fs: cifs: move from the crypto cipher API to the new DES library interface

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 6 years ago 9a394d12 18fbe0da

+10 -11

3 changed files

expand all

cifs

Kconfig

cifsfs.c

smbencrypt.c

+1 -1

fs/cifs/Kconfig

··· 16 16 select CRYPTO_GCM 17 17 select CRYPTO_ECB 18 18 select CRYPTO_AES 19 - select CRYPTO_DES 19 + select CRYPTO_LIB_DES 20 20 select KEYS 21 21 help 22 22 This is the client VFS module for the SMB3 family of NAS protocols,

-1

fs/cifs/cifsfs.c

··· 1601 1601 ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " 1602 1602 "also older servers complying with the SNIA CIFS Specification)"); 1603 1603 MODULE_VERSION(CIFS_VERSION); 1604 - MODULE_SOFTDEP("pre: des"); 1605 1604 MODULE_SOFTDEP("pre: ecb"); 1606 1605 MODULE_SOFTDEP("pre: hmac"); 1607 1606 MODULE_SOFTDEP("pre: md4");

+9 -9

fs/cifs/smbencrypt.c

··· 11 11 12 12 */ 13 13 14 - #include <linux/crypto.h> 15 14 #include <linux/module.h> 16 15 #include <linux/slab.h> 16 + #include <linux/fips.h> 17 17 #include <linux/fs.h> 18 18 #include <linux/string.h> 19 19 #include <linux/kernel.h> 20 20 #include <linux/random.h> 21 + #include <crypto/des.h> 21 22 #include "cifs_fs_sb.h" 22 23 #include "cifs_unicode.h" 23 24 #include "cifspdu.h" ··· 59 58 smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) 60 59 { 61 60 unsigned char key2[8]; 62 - struct crypto_cipher *tfm_des; 61 + struct des_ctx ctx; 63 62 64 63 str_to_key(key, key2); 65 64 66 - tfm_des = crypto_alloc_cipher("des", 0, 0); 67 - if (IS_ERR(tfm_des)) { 68 - cifs_dbg(VFS, "could not allocate des crypto API\n"); 69 - return PTR_ERR(tfm_des); 65 + if (fips_enabled) { 66 + cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n"); 67 + return -ENOENT; 70 68 } 71 69 72 - crypto_cipher_setkey(tfm_des, key2, 8); 73 - crypto_cipher_encrypt_one(tfm_des, out, in); 74 - crypto_free_cipher(tfm_des); 70 + des_expand_key(&ctx, key2, DES_KEY_SIZE); 71 + des_encrypt(&ctx, out, in); 72 + memzero_explicit(&ctx, sizeof(ctx)); 75 73 76 74 return 0; 77 75 }