{"id":2224813,"url":"http://patchwork.ozlabs.org/api/patches/2224813/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260418221311.67583-3-ebiggers@kernel.org/","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260418221311.67583-3-ebiggers@kernel.org>","list_archive_url":null,"date":"2026-04-18T22:13:09","name":"[v2,2/4] smb: client: Remove obsolete cmac(aes) allocation","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"9d44d22115298607310c4c945e0f4cbfe515220a","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260418221311.67583-3-ebiggers@kernel.org/mbox/","series":[{"id":500471,"url":"http://patchwork.ozlabs.org/api/series/500471/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=500471","date":"2026-04-18T22:13:07","name":"smb: client: Use AES-CMAC library","version":2,"mbox":"http://patchwork.ozlabs.org/series/500471/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224813/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224813/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=eiOlULXl;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10904-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"eiOlULXl\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fymHC5MwGz1yGs\n\tfor ; Sun, 19 Apr 2026 08:13:43 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 36CF5302DF51\n\tfor ; Sat, 18 Apr 2026 22:13:40 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 8C2B634AAEB;\n\tSat, 18 Apr 2026 22:13:38 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 694D134A3C5;\n\tSat, 18 Apr 2026 22:13:38 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id D9AEFC2BCB7;\n\tSat, 18 Apr 2026 22:13:37 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776550418; cv=none;\n b=P7yZ3rSku5BShgE8KBKL2i3tHb9TCXV5bQXNKNFP4Xbbgwv4G5FHDY+arEAwy2nVzrqiZjDKmLRKd4gr2TQtddTPsWj7ENlCuyX5ngWuy6xmr5c3W7v1WOC6blV8b7JcON6r4oVkYEoVdeggttt/MZq756DguZJKCutvF5YknR8=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776550418; c=relaxed/simple;\n\tbh=UFsMGQzwpj1CXCSj3DEfbmfeZG6YW47JjvEPrORMglU=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=Ajk27hiB0HrvNsAIjzwpCvhTPgGCCTy7BJadD2Fo/rEG4GNliWlyyjGzyQlqRn5w7g4od3gElS/+rjHTgSR4e/9A8bnUf1pcakm92xv/kok8zir8gm2ET8O0jMGv0ulncWzvp9qMUlpg0/2TCF8gCrboa+whqt7lN5/56KulVRM=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=eiOlULXl; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776550418;\n\tbh=UFsMGQzwpj1CXCSj3DEfbmfeZG6YW47JjvEPrORMglU=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=eiOlULXlt9qjKe2gF3ERAxoD+xbN1xgkBNYud6wbFQePl56pEYVVSBKNBALqgJgcM\n\t qCabjhqWbvPolDSzqInKUROtv0MZHLweglXSshwy2zCO+UaCNzxKvpYKGyT6i8tVHQ\n\t gxlZ5UVsD45OJCXJasoVPo3Hhw0yLYw9MsAtg9U2t40cZKjDCYs9y2+etHkaC2ElWW\n\t ExwMLML4NPlL/1DVlJmybv9lF85nQz5h4vVsjLNb+RfLKwYLlWbNxtxIW7GPuFaouz\n\t vErJBs3Qdk7nitPuJdku7nv6wVdKNItfSHpyoapKYxKywPAFTaZ1GfOn91PdtUsoof\n\t Ed9weAF2sz2nA==","From":"Eric Biggers ","To":"linux-cifs@vger.kernel.org,\n\tSteve French ","Cc":"linux-crypto@vger.kernel.org,\n\tsamba-technical@lists.samba.org,\n\tlinux-kernel@vger.kernel.org,\n\tArd Biesheuvel ,\n\tPaulo Alcantara ,\n\tRonnie Sahlberg ,\n\tShyam Prasad N ,\n\tTom Talpey ,\n\tBharath SM ,\n\tEric Biggers ","Subject":"[PATCH v2 2/4] smb: client: Remove obsolete cmac(aes) allocation","Date":"Sat, 18 Apr 2026 15:13:09 -0700","Message-ID":"<20260418221311.67583-3-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260418221311.67583-1-ebiggers@kernel.org>","References":"<20260418221311.67583-1-ebiggers@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Since the crypto library API is now being used instead of crypto_shash,\nthe \"cmac(aes)\" crypto_shash that is being allocated and stored in\n'struct cifs_secmech' is no longer used. Remove it.\n\nThat makes the kconfig selection of CRYPTO_CMAC and the module softdep\non \"cmac\" unnecessary. So remove those too.\n\nFinally, since this removes the last use of crypto_shash from the smb\nclient, also remove the remaining crypto_shash-related helper functions.\n\nNote: cifs_unicode.c was relying on being included\ntransitively via . Since the latter include is\nremoved, make cifs_unicode.c include explicitly.\n\nReviewed-by: Ard Biesheuvel \nSigned-off-by: Eric Biggers \n---\n fs/smb/client/Kconfig | 1 -\n fs/smb/client/cifs_unicode.c | 1 +\n fs/smb/client/cifsencrypt.c | 2 --\n fs/smb/client/cifsfs.c | 1 -\n fs/smb/client/cifsglob.h | 5 +--\n fs/smb/client/cifsproto.h | 3 --\n fs/smb/client/misc.c | 57 -----------------------------------\n fs/smb/client/sess.c | 11 -------\n fs/smb/client/smb2proto.h | 1 -\n fs/smb/client/smb2transport.c | 15 ---------\n 10 files changed, 2 insertions(+), 95 deletions(-)","diff":"diff --git a/fs/smb/client/Kconfig b/fs/smb/client/Kconfig\nindex 029bbe595d5fa..a1c6ad4d574a0 100644\n--- a/fs/smb/client/Kconfig\n+++ b/fs/smb/client/Kconfig\n@@ -3,11 +3,10 @@ config CIFS\n \ttristate \"SMB3 and CIFS support (advanced network filesystem)\"\n \tdepends on INET\n \tselect NLS\n \tselect NLS_UCS2_UTILS\n \tselect CRYPTO\n-\tselect CRYPTO_CMAC\n \tselect CRYPTO_AEAD2\n \tselect CRYPTO_CCM\n \tselect CRYPTO_GCM\n \tselect CRYPTO_AES\n \tselect CRYPTO_LIB_AES_CBC_MACS\ndiff --git a/fs/smb/client/cifs_unicode.c b/fs/smb/client/cifs_unicode.c\nindex e2edc207cef25..4a8a591f4bcac 100644\n--- a/fs/smb/client/cifs_unicode.c\n+++ b/fs/smb/client/cifs_unicode.c\n@@ -4,10 +4,11 @@\n * Copyright (c) International Business Machines Corp., 2000,2009\n * Modified by Steve French (sfrench@us.ibm.com)\n */\n #include \n #include \n+#include \n #include \"cifs_fs_sb.h\"\n #include \"cifs_unicode.h\"\n #include \"cifsglob.h\"\n #include \"cifs_debug.h\"\n \ndiff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c\nindex d092bca2df62d..34804e9842a80 100644\n--- a/fs/smb/client/cifsencrypt.c\n+++ b/fs/smb/client/cifsencrypt.c\n@@ -501,12 +501,10 @@ calc_seckey(struct cifs_ses *ses)\n }\n \n void\n cifs_crypto_secmech_release(struct TCP_Server_Info *server)\n {\n-\tcifs_free_hash(&server->secmech.aes_cmac);\n-\n \tif (server->secmech.enc) {\n \t\tcrypto_free_aead(server->secmech.enc);\n \t\tserver->secmech.enc = NULL;\n \t}\n \tif (server->secmech.dec) {\ndiff --git a/fs/smb/client/cifsfs.c b/fs/smb/client/cifsfs.c\nindex 2025739f070ac..081fc1f9447da 100644\n--- a/fs/smb/client/cifsfs.c\n+++ b/fs/smb/client/cifsfs.c\n@@ -2158,11 +2158,10 @@ MODULE_DESCRIPTION\n \t(\"VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and \"\n \t\"also older servers complying with the SNIA CIFS Specification)\");\n MODULE_VERSION(CIFS_VERSION);\n MODULE_SOFTDEP(\"nls\");\n MODULE_SOFTDEP(\"aes\");\n-MODULE_SOFTDEP(\"cmac\");\n MODULE_SOFTDEP(\"aead2\");\n MODULE_SOFTDEP(\"ccm\");\n MODULE_SOFTDEP(\"gcm\");\n module_init(init_cifs)\n module_exit(exit_cifs)\ndiff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h\nindex 74265d055c265..82e0adc1dabd0 100644\n--- a/fs/smb/client/cifsglob.h\n+++ b/fs/smb/client/cifsglob.h\n@@ -21,11 +21,10 @@\n #include \n #include \n #include \n #include \"cifs_fs_sb.h\"\n #include \"cifsacl.h\"\n-#include \n #include \n #include \"../common/smbglob.h\"\n #include \"../common/smb2pdu.h\"\n #include \"../common/fscc.h\"\n #include \"smb2pdu.h\"\n@@ -219,14 +218,12 @@ static inline const char *cifs_symlink_type_str(enum cifs_symlink_type type)\n struct session_key {\n \tunsigned int len;\n \tchar *response;\n };\n \n-/* crypto hashing related structure/fields, not specific to a sec mech */\n+/* encryption related structure/fields, not specific to a sec mech */\n struct cifs_secmech {\n-\tstruct shash_desc *aes_cmac; /* block-cipher based MAC function, for SMB3 signatures */\n-\n \tstruct crypto_aead *enc; /* smb3 encryption AEAD TFM (AES-CCM and AES-GCM) */\n \tstruct crypto_aead *dec; /* smb3 decryption AEAD TFM (AES-CCM and AES-GCM) */\n };\n \n /* per smb session structure/fields */\ndiff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h\nindex c24c50d732e64..4a25afda9448a 100644\n--- a/fs/smb/client/cifsproto.h\n+++ b/fs/smb/client/cifsproto.h\n@@ -349,13 +349,10 @@ int __cifs_calc_signature(struct smb_rqst *rqst,\n \t\t\t struct TCP_Server_Info *server, char *signature,\n \t\t\t struct cifs_calc_sig_ctx *ctx);\n enum securityEnum cifs_select_sectype(struct TCP_Server_Info *server,\n \t\t\t\t enum securityEnum requested);\n \n-int cifs_alloc_hash(const char *name, struct shash_desc **sdesc);\n-void cifs_free_hash(struct shash_desc **sdesc);\n-\n int cifs_try_adding_channels(struct cifs_ses *ses);\n int smb3_update_ses_channels(struct cifs_ses *ses,\n \t\t\t struct TCP_Server_Info *server,\n \t\t\t bool from_reconnect, bool disable_mchan);\n bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface);\ndiff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c\nindex 2aff1cab6c31e..0c54b9b79a2ce 100644\n--- a/fs/smb/client/misc.c\n+++ b/fs/smb/client/misc.c\n@@ -783,67 +783,10 @@ parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size,\n \t\t*num_of_nodes = 0;\n \t}\n \treturn rc;\n }\n \n-/**\n- * cifs_alloc_hash - allocate hash and hash context together\n- * @name: The name of the crypto hash algo\n- * @sdesc: SHASH descriptor where to put the pointer to the hash TFM\n- *\n- * The caller has to make sure @sdesc is initialized to either NULL or\n- * a valid context. It can be freed via cifs_free_hash().\n- */\n-int\n-cifs_alloc_hash(const char *name, struct shash_desc **sdesc)\n-{\n-\tint rc = 0;\n-\tstruct crypto_shash *alg = NULL;\n-\n-\tif (*sdesc)\n-\t\treturn 0;\n-\n-\talg = crypto_alloc_shash(name, 0, 0);\n-\tif (IS_ERR(alg)) {\n-\t\tcifs_dbg(VFS, \"Could not allocate shash TFM '%s'\\n\", name);\n-\t\trc = PTR_ERR(alg);\n-\t\t*sdesc = NULL;\n-\t\treturn rc;\n-\t}\n-\n-\t*sdesc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(alg), GFP_KERNEL);\n-\tif (*sdesc == NULL) {\n-\t\tcifs_dbg(VFS, \"no memory left to allocate shash TFM '%s'\\n\", name);\n-\t\tcrypto_free_shash(alg);\n-\t\treturn -ENOMEM;\n-\t}\n-\n-\t(*sdesc)->tfm = alg;\n-\treturn 0;\n-}\n-\n-/**\n- * cifs_free_hash - free hash and hash context together\n- * @sdesc: Where to find the pointer to the hash TFM\n- *\n- * Freeing a NULL descriptor is safe.\n- */\n-void\n-cifs_free_hash(struct shash_desc **sdesc)\n-{\n-\tif (unlikely(!sdesc) || !*sdesc)\n-\t\treturn;\n-\n-\tif ((*sdesc)->tfm) {\n-\t\tcrypto_free_shash((*sdesc)->tfm);\n-\t\t(*sdesc)->tfm = NULL;\n-\t}\n-\n-\tkfree_sensitive(*sdesc);\n-\t*sdesc = NULL;\n-}\n-\n void extract_unc_hostname(const char *unc, const char **h, size_t *len)\n {\n \tconst char *end;\n \n \t/* skip initial slashes */\ndiff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c\nindex 698bd27119ae0..de2012cc9cf3e 100644\n--- a/fs/smb/client/sess.c\n+++ b/fs/smb/client/sess.c\n@@ -593,21 +593,10 @@ cifs_ses_add_channel(struct cifs_ses *ses,\n \tcifs_chan_set_need_reconnect(ses, chan->server);\n \n \tspin_unlock(&ses->chan_lock);\n \n \tmutex_lock(&ses->session_mutex);\n-\t/*\n-\t * We need to allocate the server crypto now as we will need\n-\t * to sign packets before we generate the channel signing key\n-\t * (we sign with the session key)\n-\t */\n-\trc = smb3_crypto_shash_allocate(chan->server);\n-\tif (rc) {\n-\t\tcifs_dbg(VFS, \"%s: crypto alloc failed\\n\", __func__);\n-\t\tmutex_unlock(&ses->session_mutex);\n-\t\tgoto out;\n-\t}\n \n \trc = cifs_negotiate_protocol(xid, ses, chan->server);\n \tif (!rc)\n \t\trc = cifs_setup_session(xid, ses, chan->server, ses->local_nls);\n \ndiff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h\nindex 5f74475ba9d19..1ceb95b907e6b 100644\n--- a/fs/smb/client/smb2proto.h\n+++ b/fs/smb/client/smb2proto.h\n@@ -255,11 +255,10 @@ int smb2_validate_iov(unsigned int offset, unsigned int buffer_length,\n int smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length,\n \t\t\t struct kvec *iov, unsigned int minbufsize,\n \t\t\t char *data);\n void smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,\n \t\t\t\t struct kstatfs *kst);\n-int smb3_crypto_shash_allocate(struct TCP_Server_Info *server);\n void smb311_update_preauth_hash(struct cifs_ses *ses,\n \t\t\t\tstruct TCP_Server_Info *server,\n \t\t\t\tstruct kvec *iov, int nvec);\n int smb2_query_info_compound(const unsigned int xid, struct cifs_tcon *tcon,\n \t\t\t const char *path, u32 desired_access, u32 class,\ndiff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c\nindex b233e0cd91529..716e58d1b1c92 100644\n--- a/fs/smb/client/smb2transport.c\n+++ b/fs/smb/client/smb2transport.c\n@@ -27,18 +27,10 @@\n #include \"smb2proto.h\"\n #include \"cifs_debug.h\"\n #include \"../common/smb2status.h\"\n #include \"smb2glob.h\"\n \n-int\n-smb3_crypto_shash_allocate(struct TCP_Server_Info *server)\n-{\n-\tstruct cifs_secmech *p = &server->secmech;\n-\n-\treturn cifs_alloc_hash(\"cmac(aes)\", &p->aes_cmac);\n-}\n-\n static\n int smb3_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)\n {\n \tstruct cifs_chan *chan;\n \tstruct TCP_Server_Info *pserver;\n@@ -264,24 +256,17 @@ static int generate_key(struct cifs_ses *ses, struct kvec label,\n {\n \tunsigned char zero = 0x0;\n \t__u8 i[4] = {0, 0, 0, 1};\n \t__u8 L128[4] = {0, 0, 0, 128};\n \t__u8 L256[4] = {0, 0, 1, 0};\n-\tint rc = 0;\n \tunsigned char prfhash[SMB2_HMACSHA256_SIZE];\n \tstruct TCP_Server_Info *server = ses->server;\n \tstruct hmac_sha256_ctx hmac_ctx;\n \n \tmemset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);\n \tmemset(key, 0x0, key_size);\n \n-\trc = smb3_crypto_shash_allocate(server);\n-\tif (rc) {\n-\t\tcifs_server_dbg(VFS, \"%s: crypto alloc failed\\n\", __func__);\n-\t\treturn rc;\n-\t}\n-\n \thmac_sha256_init_usingrawkey(&hmac_ctx, ses->auth_key.response,\n \t\t\t\t SMB2_NTLMV2_SESSKEY_SIZE);\n \thmac_sha256_update(&hmac_ctx, i, 4);\n \thmac_sha256_update(&hmac_ctx, label.iov_base, label.iov_len);\n \thmac_sha256_update(&hmac_ctx, &zero, 1);\n","prefixes":["v2","2/4"]}