releases/5.12.9/cifs-set-server-cipher_type-to-aes-128-ccm-for-smb3.0.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 Mon Sep 17 00:00:00 2001
 From: Aurelien Aptel <aaptel@suse.com>
 Date: Fri, 21 May 2021 17:19:27 +0200
 Subject: cifs: set server->cipher_type to AES-128-CCM for SMB3.0

 From: Aurelien Aptel <aaptel@suse.com>

 commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream.

 SMB3.0 doesn't have encryption negotiate context but simply uses
 the SMB2_GLOBAL_CAP_ENCRYPTION flag.

 When that flag is present in the neg response cifs.ko uses AES-128-CCM
 which is the only cipher available in this context.

 cipher_type was set to the server cipher only when parsing encryption
 negotiate context (SMB3.1.1).

 For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1
 for AES-128-CCM.

 Fix this by checking for SMB3.0 and encryption capability and setting
 cipher_type appropriately.

 Signed-off-by: Aurelien Aptel <aaptel@suse.com>
 Cc: <stable@vger.kernel.org>
 Signed-off-by: Steve French <stfrench@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  fs/cifs/smb2pdu.c |    7 +++++++
  1 file changed, 7 insertions(+)

 --- a/fs/cifs/smb2pdu.c
 +++ b/fs/cifs/smb2pdu.c
 @@ -958,6 +958,13 @@ SMB2_negotiate(const unsigned int xid, s
  	/* Internal types */
  	server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;

 +	/*
 +	 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
 +	 * Set the cipher type manually.
 +	 */
 +	if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
 +		server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
 +
  	security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
  					       (struct smb2_sync_hdr *)rsp);
  	/*
	From 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 Mon Sep 17 00:00:00 2001
	From: Aurelien Aptel <aaptel@suse.com>
	Date: Fri, 21 May 2021 17:19:27 +0200
	Subject: cifs: set server->cipher_type to AES-128-CCM for SMB3.0

	From: Aurelien Aptel <aaptel@suse.com>

	commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream.

	SMB3.0 doesn't have encryption negotiate context but simply uses
	the SMB2_GLOBAL_CAP_ENCRYPTION flag.

	When that flag is present in the neg response cifs.ko uses AES-128-CCM
	which is the only cipher available in this context.

	cipher_type was set to the server cipher only when parsing encryption
	negotiate context (SMB3.1.1).

	For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1
	for AES-128-CCM.

	Fix this by checking for SMB3.0 and encryption capability and setting
	cipher_type appropriately.

	Signed-off-by: Aurelien Aptel <aaptel@suse.com>
	Cc: <stable@vger.kernel.org>
	Signed-off-by: Steve French <stfrench@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	fs/cifs/smb2pdu.c \| 7 +++++++
	1 file changed, 7 insertions(+)

	--- a/fs/cifs/smb2pdu.c
	+++ b/fs/cifs/smb2pdu.c
	@@ -958,6 +958,13 @@ SMB2_negotiate(const unsigned int xid, s
	/* Internal types */
	server->capabilities \|= SMB2_NT_FIND \| SMB2_LARGE_FILES;

	+ /*
	+ * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
	+ * Set the cipher type manually.
	+ */
	+ if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
	+ server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
	+
	security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
	(struct smb2_sync_hdr *)rsp);
	/*