fs: cifs: move from the crypto cipher API to the new DES library interface

Some legacy code in the CIFS driver uses single DES to calculate some password hash, and uses the crypto cipher API to do so. Given that there is no point in invoking an accelerated cipher for doing 56-bit symmetric encryption on a single 8-byte block of input, the flexibility of the crypto cipher API does not add much value here, and so we're much better off using a library call into the generic C implementation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2019-08-15 05:01:12 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2019-08-22 00:57:34 -0400
commit: 9a394d1208147715b8a365f44b4e7bfbb2094748 (patch)
tree: 7126f454de1e419a794dcd87c5c2d4fca52c9793 /fs/cifs
parent: 18fbe0da8e98fe167fbfe1757003e2a2a74d24f3 (diff)
3 files changed, 10 insertions, 11 deletions
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
index b16219e5dac9..350bc3061656 100644
--- a/fs/cifs/Kconfig
+++ b/fs/cifs/Kconfig
@@ -16,7 +16,7 @@ config CIFS
        select CRYPTO_GCM
        select CRYPTO_ECB
        select CRYPTO_AES
-        select CRYPTO_DES
+        select CRYPTO_LIB_DES
        select KEYS
        help
          This is the client VFS module for the SMB3 family of NAS protocols,
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 3289b566463f..4e2f74894e9b 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION
        ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
        "also older servers complying with the SNIA CIFS Specification)");
 MODULE_VERSION(CIFS_VERSION);
-MODULE_SOFTDEP("pre: des");
 MODULE_SOFTDEP("pre: ecb");
 MODULE_SOFTDEP("pre: hmac");
 MODULE_SOFTDEP("pre: md4");
diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index 2b6d87bfdf8e..39a938443e3e 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -11,13 +11,14 @@
 */
-#include <linux/crypto.h>
 #include <linux/module.h>
 #include <linux/slab.h>
+#include <linux/fips.h>
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/random.h>
+#include <crypto/des.h>
 #include "cifs_fs_sb.h"
 #include "cifs_unicode.h"
 #include "cifspdu.h"
@@ -58,19 +59,18 @@ static int
 smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
 {
        unsigned char key2[8];
-        struct crypto_cipher *tfm_des;
+        struct des_ctx ctx;
        str_to_key(key, key2);
-        tfm_des = crypto_alloc_cipher("des", 0, 0);
+        if (fips_enabled) {
-        if (IS_ERR(tfm_des)) {
+                cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");
-                cifs_dbg(VFS, "could not allocate des crypto API\n");
+                return -ENOENT;
-                return PTR_ERR(tfm_des);
        }
-        crypto_cipher_setkey(tfm_des, key2, 8);
+        des_expand_key(&ctx, key2, DES_KEY_SIZE);
-        crypto_cipher_encrypt_one(tfm_des, out, in);
+        des_encrypt(&ctx, out, in);
-        crypto_free_cipher(tfm_des);
+        memzero_explicit(&ctx, sizeof(ctx));
        return 0;
 }
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2019-08-15 05:01:12 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2019-08-22 00:57:34 -0400
commit	9a394d1208147715b8a365f44b4e7bfbb2094748 (patch)
tree	7126f454de1e419a794dcd87c5c2d4fca52c9793 /fs/cifs
parent	18fbe0da8e98fe167fbfe1757003e2a2a74d24f3 (diff)