Re: [PATCH 0/8] smb: client: More crypto library conversions

Next message: Ard Biesheuvel: "Re: [PATCH] nfsd: Use MD5 library instead of crypto_shash"
Previous message: Marek Szyprowski: "Re: [PATCH v8 4/5] dma: contiguous: Reserve default CMA heap"
In reply to: Eric Biggers: "Re: [PATCH 0/8] smb: client: More crypto library conversions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ard Biesheuvel

Date: Tue Oct 14 2025 - 03:56:14 EST

On Sun, 12 Oct 2025 at 03:59, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> This series converts fs/smb/client/ to access SHA-512, HMAC-SHA256, MD5,
> and HMAC-MD5 using the library APIs instead of crypto_shash.
>
> This simplifies the code significantly. It also slightly improves
> performance, as it eliminates unnecessary overhead.
>
> Tested with Samba with all SMB versions, with mfsymlinks in the mount
> options, 'server min protocol = NT1' and 'server signing = required' in
> smb.conf, and doing a simple file data and symlink verification test.
> That seems to cover all the modified code paths.
>
> However, with SMB 1.0 I get "CIFS: VFS: SMB signature verification
> returned error = -13", regardless of whether this series is applied or
> not. Presumably, testing that case requires some other setting I
> couldn't find.
>
> Regardless, these are straightforward conversions and all the actual
> crypto is exactly the same as before, as far as I can tell.
>
> Eric Biggers (8):
> smb: client: Use SHA-512 library for SMB3.1.1 preauth hash
> smb: client: Use HMAC-SHA256 library for key generation
> smb: client: Use HMAC-SHA256 library for SMB2 signature calculation
> smb: client: Use MD5 library for M-F symlink hashing
> smb: client: Use MD5 library for SMB1 signature calculation
> smb: client: Use HMAC-MD5 library for NTLMv2
> smb: client: Remove obsolete crypto_shash allocations
> smb: client: Consolidate cmac(aes) shash allocation
>

Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>