Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9a394d12 authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Herbert Xu
Browse files

fs: cifs: move from the crypto cipher API to the new DES library interface 



Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 18fbe0da

fs/cifs/Kconfig

+1 −1
Original line number Original line Diff line number Diff line
@@ -16,7 +16,7 @@ config CIFS 
	select CRYPTO_GCM

	select CRYPTO_GCM

	select CRYPTO_ECB

	select CRYPTO_ECB

	select CRYPTO_AES

	select CRYPTO_AES

	select CRYPTO_DES

	select CRYPTO_LIB_DES

	select KEYS

	select KEYS

	help

	help

	  This is the client VFS module for the SMB3 family of NAS protocols,

	  This is the client VFS module for the SMB3 family of NAS protocols,

fs/cifs/cifsfs.c

+0 −1
Original line number Original line Diff line number Diff line
@@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION 
	("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "

	("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "

	"also older servers complying with the SNIA CIFS Specification)");

	"also older servers complying with the SNIA CIFS Specification)");

MODULE_VERSION(CIFS_VERSION);

MODULE_VERSION(CIFS_VERSION);

MODULE_SOFTDEP("pre: des");

MODULE_SOFTDEP("pre: ecb");

MODULE_SOFTDEP("pre: ecb");

MODULE_SOFTDEP("pre: hmac");

MODULE_SOFTDEP("pre: hmac");

MODULE_SOFTDEP("pre: md4");

MODULE_SOFTDEP("pre: md4");

fs/cifs/smbencrypt.c

+9 −9
Original line number Original line Diff line number Diff line
@@ -11,13 +11,14 @@ 




*/

*/





#include <linux/crypto.h>

#include <linux/module.h>

#include <linux/module.h>

#include <linux/slab.h>

#include <linux/slab.h>

#include <linux/fips.h>

#include <linux/fs.h>

#include <linux/fs.h>

#include <linux/string.h>

#include <linux/string.h>

#include <linux/kernel.h>

#include <linux/kernel.h>

#include <linux/random.h>

#include <linux/random.h>

#include <crypto/des.h>

#include "cifs_fs_sb.h"

#include "cifs_fs_sb.h"

#include "cifs_unicode.h"

#include "cifs_unicode.h"

#include "cifspdu.h"

#include "cifspdu.h"
@@ -58,19 +59,18 @@ static int 
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)

smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)

{

{

	unsigned char key2[8];

	unsigned char key2[8];

	struct crypto_cipher *tfm_des;

	struct des_ctx ctx;





	str_to_key(key, key2);

	str_to_key(key, key2);





	tfm_des = crypto_alloc_cipher("des", 0, 0);

	if (fips_enabled) {

	if (IS_ERR(tfm_des)) {

		cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");

		cifs_dbg(VFS, "could not allocate des crypto API\n");

		return -ENOENT;

		return PTR_ERR(tfm_des);

	}

	}





	crypto_cipher_setkey(tfm_des, key2, 8);

	des_expand_key(&ctx, key2, DES_KEY_SIZE);

	crypto_cipher_encrypt_one(tfm_des, out, in);

	des_encrypt(&ctx, out, in);

	crypto_free_cipher(tfm_des);

	memzero_explicit(&ctx, sizeof(ctx));





	return 0;

	return 0;

}

}