Commit d922a84a authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Trond Myklebust

rpcgss: krb5: sanity check sealalg value in the downcall

The sealalg is checked in several places, giving the impression it could be
either SEAL_ALG_NONE or SEAL_ALG_DES.  But in fact SEAL_ALG_NONE seems to
be sufficient only for making mic's, and all the contexts we get must be
capable of wrapping as well.  So the sealalg must be SEAL_ALG_DES.  As
with signalg, just check for the right value on the downcall and ignore it
otherwise.  Similarly, tighten expectations for the sealalg on incoming
tokens, in case we do support other values eventually.
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 39a21dd1
......@@ -44,7 +44,6 @@ struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */
int seed_init;
unsigned char seed[16];
int sealalg;
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
s32 endtime;
......
......@@ -148,9 +148,11 @@ gss_import_sec_context_kerberos(const void *p,
goto out_err_free_ctx;
if (tmp != SGN_ALG_DES_MAC_MD5)
goto out_err_free_ctx;
p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
if (tmp != SEAL_ALG_DES)
goto out_err_free_ctx;
p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
if (IS_ERR(p))
goto out_err_free_ctx;
......
......@@ -87,12 +87,6 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
now = get_seconds();
if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
dprintk("RPC: gss_krb5_seal: ctx->sealalg %d not supported\n",
ctx->sealalg);
return GSS_S_FAILURE;
}
token->len = g_token_size(&ctx->mech_used, 22);
ptr = token->data;
......
......@@ -133,12 +133,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
now = get_seconds();
if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n",
kctx->sealalg);
return GSS_S_FAILURE;
}
blocksize = crypto_blkcipher_blocksize(kctx->enc);
gss_krb5_add_padding(buf, offset, blocksize);
BUG_ON((buf->len - offset) % blocksize);
......@@ -169,7 +163,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
memset(krb5_hdr + 4, 0xff, 4);
*(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
*(__be16 *)(krb5_hdr + 4) = htons(SEAL_ALG_DES);
make_confounder(msg_start, blocksize);
......@@ -245,26 +239,11 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
return GSS_S_DEFECTIVE_TOKEN;
if (sealalg == 0xffff)
if (sealalg != SEAL_ALG_DES)
return GSS_S_DEFECTIVE_TOKEN;
if (signalg != SGN_ALG_DES_MAC_MD5)
return GSS_S_DEFECTIVE_TOKEN;
/* in the current spec, there is only one valid seal algorithm per
key type, so a simple comparison is ok */
if (sealalg != kctx->sealalg)
return GSS_S_DEFECTIVE_TOKEN;
/* there are several mappings of seal algorithms to sign algorithms,
but few enough that we can try them all. */
if ((kctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
(kctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
(kctx->sealalg == SEAL_ALG_DES3KD &&
signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
return GSS_S_DEFECTIVE_TOKEN;
if (gss_decrypt_xdr_buf(kctx->enc, buf,
ptr + 22 - (unsigned char *)buf->head[0].iov_base))
return GSS_S_DEFECTIVE_TOKEN;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment