From: Eric Biggers Date: Sat, 18 Apr 2026 22:13:09 +0000 (-0700) Subject: smb: client: Remove obsolete cmac(aes) allocation X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4c1c07820a0e4d82076be254814ff84ce0aae212;p=thirdparty%2Fkernel%2Fstable.git smb: client: Remove obsolete cmac(aes) allocation Since the crypto library API is now being used instead of crypto_shash, the "cmac(aes)" crypto_shash that is being allocated and stored in 'struct cifs_secmech' is no longer used. Remove it. That makes the kconfig selection of CRYPTO_CMAC and the module softdep on "cmac" unnecessary. So remove those too. Finally, since this removes the last use of crypto_shash from the smb client, also remove the remaining crypto_shash-related helper functions. Note: cifs_unicode.c was relying on being included transitively via . Since the latter include is removed, make cifs_unicode.c include explicitly. Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Steve French --- diff --git a/fs/smb/client/Kconfig b/fs/smb/client/Kconfig index 029bbe595d5f..a1c6ad4d574a 100644 --- a/fs/smb/client/Kconfig +++ b/fs/smb/client/Kconfig @@ -5,7 +5,6 @@ config CIFS select NLS select NLS_UCS2_UTILS select CRYPTO - select CRYPTO_CMAC select CRYPTO_AEAD2 select CRYPTO_CCM select CRYPTO_GCM diff --git a/fs/smb/client/cifs_unicode.c b/fs/smb/client/cifs_unicode.c index e2edc207cef2..4a8a591f4bca 100644 --- a/fs/smb/client/cifs_unicode.c +++ b/fs/smb/client/cifs_unicode.c @@ -6,6 +6,7 @@ */ #include #include +#include #include "cifs_fs_sb.h" #include "cifs_unicode.h" #include "cifsglob.h" diff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c index d092bca2df62..34804e9842a8 100644 --- a/fs/smb/client/cifsencrypt.c +++ b/fs/smb/client/cifsencrypt.c @@ -503,8 +503,6 @@ calc_seckey(struct cifs_ses *ses) void cifs_crypto_secmech_release(struct TCP_Server_Info *server) { - cifs_free_hash(&server->secmech.aes_cmac); - if (server->secmech.enc) { crypto_free_aead(server->secmech.enc); server->secmech.enc = NULL; diff --git a/fs/smb/client/cifsfs.c b/fs/smb/client/cifsfs.c index 2e92c7fa2c5d..9f76b0347fa9 100644 --- a/fs/smb/client/cifsfs.c +++ b/fs/smb/client/cifsfs.c @@ -2123,7 +2123,6 @@ MODULE_DESCRIPTION MODULE_VERSION(CIFS_VERSION); MODULE_SOFTDEP("nls"); MODULE_SOFTDEP("aes"); -MODULE_SOFTDEP("cmac"); MODULE_SOFTDEP("aead2"); MODULE_SOFTDEP("ccm"); MODULE_SOFTDEP("gcm"); diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 74265d055c26..82e0adc1dabd 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -23,7 +23,6 @@ #include #include "cifs_fs_sb.h" #include "cifsacl.h" -#include #include #include "../common/smbglob.h" #include "../common/smb2pdu.h" @@ -221,10 +220,8 @@ struct session_key { char *response; }; -/* crypto hashing related structure/fields, not specific to a sec mech */ +/* encryption related structure/fields, not specific to a sec mech */ struct cifs_secmech { - struct shash_desc *aes_cmac; /* block-cipher based MAC function, for SMB3 signatures */ - struct crypto_aead *enc; /* smb3 encryption AEAD TFM (AES-CCM and AES-GCM) */ struct crypto_aead *dec; /* smb3 decryption AEAD TFM (AES-CCM and AES-GCM) */ }; diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index c24c50d732e6..4a25afda9448 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -351,9 +351,6 @@ int __cifs_calc_signature(struct smb_rqst *rqst, enum securityEnum cifs_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested); -int cifs_alloc_hash(const char *name, struct shash_desc **sdesc); -void cifs_free_hash(struct shash_desc **sdesc); - int cifs_try_adding_channels(struct cifs_ses *ses); int smb3_update_ses_channels(struct cifs_ses *ses, struct TCP_Server_Info *server, diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index 2aff1cab6c31..0c54b9b79a2c 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -785,63 +785,6 @@ parse_DFS_referrals_exit: return rc; } -/** - * cifs_alloc_hash - allocate hash and hash context together - * @name: The name of the crypto hash algo - * @sdesc: SHASH descriptor where to put the pointer to the hash TFM - * - * The caller has to make sure @sdesc is initialized to either NULL or - * a valid context. It can be freed via cifs_free_hash(). - */ -int -cifs_alloc_hash(const char *name, struct shash_desc **sdesc) -{ - int rc = 0; - struct crypto_shash *alg = NULL; - - if (*sdesc) - return 0; - - alg = crypto_alloc_shash(name, 0, 0); - if (IS_ERR(alg)) { - cifs_dbg(VFS, "Could not allocate shash TFM '%s'\n", name); - rc = PTR_ERR(alg); - *sdesc = NULL; - return rc; - } - - *sdesc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(alg), GFP_KERNEL); - if (*sdesc == NULL) { - cifs_dbg(VFS, "no memory left to allocate shash TFM '%s'\n", name); - crypto_free_shash(alg); - return -ENOMEM; - } - - (*sdesc)->tfm = alg; - return 0; -} - -/** - * cifs_free_hash - free hash and hash context together - * @sdesc: Where to find the pointer to the hash TFM - * - * Freeing a NULL descriptor is safe. - */ -void -cifs_free_hash(struct shash_desc **sdesc) -{ - if (unlikely(!sdesc) || !*sdesc) - return; - - if ((*sdesc)->tfm) { - crypto_free_shash((*sdesc)->tfm); - (*sdesc)->tfm = NULL; - } - - kfree_sensitive(*sdesc); - *sdesc = NULL; -} - void extract_unc_hostname(const char *unc, const char **h, size_t *len) { const char *end; diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 698bd27119ae..de2012cc9cf3 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -595,17 +595,6 @@ cifs_ses_add_channel(struct cifs_ses *ses, spin_unlock(&ses->chan_lock); mutex_lock(&ses->session_mutex); - /* - * We need to allocate the server crypto now as we will need - * to sign packets before we generate the channel signing key - * (we sign with the session key) - */ - rc = smb3_crypto_shash_allocate(chan->server); - if (rc) { - cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__); - mutex_unlock(&ses->session_mutex); - goto out; - } rc = cifs_negotiate_protocol(xid, ses, chan->server); if (!rc) diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index 5f74475ba9d1..1ceb95b907e6 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -257,7 +257,6 @@ int smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length, char *data); void smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf, struct kstatfs *kst); -int smb3_crypto_shash_allocate(struct TCP_Server_Info *server); void smb311_update_preauth_hash(struct cifs_ses *ses, struct TCP_Server_Info *server, struct kvec *iov, int nvec); diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c index b233e0cd9152..716e58d1b1c9 100644 --- a/fs/smb/client/smb2transport.c +++ b/fs/smb/client/smb2transport.c @@ -29,14 +29,6 @@ #include "../common/smb2status.h" #include "smb2glob.h" -int -smb3_crypto_shash_allocate(struct TCP_Server_Info *server) -{ - struct cifs_secmech *p = &server->secmech; - - return cifs_alloc_hash("cmac(aes)", &p->aes_cmac); -} - static int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key) { @@ -266,7 +258,6 @@ static int generate_key(struct cifs_ses *ses, struct kvec label, __u8 i[4] = {0, 0, 0, 1}; __u8 L128[4] = {0, 0, 0, 128}; __u8 L256[4] = {0, 0, 1, 0}; - int rc = 0; unsigned char prfhash[SMB2_HMACSHA256_SIZE]; struct TCP_Server_Info *server = ses->server; struct hmac_sha256_ctx hmac_ctx; @@ -274,12 +265,6 @@ static int generate_key(struct cifs_ses *ses, struct kvec label, memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); memset(key, 0x0, key_size); - rc = smb3_crypto_shash_allocate(server); - if (rc) { - cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); - return rc; - } - hmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); hmac_sha256_update(&hmac_ctx, i, 4);