aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-09-18 15:11:14 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2019-09-18 15:11:14 -0400
commit8b53c76533aa4356602aea98f98a2f3b4051464c (patch)
treeab10ba58e21501407f8108a6bb9003daa2176962 /fs/cifs
parent6cfae0c26b21dce323fe8799b66cf4bc996e3565 (diff)
parent9575d1a5c0780ea26ff8dd29c94a32be32ce3c85 (diff)
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Add the ability to abort a skcipher walk. Algorithms: - Fix XTS to actually do the stealing. - Add library helpers for AES and DES for single-block users. - Add library helpers for SHA256. - Add new DES key verification helper. - Add surrounding bits for ESSIV generator. - Add accelerations for aegis128. - Add test vectors for lzo-rle. Drivers: - Add i.MX8MQ support to caam. - Add gcm/ccm/cfb/ofb aes support in inside-secure. - Add ofb/cfb aes support in media-tek. - Add HiSilicon ZIP accelerator support. Others: - Fix potential race condition in padata. - Use unbound workqueues in padata" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (311 commits) crypto: caam - Cast to long first before pointer conversion crypto: ccree - enable CTS support in AES-XTS crypto: inside-secure - Probe transform record cache RAM sizes crypto: inside-secure - Base RD fetchcount on actual RD FIFO size crypto: inside-secure - Base CD fetchcount on actual CD FIFO size crypto: inside-secure - Enable extended algorithms on newer HW crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL crypto: inside-secure - Add EIP97/EIP197 and endianness detection padata: remove cpu_index from the parallel_queue padata: unbind parallel jobs from specific CPUs padata: use separate workqueues for parallel and serial work padata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible crypto: pcrypt - remove padata cpumask notifier padata: make padata_do_parallel find alternate callback CPU workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs workqueue: unconfine alloc/apply/free_workqueue_attrs() padata: allocate workqueue internally arm64: dts: imx8mq: Add CAAM node random: Use wait_event_freezable() in add_hwgenerator_randomness() crypto: ux500 - Fix COMPILE_TEST warnings ...
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/Kconfig2
-rw-r--r--fs/cifs/cifsfs.c1
-rw-r--r--fs/cifs/smbencrypt.c18
3 files changed, 10 insertions, 11 deletions
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
index b16219e5dac9..350bc3061656 100644
--- a/fs/cifs/Kconfig
+++ b/fs/cifs/Kconfig
@@ -16,7 +16,7 @@ config CIFS
16 select CRYPTO_GCM 16 select CRYPTO_GCM
17 select CRYPTO_ECB 17 select CRYPTO_ECB
18 select CRYPTO_AES 18 select CRYPTO_AES
19 select CRYPTO_DES 19 select CRYPTO_LIB_DES
20 select KEYS 20 select KEYS
21 help 21 help
22 This is the client VFS module for the SMB3 family of NAS protocols, 22 This is the client VFS module for the SMB3 family of NAS protocols,
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 3289b566463f..4e2f74894e9b 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION
1601 ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " 1601 ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
1602 "also older servers complying with the SNIA CIFS Specification)"); 1602 "also older servers complying with the SNIA CIFS Specification)");
1603MODULE_VERSION(CIFS_VERSION); 1603MODULE_VERSION(CIFS_VERSION);
1604MODULE_SOFTDEP("pre: des");
1605MODULE_SOFTDEP("pre: ecb"); 1604MODULE_SOFTDEP("pre: ecb");
1606MODULE_SOFTDEP("pre: hmac"); 1605MODULE_SOFTDEP("pre: hmac");
1607MODULE_SOFTDEP("pre: md4"); 1606MODULE_SOFTDEP("pre: md4");
diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index 2b6d87bfdf8e..39a938443e3e 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -11,13 +11,14 @@
11 11
12*/ 12*/
13 13
14#include <linux/crypto.h>
15#include <linux/module.h> 14#include <linux/module.h>
16#include <linux/slab.h> 15#include <linux/slab.h>
16#include <linux/fips.h>
17#include <linux/fs.h> 17#include <linux/fs.h>
18#include <linux/string.h> 18#include <linux/string.h>
19#include <linux/kernel.h> 19#include <linux/kernel.h>
20#include <linux/random.h> 20#include <linux/random.h>
21#include <crypto/des.h>
21#include "cifs_fs_sb.h" 22#include "cifs_fs_sb.h"
22#include "cifs_unicode.h" 23#include "cifs_unicode.h"
23#include "cifspdu.h" 24#include "cifspdu.h"
@@ -58,19 +59,18 @@ static int
58smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) 59smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
59{ 60{
60 unsigned char key2[8]; 61 unsigned char key2[8];
61 struct crypto_cipher *tfm_des; 62 struct des_ctx ctx;
62 63
63 str_to_key(key, key2); 64 str_to_key(key, key2);
64 65
65 tfm_des = crypto_alloc_cipher("des", 0, 0); 66 if (fips_enabled) {
66 if (IS_ERR(tfm_des)) { 67 cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");
67 cifs_dbg(VFS, "could not allocate des crypto API\n"); 68 return -ENOENT;
68 return PTR_ERR(tfm_des);
69 } 69 }
70 70
71 crypto_cipher_setkey(tfm_des, key2, 8); 71 des_expand_key(&ctx, key2, DES_KEY_SIZE);
72 crypto_cipher_encrypt_one(tfm_des, out, in); 72 des_encrypt(&ctx, out, in);
73 crypto_free_cipher(tfm_des); 73 memzero_explicit(&ctx, sizeof(ctx));
74 74
75 return 0; 75 return 0;
76} 76}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-01 14:52:11 -0400