kernel/linux.git/net/ceph/auth_x.c, branch linux-4.13.y Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-4.13.y 2017-05-23T18:32:28+00:00 libceph: fix error handling in process_one_ticket() 2017-05-23T18:32:28+00:00 Ilya Dryomov idryomov@gmail.com 2017-05-19T12:24:36+00:00 urn:sha1:b51456a6096ebf9f4ceb2cc7e176b471d4b70af0 Don't leak key internals after new_session_key is populated. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Alex Elder <elder@linaro.org> libceph: validate blob_struct_v in process_one_ticket() 2017-05-23T18:32:25+00:00 Ilya Dryomov idryomov@gmail.com 2017-05-19T10:21:56+00:00 urn:sha1:d18a1247c4070390fc0c2d83d89a72afe921882e None of these are validated in userspace, but since we do validate reply_struct_v in ceph_x_proc_ticket_reply(), tkt_struct_v (first) and CephXServiceTicket struct_v (second) in process_one_ticket(), validate CephXTicketBlob struct_v as well. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Alex Elder <elder@linaro.org> libceph: drop len argument of *verify_authorizer_reply() 2016-12-12T22:09:21+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:09+00:00 urn:sha1:0dde584882ade13dc9708d611fbf69b0ae8a9e48 The length of the reply is protocol-dependent - for cephx it's ceph_x_authorize_reply. Nothing sensible can be passed from the messenger layer anyway. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: switch ceph_x_decrypt() to ceph_crypt() 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:08+00:00 urn:sha1:e15fd0a11db00fc7f470a9fc804657ec3f6d04a5 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: switch ceph_x_encrypt() to ceph_crypt() 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:07+00:00 urn:sha1:d03857c63bb036edff0aa7a107276360173aca4e Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: tweak calcu_signature() a little 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:07+00:00 urn:sha1:4eb4517ce7c9c573b6c823de403aeccb40018cfc - replace an ad-hoc array with a struct - rename to calc_signature() for consistency Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: rename and align ceph_x_authorizer::reply_buf 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:07+00:00 urn:sha1:7882a26d2e2e520099e2961d5e2e870f8e4172dc It's going to be used as a temporary buffer for in-place en/decryption with ceph_crypt() instead of on-stack buffers, so rename to enc_buf. Ensure alignment to avoid GFP_ATOMIC allocations in the crypto stack. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: introduce ceph_x_encrypt_offset() 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:07+00:00 urn:sha1:55d9cc834f933698fc864f0d36f3cca533d30a8d Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: old_key in process_one_ticket() is redundant 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:06+00:00 urn:sha1:462e650451c577d15eeb4d883d70fa9e4e529fad Since commit 0a990e709356 ("ceph: clean up service ticket decoding"), th->session_key isn't assigned until everything is decoded. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> libceph: ceph_x_encrypt_buflen() takes in_len 2016-12-12T22:09:19+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:06+00:00 urn:sha1:36721ece1e84a25130c4befb930509b3f96de020 Pass what's going to be encrypted - that's msg_b, not ticket_blob. ceph_x_encrypt_buflen() returns the upper bound, so this doesn't change the maxlen calculation, but makes it a bit clearer. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com>