lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <18b6d0b07d1c108f3c6ae5597136107768ea05e7.camel@kernel.org>
Date: Mon, 03 Feb 2025 06:17:48 -0500
From: Jeff Layton <jlayton@...nel.org>
To: linux@...blig.org, trondmy@...nel.org, anna@...nel.org, 
	chuck.lever@...cle.com, neilb@...e.de, okorniev@...hat.com,
 Dai.Ngo@...cle.com, 	tom@...pey.com
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, 	horms@...nel.org, linux-nfs@...r.kernel.org,
 netdev@...r.kernel.org, 	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] SUNRPC: Remove unused make_checksum

On Mon, 2025-02-03 at 02:07 +0000, linux@...blig.org wrote:
> From: "Dr. David Alan Gilbert" <linux@...blig.org>
> 
> Commit ec596aaf9b48 ("SUNRPC: Remove code behind
> CONFIG_RPCSEC_GSS_KRB5_SIMPLIFIED") was the last user of the
> make_checksum() function.
> 
> Remove it.
> 
> Signed-off-by: Dr. David Alan Gilbert <linux@...blig.org>
> ---
>  net/sunrpc/auth_gss/gss_krb5_crypto.c   | 90 -------------------------
>  net/sunrpc/auth_gss/gss_krb5_internal.h |  4 --
>  2 files changed, 94 deletions(-)
> 
> diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
> index 7e09b15c5538..8f2d65c1e831 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
> @@ -148,96 +148,6 @@ checksummer(struct scatterlist *sg, void *data)
>  	return crypto_ahash_update(req);
>  }
>  
> -/*
> - * checksum the plaintext data and hdrlen bytes of the token header
> - * The checksum is performed over the first 8 bytes of the
> - * gss token header and then over the data body
> - */
> -u32
> -make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
> -	      struct xdr_buf *body, int body_offset, u8 *cksumkey,
> -	      unsigned int usage, struct xdr_netobj *cksumout)
> -{
> -	struct crypto_ahash *tfm;
> -	struct ahash_request *req;
> -	struct scatterlist              sg[1];
> -	int err = -1;
> -	u8 *checksumdata;
> -	unsigned int checksumlen;
> -
> -	if (cksumout->len < kctx->gk5e->cksumlength) {
> -		dprintk("%s: checksum buffer length, %u, too small for %s\n",
> -			__func__, cksumout->len, kctx->gk5e->name);
> -		return GSS_S_FAILURE;
> -	}
> -
> -	checksumdata = kmalloc(GSS_KRB5_MAX_CKSUM_LEN, GFP_KERNEL);
> -	if (checksumdata == NULL)
> -		return GSS_S_FAILURE;
> -
> -	tfm = crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
> -	if (IS_ERR(tfm))
> -		goto out_free_cksum;
> -
> -	req = ahash_request_alloc(tfm, GFP_KERNEL);
> -	if (!req)
> -		goto out_free_ahash;
> -
> -	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
> -
> -	checksumlen = crypto_ahash_digestsize(tfm);
> -
> -	if (cksumkey != NULL) {
> -		err = crypto_ahash_setkey(tfm, cksumkey,
> -					  kctx->gk5e->keylength);
> -		if (err)
> -			goto out;
> -	}
> -
> -	err = crypto_ahash_init(req);
> -	if (err)
> -		goto out;
> -	sg_init_one(sg, header, hdrlen);
> -	ahash_request_set_crypt(req, sg, NULL, hdrlen);
> -	err = crypto_ahash_update(req);
> -	if (err)
> -		goto out;
> -	err = xdr_process_buf(body, body_offset, body->len - body_offset,
> -			      checksummer, req);
> -	if (err)
> -		goto out;
> -	ahash_request_set_crypt(req, NULL, checksumdata, 0);
> -	err = crypto_ahash_final(req);
> -	if (err)
> -		goto out;
> -
> -	switch (kctx->gk5e->ctype) {
> -	case CKSUMTYPE_RSA_MD5:
> -		err = krb5_encrypt(kctx->seq, NULL, checksumdata,
> -				   checksumdata, checksumlen);
> -		if (err)
> -			goto out;
> -		memcpy(cksumout->data,
> -		       checksumdata + checksumlen - kctx->gk5e->cksumlength,
> -		       kctx->gk5e->cksumlength);
> -		break;
> -	case CKSUMTYPE_HMAC_SHA1_DES3:
> -		memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength);
> -		break;
> -	default:
> -		BUG();
> -		break;
> -	}
> -	cksumout->len = kctx->gk5e->cksumlength;
> -out:
> -	ahash_request_free(req);
> -out_free_ahash:
> -	crypto_free_ahash(tfm);
> -out_free_cksum:
> -	kfree(checksumdata);
> -	return err ? GSS_S_FAILURE : 0;
> -}
> -
>  /**
>   * gss_krb5_checksum - Compute the MAC for a GSS Wrap or MIC token
>   * @tfm: an initialized hash transform
> diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h
> index 0bda0078d7d8..8769e9e705bf 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_internal.h
> +++ b/net/sunrpc/auth_gss/gss_krb5_internal.h
> @@ -155,10 +155,6 @@ static inline int krb5_derive_key(struct krb5_ctx *kctx,
>  
>  void krb5_make_confounder(u8 *p, int conflen);
>  
> -u32 make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
> -		  struct xdr_buf *body, int body_offset, u8 *cksumkey,
> -		  unsigned int usage, struct xdr_netobj *cksumout);
> -
>  u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen,
>  		      const struct xdr_buf *body, int body_offset,
>  		      struct xdr_netobj *cksumout);
> -- 
> 2.48.1
> 

Reviewed-by: Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ