| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH2r5mvT9RtFAxLb0UCreeyfMMzhGU2BMO1FronmtQv+pQ8L4A@mail.gmail.com>
Date: Mon, 20 Oct 2025 21:25:16 -0500
From: Steve French <smfrench@...il.com>
To: Enzo Matsumiya <ematsumiya@...e.de>
Cc: David Howells <dhowells@...hat.com>, Steve French <sfrench@...ba.org>,
Paulo Alcantara <pc@...guebit.org>, linux-cifs@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: Call the calc_signature functions directly
merged updated patch into cifs-2.6.git for-next (and also has Enzo Acked-by now)
On Mon, Oct 20, 2025 at 8:39 AM Enzo Matsumiya <ematsumiya@...e.de> wrote:
>
> Hi David,
>
> On 10/20, David Howells wrote:
> >As the SMB1 and SMB2/3 calc_signature functions are called from separate
> >sign and verify paths, just call them directly rather than using a function
> >pointer. The SMB3 calc_signature then jumps to the SMB2 variant if
> >necessary.
> >
> >Signed-off-by: David Howells <dhowells@...hat.com>
> >cc: Steve French <sfrench@...ba.org>
> >cc: Paulo Alcantara <pc@...guebit.org>
> >cc: linux-cifs@...r.kernel.org
> >cc: linux-fsdevel@...r.kernel.org
> >---
> > fs/smb/client/cifsglob.h | 2 --
> > fs/smb/client/smb2ops.c | 4 ----
> > fs/smb/client/smb2proto.h | 6 ------
> > fs/smb/client/smb2transport.c | 18 +++++++++---------
> > 4 files changed, 9 insertions(+), 21 deletions(-)
> >
> >diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
> >index b91397dbb6aa..7297f0f01cb3 100644
> >--- a/fs/smb/client/cifsglob.h
> >+++ b/fs/smb/client/cifsglob.h
> >@@ -536,8 +536,6 @@ struct smb_version_operations {
> > void (*new_lease_key)(struct cifs_fid *);
> > int (*generate_signingkey)(struct cifs_ses *ses,
> > struct TCP_Server_Info *server);
> >- int (*calc_signature)(struct smb_rqst *, struct TCP_Server_Info *,
> >- bool allocate_crypto);
> > int (*set_integrity)(const unsigned int, struct cifs_tcon *tcon,
> > struct cifsFileInfo *src_file);
> > int (*enum_snapshots)(const unsigned int xid, struct cifs_tcon *tcon,
> >diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
> >index 7c392cf5940b..66eee3440df6 100644
> >--- a/fs/smb/client/smb2ops.c
> >+++ b/fs/smb/client/smb2ops.c
> >@@ -5446,7 +5446,6 @@ struct smb_version_operations smb20_operations = {
> > .get_lease_key = smb2_get_lease_key,
> > .set_lease_key = smb2_set_lease_key,
> > .new_lease_key = smb2_new_lease_key,
> >- .calc_signature = smb2_calc_signature,
> > .is_read_op = smb2_is_read_op,
> > .set_oplock_level = smb2_set_oplock_level,
> > .create_lease_buf = smb2_create_lease_buf,
> >@@ -5550,7 +5549,6 @@ struct smb_version_operations smb21_operations = {
> > .get_lease_key = smb2_get_lease_key,
> > .set_lease_key = smb2_set_lease_key,
> > .new_lease_key = smb2_new_lease_key,
> >- .calc_signature = smb2_calc_signature,
> > .is_read_op = smb21_is_read_op,
> > .set_oplock_level = smb21_set_oplock_level,
> > .create_lease_buf = smb2_create_lease_buf,
> >@@ -5660,7 +5658,6 @@ struct smb_version_operations smb30_operations = {
> > .set_lease_key = smb2_set_lease_key,
> > .new_lease_key = smb2_new_lease_key,
> > .generate_signingkey = generate_smb30signingkey,
> >- .calc_signature = smb3_calc_signature,
> > .set_integrity = smb3_set_integrity,
> > .is_read_op = smb21_is_read_op,
> > .set_oplock_level = smb3_set_oplock_level,
> >@@ -5777,7 +5774,6 @@ struct smb_version_operations smb311_operations = {
> > .set_lease_key = smb2_set_lease_key,
> > .new_lease_key = smb2_new_lease_key,
> > .generate_signingkey = generate_smb311signingkey,
> >- .calc_signature = smb3_calc_signature,
> > .set_integrity = smb3_set_integrity,
> > .is_read_op = smb21_is_read_op,
> > .set_oplock_level = smb3_set_oplock_level,
> >diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h
> >index b3f1398c9f79..7e98fbe7bf33 100644
> >--- a/fs/smb/client/smb2proto.h
> >+++ b/fs/smb/client/smb2proto.h
> >@@ -39,12 +39,6 @@ extern struct mid_q_entry *smb2_setup_async_request(
> > struct TCP_Server_Info *server, struct smb_rqst *rqst);
> > extern struct cifs_tcon *smb2_find_smb_tcon(struct TCP_Server_Info *server,
> > __u64 ses_id, __u32 tid);
> >-extern int smb2_calc_signature(struct smb_rqst *rqst,
> >- struct TCP_Server_Info *server,
> >- bool allocate_crypto);
> >-extern int smb3_calc_signature(struct smb_rqst *rqst,
> >- struct TCP_Server_Info *server,
> >- bool allocate_crypto);
> > extern void smb2_echo_request(struct work_struct *work);
> > extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode);
> > extern bool smb2_is_valid_oplock_break(char *buffer,
> >diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
> >index 33f33013b392..916c131d763d 100644
> >--- a/fs/smb/client/smb2transport.c
> >+++ b/fs/smb/client/smb2transport.c
> >@@ -247,9 +247,9 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
> > return tcon;
> > }
> >
> >-int
> >+static int
> > smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> >- bool allocate_crypto)
> >+ bool allocate_crypto)
> > {
> > int rc;
> > unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
> >@@ -576,9 +576,9 @@ generate_smb311signingkey(struct cifs_ses *ses,
> > return generate_smb3signingkey(ses, server, &triplet);
> > }
> >
> >-int
> >+static int
> > smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> >- bool allocate_crypto)
> >+ bool allocate_crypto)
> > {
> > int rc;
> > unsigned char smb3_signature[SMB2_CMACAES_SIZE];
> >@@ -589,6 +589,9 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> > struct smb_rqst drqst;
> > u8 key[SMB3_SIGN_KEY_SIZE];
> >
> >+ if ((server->vals->protocol_id & 0xf00) == 0x200)
>
> Please use:
>
> if (server->vals->protocol_id <= SMB21_PROT_ID)
>
> Other than that
>
> Acked-by: Enzo Matsumiya <ematsumiya@...e.de>
>
> >+ return smb2_calc_signature(rqst, server, allocate_crypto);
> >+
> > rc = smb3_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
> > if (unlikely(rc)) {
> > cifs_server_dbg(FYI, "%s: Could not get signing key\n", __func__);
> >@@ -657,7 +660,6 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
> > static int
> > smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
> > {
> >- int rc = 0;
> > struct smb2_hdr *shdr;
> > struct smb2_sess_setup_req *ssr;
> > bool is_binding;
> >@@ -684,9 +686,7 @@ smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
> > return 0;
> > }
> >
> >- rc = server->ops->calc_signature(rqst, server, false);
> >-
> >- return rc;
> >+ return smb3_calc_signature(rqst, server, false);
> > }
> >
> > int
> >@@ -722,7 +722,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
> >
> > memset(shdr->Signature, 0, SMB2_SIGNATURE_SIZE);
> >
> >- rc = server->ops->calc_signature(rqst, server, true);
> >+ rc = smb3_calc_signature(rqst, server, true);
> >
> > if (rc)
> > return rc;
> >
> >
>
--
Thanks,
Steve
Powered by blists - more mailing lists