lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251016182002.GA6416@sol>
Date: Thu, 16 Oct 2025 11:20:02 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: linux-nfs@...r.kernel.org, Chuck Lever <chuck.lever@...cle.com>,
	Jeff Layton <jlayton@...nel.org>
Cc: NeilBrown <neil@...wn.name>, Olga Kornievskaia <okorniev@...hat.com>,
	Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] nfsd: Use MD5 library instead of crypto_shash

On Thu, Oct 16, 2025 at 11:15:34AM -0700, Eric Biggers wrote:
> Update NFSD's support for "legacy client tracking" (which uses MD5) to
> use the MD5 library instead of crypto_shash.  This has several benefits:
> 
> - Simpler code.  Notably, much of the error-handling code is no longer
>   needed, since the library functions can't fail.
> 
> - Improved performance due to reduced overhead.  A microbenchmark of
>   nfs4_make_rec_clidname() shows a speedup from 1455 cycles to 425.
> 
> - The MD5 code can now safely be built as a loadable module when nfsd is
>   built as a loadable module.  (Previously, nfsd forced the MD5 code to
>   built-in, presumably to work around the unreliability of the
>   name-based loading.)  Thus select MD5 from the tristate option NFSD if
>   NFSD_LEGACY_CLIENT_TRACKING, instead of from the bool option NFSD_V4.
> 
> - Fixes a bug where legacy client tracking was not supported on kernels
>   booted with "fips=1", due to crypto_shash not allowing MD5 to be used.
>   This particular use of MD5 is not for a cryptographic purpose, though,
>   so it is acceptable even when fips=1 (see
>   https://lore.kernel.org/r/dae495a93cbcc482f4ca23c3a0d9360a1fd8c3a8.camel@redhat.com/).
> 
> Signed-off-by: Eric Biggers <ebiggers@...nel.org>

I forgot the tags from v1.  Please add when applying:

    Acked-by: Ard Biesheuvel <ardb@...nel.org>
    Acked-by: Jeff Layton <jlayton@...nel.org>
    Reviewed-by: Scott Mayhew <smayhew@...hat.com>

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ