• Eric Biggers's avatar
    sunrpc: remove incorrect HMAC request initialization · 994baf8a
    Eric Biggers authored
    commit f3aefb6a upstream.
    
    make_checksum_hmac_md5() is allocating an HMAC transform and doing
    crypto API calls in the following order:
    
        crypto_ahash_init()
        crypto_ahash_setkey()
        crypto_ahash_digest()
    
    This is wrong because it makes no sense to init() the request before a
    key has been set, given that the initial state depends on the key.  And
    digest() is short for init() + update() + final(), so in this case
    there's no need to explicitly call init() at all.
    
    Before commit 9fa68f62 ("crypto: hash - prevent using keyed hashes
    without setting key") the extra init() had no real effect, at least for
    the software HMAC implementation.  (There are also hardware drivers that
    implement HMAC-MD5, and it's not immediately obvious how gracefully they
    handle init() before setkey().)  But now the crypto API detects this
    incorrect initialization and returns -ENOKEY.  This is breaking NFS
    mounts in some cases.
    
    Fix it by removing the incorrect call to crypto_ahash_init().
    Reported-by: default avatarMichael Young <m.a.young@durham.ac.uk>
    Fixes: 9fa68f62 ("crypto: hash - prevent using keyed hashes without setting key")
    Fixes: fffdaef2 ("gss_krb5: Add support for rc4-hmac encryption")
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    994baf8a
gss_krb5_crypto.c 26.8 KB