fs: cifs: move from the crypto cipher API to the new DES library interface
Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
18fbe0da8e
commit
9a394d1208
@ -16,7 +16,7 @@ config CIFS
|
|||||||
select CRYPTO_GCM
|
select CRYPTO_GCM
|
||||||
select CRYPTO_ECB
|
select CRYPTO_ECB
|
||||||
select CRYPTO_AES
|
select CRYPTO_AES
|
||||||
select CRYPTO_DES
|
select CRYPTO_LIB_DES
|
||||||
select KEYS
|
select KEYS
|
||||||
help
|
help
|
||||||
This is the client VFS module for the SMB3 family of NAS protocols,
|
This is the client VFS module for the SMB3 family of NAS protocols,
|
||||||
|
@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION
|
|||||||
("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
|
("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
|
||||||
"also older servers complying with the SNIA CIFS Specification)");
|
"also older servers complying with the SNIA CIFS Specification)");
|
||||||
MODULE_VERSION(CIFS_VERSION);
|
MODULE_VERSION(CIFS_VERSION);
|
||||||
MODULE_SOFTDEP("pre: des");
|
|
||||||
MODULE_SOFTDEP("pre: ecb");
|
MODULE_SOFTDEP("pre: ecb");
|
||||||
MODULE_SOFTDEP("pre: hmac");
|
MODULE_SOFTDEP("pre: hmac");
|
||||||
MODULE_SOFTDEP("pre: md4");
|
MODULE_SOFTDEP("pre: md4");
|
||||||
|
@ -11,13 +11,14 @@
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <linux/crypto.h>
|
|
||||||
#include <linux/module.h>
|
#include <linux/module.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
|
#include <linux/fips.h>
|
||||||
#include <linux/fs.h>
|
#include <linux/fs.h>
|
||||||
#include <linux/string.h>
|
#include <linux/string.h>
|
||||||
#include <linux/kernel.h>
|
#include <linux/kernel.h>
|
||||||
#include <linux/random.h>
|
#include <linux/random.h>
|
||||||
|
#include <crypto/des.h>
|
||||||
#include "cifs_fs_sb.h"
|
#include "cifs_fs_sb.h"
|
||||||
#include "cifs_unicode.h"
|
#include "cifs_unicode.h"
|
||||||
#include "cifspdu.h"
|
#include "cifspdu.h"
|
||||||
@ -58,19 +59,18 @@ static int
|
|||||||
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
|
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
|
||||||
{
|
{
|
||||||
unsigned char key2[8];
|
unsigned char key2[8];
|
||||||
struct crypto_cipher *tfm_des;
|
struct des_ctx ctx;
|
||||||
|
|
||||||
str_to_key(key, key2);
|
str_to_key(key, key2);
|
||||||
|
|
||||||
tfm_des = crypto_alloc_cipher("des", 0, 0);
|
if (fips_enabled) {
|
||||||
if (IS_ERR(tfm_des)) {
|
cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");
|
||||||
cifs_dbg(VFS, "could not allocate des crypto API\n");
|
return -ENOENT;
|
||||||
return PTR_ERR(tfm_des);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
crypto_cipher_setkey(tfm_des, key2, 8);
|
des_expand_key(&ctx, key2, DES_KEY_SIZE);
|
||||||
crypto_cipher_encrypt_one(tfm_des, out, in);
|
des_encrypt(&ctx, out, in);
|
||||||
crypto_free_cipher(tfm_des);
|
memzero_explicit(&ctx, sizeof(ctx));
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user