fs: cifs: move from the crypto cipher API to the new DES library interface

Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig
index b16219e5dac91b2e26fbb98e5c8afb238de47ec4..350bc3061656ebf83b4758ab77652d9fe5d9722f 100644 (file)
--- a/fs/cifs/Kconfig
+++ b/fs/cifs/Kconfig
@@ -16,7 +16,7 @@ config CIFS
        select CRYPTO_GCM
        select CRYPTO_ECB
        select CRYPTO_AES
-       select CRYPTO_DES
+       select CRYPTO_LIB_DES
        select KEYS
        help
          This is the client VFS module for the SMB3 family of NAS protocols,

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 3289b566463f91cc913d886f7db3c41189746d90..4e2f74894e9b3c34eece9d115e6001cb7f96a5e6 100644 (file)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1601,7 +1601,6 @@ MODULE_DESCRIPTION
        ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and "
        "also older servers complying with the SNIA CIFS Specification)");
 MODULE_VERSION(CIFS_VERSION);
-MODULE_SOFTDEP("pre: des");
 MODULE_SOFTDEP("pre: ecb");
 MODULE_SOFTDEP("pre: hmac");
 MODULE_SOFTDEP("pre: md4");

diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index 2b6d87bfdf8e8f7de3b3657a28137c4496f7b37f..39a938443e3e3470848772389520c8b0e07c933e 100644 (file)
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -11,13 +11,14 @@
 
 */
 
-#include <linux/crypto.h>
 #include <linux/module.h>
 #include <linux/slab.h>
+#include <linux/fips.h>
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
 #include <linux/random.h>
+#include <crypto/des.h>
 #include "cifs_fs_sb.h"
 #include "cifs_unicode.h"
 #include "cifspdu.h"
@@ -58,19 +59,18 @@ static int
 smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
 {
        unsigned char key2[8];
-       struct crypto_cipher *tfm_des;
+       struct des_ctx ctx;
 
        str_to_key(key, key2);
 
-       tfm_des = crypto_alloc_cipher("des", 0, 0);
-       if (IS_ERR(tfm_des)) {
-               cifs_dbg(VFS, "could not allocate des crypto API\n");
-               return PTR_ERR(tfm_des);
+       if (fips_enabled) {
+               cifs_dbg(VFS, "FIPS compliance enabled: DES not permitted\n");
+               return -ENOENT;
        }
 
-       crypto_cipher_setkey(tfm_des, key2, 8);
-       crypto_cipher_encrypt_one(tfm_des, out, in);
-       crypto_free_cipher(tfm_des);
+       des_expand_key(&ctx, key2, DES_KEY_SIZE);
+       des_encrypt(&ctx, out, in);
+       memzero_explicit(&ctx, sizeof(ctx));
 
        return 0;
 }