| From 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 Mon Sep 17 00:00:00 2001 |
| From: Aurelien Aptel <aaptel@suse.com> |
| Date: Fri, 21 May 2021 17:19:27 +0200 |
| Subject: cifs: set server->cipher_type to AES-128-CCM for SMB3.0 |
| |
| From: Aurelien Aptel <aaptel@suse.com> |
| |
| commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream. |
| |
| SMB3.0 doesn't have encryption negotiate context but simply uses |
| the SMB2_GLOBAL_CAP_ENCRYPTION flag. |
| |
| When that flag is present in the neg response cifs.ko uses AES-128-CCM |
| which is the only cipher available in this context. |
| |
| cipher_type was set to the server cipher only when parsing encryption |
| negotiate context (SMB3.1.1). |
| |
| For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1 |
| for AES-128-CCM. |
| |
| Fix this by checking for SMB3.0 and encryption capability and setting |
| cipher_type appropriately. |
| |
| Signed-off-by: Aurelien Aptel <aaptel@suse.com> |
| Cc: <stable@vger.kernel.org> |
| Signed-off-by: Steve French <stfrench@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/cifs/smb2pdu.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| --- a/fs/cifs/smb2pdu.c |
| +++ b/fs/cifs/smb2pdu.c |
| @@ -958,6 +958,13 @@ SMB2_negotiate(const unsigned int xid, s |
| /* Internal types */ |
| server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; |
| |
| + /* |
| + * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context |
| + * Set the cipher type manually. |
| + */ |
| + if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) |
| + server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; |
| + |
| security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, |
| (struct smb2_sync_hdr *)rsp); |
| /* |