lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <jf5k4w47cw3jhc3nfmhwtaqtqxrqd5ufg4agpagacbxejyuhb7@udi3ed54kf3m>
Date: Mon, 20 Oct 2025 10:38:42 -0300
From: Enzo Matsumiya <ematsumiya@...e.de>
To: David Howells <dhowells@...hat.com>
Cc: Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.org>, 
	linux-cifs@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: Call the calc_signature functions directly

Hi David,

On 10/20, David Howells wrote:
>As the SMB1 and SMB2/3 calc_signature functions are called from separate
>sign and verify paths, just call them directly rather than using a function
>pointer.  The SMB3 calc_signature then jumps to the SMB2 variant if
>necessary.
>
>Signed-off-by: David Howells <dhowells@...hat.com>
>cc: Steve French <sfrench@...ba.org>
>cc: Paulo Alcantara <pc@...guebit.org>
>cc: linux-cifs@...r.kernel.org
>cc: linux-fsdevel@...r.kernel.org
>---
> fs/smb/client/cifsglob.h      |    2 --
> fs/smb/client/smb2ops.c       |    4 ----
> fs/smb/client/smb2proto.h     |    6 ------
> fs/smb/client/smb2transport.c |   18 +++++++++---------
> 4 files changed, 9 insertions(+), 21 deletions(-)
>
>diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
>index b91397dbb6aa..7297f0f01cb3 100644
>--- a/fs/smb/client/cifsglob.h
>+++ b/fs/smb/client/cifsglob.h
>@@ -536,8 +536,6 @@ struct smb_version_operations {
> 	void (*new_lease_key)(struct cifs_fid *);
> 	int (*generate_signingkey)(struct cifs_ses *ses,
> 				   struct TCP_Server_Info *server);
>-	int (*calc_signature)(struct smb_rqst *, struct TCP_Server_Info *,
>-				bool allocate_crypto);
> 	int (*set_integrity)(const unsigned int, struct cifs_tcon *tcon,
> 			     struct cifsFileInfo *src_file);
> 	int (*enum_snapshots)(const unsigned int xid, struct cifs_tcon *tcon,
>diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
>index 7c392cf5940b..66eee3440df6 100644
>--- a/fs/smb/client/smb2ops.c
>+++ b/fs/smb/client/smb2ops.c
>@@ -5446,7 +5446,6 @@ struct smb_version_operations smb20_operations = {
> 	.get_lease_key = smb2_get_lease_key,
> 	.set_lease_key = smb2_set_lease_key,
> 	.new_lease_key = smb2_new_lease_key,
>-	.calc_signature = smb2_calc_signature,
> 	.is_read_op = smb2_is_read_op,
> 	.set_oplock_level = smb2_set_oplock_level,
> 	.create_lease_buf = smb2_create_lease_buf,
>@@ -5550,7 +5549,6 @@ struct smb_version_operations smb21_operations = {
> 	.get_lease_key = smb2_get_lease_key,
> 	.set_lease_key = smb2_set_lease_key,
> 	.new_lease_key = smb2_new_lease_key,
>-	.calc_signature = smb2_calc_signature,
> 	.is_read_op = smb21_is_read_op,
> 	.set_oplock_level = smb21_set_oplock_level,
> 	.create_lease_buf = smb2_create_lease_buf,
>@@ -5660,7 +5658,6 @@ struct smb_version_operations smb30_operations = {
> 	.set_lease_key = smb2_set_lease_key,
> 	.new_lease_key = smb2_new_lease_key,
> 	.generate_signingkey = generate_smb30signingkey,
>-	.calc_signature = smb3_calc_signature,
> 	.set_integrity  = smb3_set_integrity,
> 	.is_read_op = smb21_is_read_op,
> 	.set_oplock_level = smb3_set_oplock_level,
>@@ -5777,7 +5774,6 @@ struct smb_version_operations smb311_operations = {
> 	.set_lease_key = smb2_set_lease_key,
> 	.new_lease_key = smb2_new_lease_key,
> 	.generate_signingkey = generate_smb311signingkey,
>-	.calc_signature = smb3_calc_signature,
> 	.set_integrity  = smb3_set_integrity,
> 	.is_read_op = smb21_is_read_op,
> 	.set_oplock_level = smb3_set_oplock_level,
>diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h
>index b3f1398c9f79..7e98fbe7bf33 100644
>--- a/fs/smb/client/smb2proto.h
>+++ b/fs/smb/client/smb2proto.h
>@@ -39,12 +39,6 @@ extern struct mid_q_entry *smb2_setup_async_request(
> 			struct TCP_Server_Info *server, struct smb_rqst *rqst);
> extern struct cifs_tcon *smb2_find_smb_tcon(struct TCP_Server_Info *server,
> 						__u64 ses_id, __u32  tid);
>-extern int smb2_calc_signature(struct smb_rqst *rqst,
>-				struct TCP_Server_Info *server,
>-				bool allocate_crypto);
>-extern int smb3_calc_signature(struct smb_rqst *rqst,
>-				struct TCP_Server_Info *server,
>-				bool allocate_crypto);
> extern void smb2_echo_request(struct work_struct *work);
> extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode);
> extern bool smb2_is_valid_oplock_break(char *buffer,
>diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
>index 33f33013b392..916c131d763d 100644
>--- a/fs/smb/client/smb2transport.c
>+++ b/fs/smb/client/smb2transport.c
>@@ -247,9 +247,9 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32  tid)
> 	return tcon;
> }
>
>-int
>+static int
> smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
>-			bool allocate_crypto)
>+		    bool allocate_crypto)
> {
> 	int rc;
> 	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
>@@ -576,9 +576,9 @@ generate_smb311signingkey(struct cifs_ses *ses,
> 	return generate_smb3signingkey(ses, server, &triplet);
> }
>
>-int
>+static int
> smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
>-			bool allocate_crypto)
>+		    bool allocate_crypto)
> {
> 	int rc;
> 	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
>@@ -589,6 +589,9 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> 	struct smb_rqst drqst;
> 	u8 key[SMB3_SIGN_KEY_SIZE];
>
>+	if ((server->vals->protocol_id & 0xf00) == 0x200)

Please use:

   if (server->vals->protocol_id <= SMB21_PROT_ID)

Other than that

Acked-by: Enzo Matsumiya <ematsumiya@...e.de>

>+		return smb2_calc_signature(rqst, server, allocate_crypto);
>+
> 	rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
> 	if (unlikely(rc)) {
> 		cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__);
>@@ -657,7 +660,6 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> static int
> smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
> {
>-	int rc = 0;
> 	struct smb2_hdr *shdr;
> 	struct smb2_sess_setup_req *ssr;
> 	bool is_binding;
>@@ -684,9 +686,7 @@ smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
> 		return 0;
> 	}
>
>-	rc = server->ops->calc_signature(rqst, server, false);
>-
>-	return rc;
>+	return smb3_calc_signature(rqst, server, false);
> }
>
> int
>@@ -722,7 +722,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
>
> 	memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
>
>-	rc = server->ops->calc_signature(rqst, server, true);
>+	rc = smb3_calc_signature(rqst, server, true);
>
> 	if (rc)
> 		return rc;
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ