Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

smb: client: Use MD5 library for M-F symlink hashing 

Convert parse_mf_symlink() and format_mf_symlink() to use the MD5
library instead of a "md5" crypto_shash.  This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

This also fixes an issue where these functions did not work on kernels
booted in FIPS mode.  The use of MD5 here is for data integrity rather
than a security purpose, so it can use a non-FIPS-approved algorithm.

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Eric Biggers 2025-10-11 18:57:34 -07:00 committed by Steve French
parent e05b3115e7
commit ae04b1bb06
2 changed files with 4 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fs/smb/client/Kconfig
View File

@ -16,6 +16,7 @@ config CIFS
select CRYPTO_ECB select CRYPTO_ECB
select CRYPTO_AES select CRYPTO_AES
select CRYPTO_LIB_ARC4 select CRYPTO_LIB_ARC4
select CRYPTO_LIB_MD5
select CRYPTO_LIB_SHA256 select CRYPTO_LIB_SHA256
select CRYPTO_LIB_SHA512 select CRYPTO_LIB_SHA512
select KEYS select KEYS

31
fs/smb/client/link.c
View File

@ -5,6 +5,7 @@
* Author(s): Steve French (sfrench@us.ibm.com) * Author(s): Steve French (sfrench@us.ibm.com)
* *
*/ */
#include <crypto/md5.h>
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/stat.h> #include <linux/stat.h>
#include <linux/slab.h> #include <linux/slab.h>
@ -36,23 +37,6 @@
#define CIFS_MF_SYMLINK_MD5_FORMAT "%16phN\n" #define CIFS_MF_SYMLINK_MD5_FORMAT "%16phN\n"
#define CIFS_MF_SYMLINK_MD5_ARGS(md5_hash) md5_hash #define CIFS_MF_SYMLINK_MD5_ARGS(md5_hash) md5_hash
static int
symlink_hash(unsigned int link_len, const char *link_str, u8 *md5_hash)
{
int rc;
struct shash_desc *md5 = NULL;
rc = cifs_alloc_hash("md5", &md5);
if (rc)
return rc;
rc = crypto_shash_digest(md5, link_str, link_len, md5_hash);
if (rc)
cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
cifs_free_hash(&md5);
return rc;
}
static int static int
parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len, parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len,
char **_link_str) char **_link_str)
@ -77,11 +61,7 @@ parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len,
if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN) if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN)
return -EINVAL; return -EINVAL;
rc = symlink_hash(link_len, link_str, md5_hash); md5(link_str, link_len, md5_hash);
if (rc) {
cifs_dbg(FYI, "%s: MD5 hash failure: %d\n", __func__, rc);
return rc;
}
scnprintf(md5_str2, sizeof(md5_str2), scnprintf(md5_str2, sizeof(md5_str2),
CIFS_MF_SYMLINK_MD5_FORMAT, CIFS_MF_SYMLINK_MD5_FORMAT,
@ -103,7 +83,6 @@ parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len,
static int static int
format_mf_symlink(u8 *buf, unsigned int buf_len, const char *link_str) format_mf_symlink(u8 *buf, unsigned int buf_len, const char *link_str)
{ {
int rc;
unsigned int link_len; unsigned int link_len;
unsigned int ofs; unsigned int ofs;
u8 md5_hash[16]; u8 md5_hash[16];
@ -116,11 +95,7 @@ format_mf_symlink(u8 *buf, unsigned int buf_len, const char *link_str)
if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN) if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN)
return -ENAMETOOLONG; return -ENAMETOOLONG;
rc = symlink_hash(link_len, link_str, md5_hash); md5(link_str, link_len, md5_hash);
if (rc) {
cifs_dbg(FYI, "%s: MD5 hash failure: %d\n", __func__, rc);
return rc;
}
scnprintf(buf, buf_len, scnprintf(buf, buf_len,
CIFS_MF_SYMLINK_LEN_FORMAT CIFS_MF_SYMLINK_MD5_FORMAT, CIFS_MF_SYMLINK_LEN_FORMAT CIFS_MF_SYMLINK_MD5_FORMAT,