Commit ae04b1bb authored by Eric Biggers's avatar Eric Biggers Committed by Steve French
Browse files

smb: client: Use MD5 library for M-F symlink hashing 



Convert parse_mf_symlink() and format_mf_symlink() to use the MD5
library instead of a "md5" crypto_shash.  This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

This also fixes an issue where these functions did not work on kernels
booted in FIPS mode.  The use of MD5 here is for data integrity rather
than a security purpose, so it can use a non-FIPS-approved algorithm.

Reviewed-by: default avatarStefan Metzmacher <metze@samba.org>
Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent e05b3115

fs/smb/client/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ config CIFS 
	select CRYPTO_ECB

	select CRYPTO_AES

	select CRYPTO_LIB_ARC4

	select CRYPTO_LIB_MD5

	select CRYPTO_LIB_SHA256

	select CRYPTO_LIB_SHA512

	select KEYS

fs/smb/client/link.c

+3 −28
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ 
 *   Author(s): Steve French (sfrench@us.ibm.com)

 *

 */

#include <crypto/md5.h>

#include <linux/fs.h>

#include <linux/stat.h>

#include <linux/slab.h>
@@ -36,23 +37,6 @@ 
#define CIFS_MF_SYMLINK_MD5_FORMAT "%16phN\n"

#define CIFS_MF_SYMLINK_MD5_ARGS(md5_hash) md5_hash



static int

symlink_hash(unsigned int link_len, const char *link_str, u8 *md5_hash)

{

	int rc;

	struct shash_desc *md5 = NULL;



	rc = cifs_alloc_hash("md5", &md5);

	if (rc)

		return rc;



	rc = crypto_shash_digest(md5, link_str, link_len, md5_hash);

	if (rc)

		cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);

	cifs_free_hash(&md5);

	return rc;

}



static int

parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len,

		 char **_link_str)
@@ -77,11 +61,7 @@ parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len, 
	if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN)

		return -EINVAL;



	rc = symlink_hash(link_len, link_str, md5_hash);

	if (rc) {

		cifs_dbg(FYI, "%s: MD5 hash failure: %d\n", __func__, rc);

		return rc;

	}

	md5(link_str, link_len, md5_hash);



	scnprintf(md5_str2, sizeof(md5_str2),

		  CIFS_MF_SYMLINK_MD5_FORMAT,
@@ -103,7 +83,6 @@ parse_mf_symlink(const u8 *buf, unsigned int buf_len, unsigned int *_link_len, 
static int

format_mf_symlink(u8 *buf, unsigned int buf_len, const char *link_str)

{

	int rc;

	unsigned int link_len;

	unsigned int ofs;

	u8 md5_hash[16];
@@ -116,11 +95,7 @@ format_mf_symlink(u8 *buf, unsigned int buf_len, const char *link_str) 
	if (link_len > CIFS_MF_SYMLINK_LINK_MAXLEN)

		return -ENAMETOOLONG;



	rc = symlink_hash(link_len, link_str, md5_hash);

	if (rc) {

		cifs_dbg(FYI, "%s: MD5 hash failure: %d\n", __func__, rc);

		return rc;

	}

	md5(link_str, link_len, md5_hash);



	scnprintf(buf, buf_len,

		  CIFS_MF_SYMLINK_LEN_FORMAT CIFS_MF_SYMLINK_MD5_FORMAT,