tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
smb3.1.1: print warning if server does not support requested encryption type
If server does not support AES-256-GCM and it was required on mount, print
warning message. Also log and return a different error message (EOPNOTSUPP)
when encryption mechanism is not supported vs the case when an unknown
unrequested encryption mechanism could be returned (EINVAL).
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
+13
-2
+13
-2
fs/cifs/smb2pdu.c
+13
-2
fs/cifs/smb2pdu.c
···
610
610
return -EINVAL;
611
611
}
612
612
cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0]));
613
-
if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
614
-
(ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM)) {
613
+
if (require_gcm_256) {
614
+
if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) {
615
+
cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n");
616
+
return -EOPNOTSUPP;
617
+
}
618
+
} else if (ctxt->Ciphers[0] == 0) {
619
+
/* e.g. if server only supported AES256_CCM (very unlikely) */
620
+
cifs_dbg(VFS, "Server does not support requested encryption types\n");
621
+
return -EOPNOTSUPP;
622
+
} else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
623
+
(ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) &&
624
+
(ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) {
625
+
/* server returned a cipher we didn't ask for */
615
626
pr_warn_once("Invalid SMB3.11 cipher returned\n");
616
627
return -EINVAL;
617
628
}