From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: dhowells@redhat.com, linux-afs@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: [PATCH net-next 13/23] rxrpc: Merge prime_packet_security into init_connection_security
Date: Thu, 01 Oct 2020 15:58:13 +0100 [thread overview]
Message-ID: <160156429325.1728886.13596879825837068396.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <160156420377.1728886.5309670328610130816.stgit@warthog.procyon.org.uk>
Merge the ->prime_packet_security() into the ->init_connection_security()
hook as they're always called together.
Signed-off-by: David Howells <dhowells@redhat.com>
---
net/rxrpc/ar-internal.h | 2 --
net/rxrpc/conn_client.c | 6 ------
net/rxrpc/conn_event.c | 4 ----
net/rxrpc/insecure.c | 6 ------
net/rxrpc/rxkad.c | 20 +++++++++++++++-----
5 files changed, 15 insertions(+), 23 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 5aacd6d7cf28..a3b3901bc7f7 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -219,8 +219,6 @@ struct rxrpc_security {
/* initialise a connection's security */
int (*init_connection_security)(struct rxrpc_connection *);
- /* prime a connection's packet security */
- int (*prime_packet_security)(struct rxrpc_connection *);
/* impose security on a packet */
int (*secure_packet)(struct rxrpc_call *,
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 7e574c75be8e..dbea0bfee48e 100644
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -180,10 +180,6 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp)
if (ret < 0)
goto error_1;
- ret = conn->security->prime_packet_security(conn);
- if (ret < 0)
- goto error_2;
-
atomic_inc(&rxnet->nr_conns);
write_lock(&rxnet->conn_lock);
list_add_tail(&conn->proc_link, &rxnet->conn_proc_list);
@@ -203,8 +199,6 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp)
_leave(" = %p", conn);
return conn;
-error_2:
- conn->security->clear(conn);
error_1:
rxrpc_put_client_connection_id(conn);
error_0:
diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c
index aff184145ffa..abe761c66f67 100644
--- a/net/rxrpc/conn_event.c
+++ b/net/rxrpc/conn_event.c
@@ -337,10 +337,6 @@ static int rxrpc_process_event(struct rxrpc_connection *conn,
if (ret < 0)
return ret;
- ret = conn->security->prime_packet_security(conn);
- if (ret < 0)
- return ret;
-
spin_lock(&conn->bundle->channel_lock);
spin_lock_bh(&conn->state_lock);
diff --git a/net/rxrpc/insecure.c b/net/rxrpc/insecure.c
index f6c59f5fae9d..a9c3959810ea 100644
--- a/net/rxrpc/insecure.c
+++ b/net/rxrpc/insecure.c
@@ -13,11 +13,6 @@ static int none_init_connection_security(struct rxrpc_connection *conn)
return 0;
}
-static int none_prime_packet_security(struct rxrpc_connection *conn)
-{
- return 0;
-}
-
static int none_secure_packet(struct rxrpc_call *call,
struct sk_buff *skb,
size_t data_size,
@@ -86,7 +81,6 @@ const struct rxrpc_security rxrpc_no_security = {
.init = none_init,
.exit = none_exit,
.init_connection_security = none_init_connection_security,
- .prime_packet_security = none_prime_packet_security,
.free_call_crypto = none_free_call_crypto,
.secure_packet = none_secure_packet,
.verify_packet = none_verify_packet,
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index f114dc2af5cf..5e10e0f9d7b7 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -37,6 +37,9 @@ struct rxkad_level2_hdr {
__be32 checksum; /* decrypted data checksum */
};
+static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
+ struct crypto_sync_skcipher *ci);
+
/*
* this holds a pinned cipher so that keventd doesn't get called by the cipher
* alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
@@ -87,8 +90,15 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn)
goto error;
}
+ ret = rxkad_prime_packet_security(conn, ci);
+ if (ret < 0)
+ goto error_ci;
+
conn->cipher = ci;
- ret = 0;
+ return 0;
+
+error_ci:
+ crypto_free_sync_skcipher(ci);
error:
_leave(" = %d", ret);
return ret;
@@ -98,7 +108,8 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn)
* prime the encryption state with the invariant parts of a connection's
* description
*/
-static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
+static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
+ struct crypto_sync_skcipher *ci)
{
struct skcipher_request *req;
struct rxrpc_key_token *token;
@@ -116,7 +127,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
if (!tmpbuf)
return -ENOMEM;
- req = skcipher_request_alloc(&conn->cipher->base, GFP_NOFS);
+ req = skcipher_request_alloc(&ci->base, GFP_NOFS);
if (!req) {
kfree(tmpbuf);
return -ENOMEM;
@@ -131,7 +142,7 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
tmpbuf[3] = htonl(conn->security_ix);
sg_init_one(&sg, tmpbuf, tmpsize);
- skcipher_request_set_sync_tfm(req, conn->cipher);
+ skcipher_request_set_sync_tfm(req, ci);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
crypto_skcipher_encrypt(req);
@@ -1297,7 +1308,6 @@ const struct rxrpc_security rxkad = {
.init = rxkad_init,
.exit = rxkad_exit,
.init_connection_security = rxkad_init_connection_security,
- .prime_packet_security = rxkad_prime_packet_security,
.secure_packet = rxkad_secure_packet,
.verify_packet = rxkad_verify_packet,
.free_call_crypto = rxkad_free_call_crypto,
next prev parent reply other threads:[~2020-10-01 14:58 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-01 14:56 [PATCH net-next 00/23] rxrpc: Fixes and preparation for RxGK David Howells
2020-10-01 14:56 ` [PATCH net-next 01/23] keys: Provide the original description to the key preparser David Howells
2020-10-01 14:56 ` [PATCH net-next 02/23] rxrpc: Fix bundle counting for exclusive connections David Howells
2020-10-01 14:57 ` [PATCH net-next 03/23] rxrpc: Fix rxkad token xdr encoding David Howells
2020-10-01 14:57 ` [PATCH net-next 04/23] rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() David Howells
2020-10-01 14:57 ` [PATCH net-next 05/23] rxrpc: Fix some missing _bh annotations on locking conn->state_lock David Howells
2020-10-01 14:57 ` [PATCH net-next 06/23] rxrpc: Fix loss of final ack on shutdown David Howells
2020-10-01 14:57 ` [PATCH net-next 07/23] rxrpc: Fix accept on a connection that need securing David Howells
2020-10-01 14:57 ` [PATCH net-next 08/23] rxrpc: The server keyring isn't network-namespaced David Howells
2020-10-01 14:57 ` [PATCH net-next 09/23] rxrpc: Change basic data packet size alignment to 1 David Howells
2020-10-01 14:57 ` [PATCH net-next 10/23] rxrpc: Remove the rxk5 security class as it's now defunct David Howells
2020-10-01 14:57 ` [PATCH net-next 11/23] rxrpc: List the held token types in the key description in /proc/keys David Howells
2020-10-01 14:58 ` [PATCH net-next 12/23] rxrpc: Allow for a security trailer in a packet David Howells
2020-10-01 14:58 ` David Howells [this message]
2020-10-01 14:58 ` [PATCH net-next 14/23] rxrpc: Support keys with multiple authentication tokens David Howells
2020-10-01 14:58 ` [PATCH net-next 15/23] rxrpc: Don't retain the server key in the connection David Howells
2020-10-01 14:58 ` [PATCH net-next 16/23] rxrpc: Split the server key type (rxrpc_s) into its own file David Howells
2020-10-01 14:58 ` [PATCH net-next 17/23] rxrpc: Hand server key parsing off to the security class David Howells
2020-10-01 14:58 ` [PATCH net-next 18/23] rxrpc: Don't reserve security header in Tx DATA skbuff David Howells
2020-10-01 14:58 ` [PATCH net-next 19/23] rxrpc: Organise connection security to use a union David Howells
2020-10-01 14:59 ` [PATCH net-next 20/23] rxrpc: Don't leak the service-side session key to userspace David Howells
2020-10-01 14:59 ` [PATCH net-next 21/23] rxrpc: Allow security classes to give more info on server keys David Howells
2020-10-01 14:59 ` [PATCH net-next 22/23] rxrpc: Make the parsing of xdr payloads more coherent David Howells
2020-10-01 14:59 ` [PATCH net-next 23/23] rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet David Howells
2020-10-02 23:03 ` [PATCH net-next 00/23] rxrpc: Fixes and preparation for RxGK David Miller
2020-10-03 20:01 ` David Howells
2020-10-03 21:17 ` David Miller
2020-10-03 21:24 ` David Howells
2020-10-03 21:32 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=160156429325.1728886.13596879825837068396.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).