| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251012015738.244315-1-ebiggers@kernel.org> Date: Sat, 11 Oct 2025 18:57:30 -0700 From: Eric Biggers <ebiggers@...nel.org> To: linux-cifs@...r.kernel.org, Steve French <sfrench@...ba.org> Cc: samba-technical@...ts.samba.org, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, Paulo Alcantara <pc@...guebit.org>, Ronnie Sahlberg <ronniesahlberg@...il.com>, Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>, Bharath SM <bharathsm@...rosoft.com>, Eric Biggers <ebiggers@...nel.org> Subject: [PATCH 0/8] smb: client: More crypto library conversions This series converts fs/smb/client/ to access SHA-512, HMAC-SHA256, MD5, and HMAC-MD5 using the library APIs instead of crypto_shash. This simplifies the code significantly. It also slightly improves performance, as it eliminates unnecessary overhead. Tested with Samba with all SMB versions, with mfsymlinks in the mount options, 'server min protocol = NT1' and 'server signing = required' in smb.conf, and doing a simple file data and symlink verification test. That seems to cover all the modified code paths. However, with SMB 1.0 I get "CIFS: VFS: SMB signature verification returned error = -13", regardless of whether this series is applied or not. Presumably, testing that case requires some other setting I couldn't find. Regardless, these are straightforward conversions and all the actual crypto is exactly the same as before, as far as I can tell. Eric Biggers (8): smb: client: Use SHA-512 library for SMB3.1.1 preauth hash smb: client: Use HMAC-SHA256 library for key generation smb: client: Use HMAC-SHA256 library for SMB2 signature calculation smb: client: Use MD5 library for M-F symlink hashing smb: client: Use MD5 library for SMB1 signature calculation smb: client: Use HMAC-MD5 library for NTLMv2 smb: client: Remove obsolete crypto_shash allocations smb: client: Consolidate cmac(aes) shash allocation fs/smb/client/Kconfig | 7 +- fs/smb/client/cifsencrypt.c | 201 +++++++++++++--------------------- fs/smb/client/cifsfs.c | 4 - fs/smb/client/cifsglob.h | 3 - fs/smb/client/cifsproto.h | 10 +- fs/smb/client/link.c | 31 +----- fs/smb/client/sess.c | 2 +- fs/smb/client/smb2misc.c | 53 ++------- fs/smb/client/smb2proto.h | 8 +- fs/smb/client/smb2transport.c | 164 +++++---------------------- 10 files changed, 131 insertions(+), 352 deletions(-) base-commit: 67029a49db6c1f21106a1b5fcdd0ea234a6e0711 -- 2.51.0
Powered by blists - more mailing lists