
 		goto out;