git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Tue, 14 Oct 2025 23:17:59 +0000 (16:17 -0700)
committer	Steve French <stfrench@microsoft.com>
	Mon, 1 Dec 2025 03:11:43 +0000 (21:11 -0600)
commit	3a597e6e9701eb7af04864ffdc0a6a91bc8c6496
tree	601dbb3be5c5acc39897462a055b8e4f2cb1aac0	tree \| snapshot
parent	924067ef183bd17f39d790752190f99982524598	commit \| diff

ksmbd: Use HMAC-MD5 library for NTLMv2

For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library
instead of a "hmac(md5)" crypto_shash.  This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the HMAC-MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

To preserve the existing behavior of NTLMv2 support being disabled when
the kernel is booted with "fips=1", make ksmbd_auth_ntlmv2() check
fips_enabled itself.  Previously it relied on the error from
crypto_alloc_shash("hmac(md5)") being bubbled up.  I don't know for sure
that this is actually needed, but this preserves the existing behavior.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

fs/smb/server/Kconfig		diff \| blob \| blame \| history
fs/smb/server/auth.c		diff \| blob \| blame \| history
fs/smb/server/crypto_ctx.c		diff \| blob \| blame \| history
fs/smb/server/crypto_ctx.h		diff \| blob \| blame \| history
fs/smb/server/server.c		diff \| blob \| blame \| history