ppp: mppe: Use SHA-1 library instead of crypto_shash

Now that a SHA-1 library API is available, use it instead of
crypto_shash.  This is simpler and faster.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://patch.msgid.link/20250815020705.23055-1-ebiggers@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/ppp/Kconfig b/drivers/net/ppp/Kconfig
index 8c9ed1889d1af2442a0f5a315ce7bca30adf5ab3..a1806b4b84beb257ad47ba34f3c7f0aff9758e68 100644 (file)
--- a/drivers/net/ppp/Kconfig
+++ b/drivers/net/ppp/Kconfig
@@ -85,9 +85,8 @@ config PPP_FILTER
 config PPP_MPPE
        tristate "PPP MPPE compression (encryption)"
        depends on PPP
-       select CRYPTO
-       select CRYPTO_SHA1
        select CRYPTO_LIB_ARC4
+       select CRYPTO_LIB_SHA1
        help
          Support for the MPPE Encryption protocol, as employed by the
          Microsoft Point-to-Point Tunneling Protocol.

diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
index bcc1eaedf58fb54a2eb495f2aeb51563aa9475aa..630cbf71c147b1e5f690736b8eb35048be7cb286 100644 (file)
--- a/drivers/net/ppp/ppp_mppe.c
+++ b/drivers/net/ppp/ppp_mppe.c
@@ -43,7 +43,7 @@
  */
 
 #include <crypto/arc4.h>
-#include <crypto/hash.h>
+#include <crypto/sha1.h>
 #include <linux/err.h>
 #include <linux/fips.h>
 #include <linux/module.h>
@@ -55,7 +55,6 @@
 #include <linux/mm.h>
 #include <linux/ppp_defs.h>
 #include <linux/ppp-comp.h>
-#include <linux/scatterlist.h>
 #include <linux/unaligned.h>
 
 #include "ppp_mppe.h"
@@ -67,31 +66,15 @@ MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
 MODULE_VERSION("1.0.2");
 
 #define SHA1_PAD_SIZE 40
-
-/*
- * kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module
- * static data area.  That means sha_pad needs to be kmalloc'd.
- */
-
-struct sha_pad {
-       unsigned char sha_pad1[SHA1_PAD_SIZE];
-       unsigned char sha_pad2[SHA1_PAD_SIZE];
-};
-static struct sha_pad *sha_pad;
-
-static inline void sha_pad_init(struct sha_pad *shapad)
-{
-       memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1));
-       memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2));
-}
+static const u8 sha_pad1[SHA1_PAD_SIZE] = { 0 };
+static const u8 sha_pad2[SHA1_PAD_SIZE] = { [0 ... SHA1_PAD_SIZE - 1] = 0xF2 };
 
 /*
  * State for an MPPE (de)compressor.
  */
 struct ppp_mppe_state {
        struct arc4_ctx arc4;
-       struct shash_desc *sha1;
-       unsigned char *sha1_digest;
+       unsigned char sha1_digest[SHA1_DIGEST_SIZE];
        unsigned char master_key[MPPE_MAX_KEY_LEN];
        unsigned char session_key[MPPE_MAX_KEY_LEN];
        unsigned keylen;        /* key length in bytes             */
@@ -130,16 +113,14 @@ struct ppp_mppe_state {
  */
 static void get_new_key_from_sha(struct ppp_mppe_state * state)
 {
-       crypto_shash_init(state->sha1);
-       crypto_shash_update(state->sha1, state->master_key,
-                           state->keylen);
-       crypto_shash_update(state->sha1, sha_pad->sha_pad1,
-                           sizeof(sha_pad->sha_pad1));
-       crypto_shash_update(state->sha1, state->session_key,
-                           state->keylen);
-       crypto_shash_update(state->sha1, sha_pad->sha_pad2,
-                           sizeof(sha_pad->sha_pad2));
-       crypto_shash_final(state->sha1, state->sha1_digest);
+       struct sha1_ctx ctx;
+
+       sha1_init(&ctx);
+       sha1_update(&ctx, state->master_key, state->keylen);
+       sha1_update(&ctx, sha_pad1, sizeof(sha_pad1));
+       sha1_update(&ctx, state->session_key, state->keylen);
+       sha1_update(&ctx, sha_pad2, sizeof(sha_pad2));
+       sha1_final(&ctx, state->sha1_digest);
 }
 
 /*
@@ -171,39 +152,15 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
 static void *mppe_alloc(unsigned char *options, int optlen)
 {
        struct ppp_mppe_state *state;
-       struct crypto_shash *shash;
-       unsigned int digestsize;
 
        if (optlen != CILEN_MPPE + sizeof(state->master_key) ||
            options[0] != CI_MPPE || options[1] != CILEN_MPPE ||
            fips_enabled)
-               goto out;
+               return NULL;
 
        state = kzalloc(sizeof(*state), GFP_KERNEL);
        if (state == NULL)
-               goto out;
-
-
-       shash = crypto_alloc_shash("sha1", 0, 0);
-       if (IS_ERR(shash))
-               goto out_free;
-
-       state->sha1 = kmalloc(sizeof(*state->sha1) +
-                                    crypto_shash_descsize(shash),
-                             GFP_KERNEL);
-       if (!state->sha1) {
-               crypto_free_shash(shash);
-               goto out_free;
-       }
-       state->sha1->tfm = shash;
-
-       digestsize = crypto_shash_digestsize(shash);
-       if (digestsize < MPPE_MAX_KEY_LEN)
-               goto out_free;
-
-       state->sha1_digest = kmalloc(digestsize, GFP_KERNEL);
-       if (!state->sha1_digest)
-               goto out_free;
+               return NULL;
 
        /* Save keys. */
        memcpy(state->master_key, &options[CILEN_MPPE],
@@ -217,16 +174,6 @@ static void *mppe_alloc(unsigned char *options, int optlen)
         */
 
        return (void *)state;
-
-out_free:
-       kfree(state->sha1_digest);
-       if (state->sha1) {
-               crypto_free_shash(state->sha1->tfm);
-               kfree_sensitive(state->sha1);
-       }
-       kfree(state);
-out:
-       return NULL;
 }
 
 /*
@@ -235,12 +182,8 @@ out:
 static void mppe_free(void *arg)
 {
        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
-       if (state) {
-               kfree(state->sha1_digest);
-               crypto_free_shash(state->sha1->tfm);
-               kfree_sensitive(state->sha1);
-               kfree_sensitive(state);
-       }
+
+       kfree_sensitive(state);
 }
 
 /*
@@ -649,31 +592,17 @@ static struct compressor ppp_mppe = {
        .comp_extra     = MPPE_PAD,
 };
 
-/*
- * ppp_mppe_init()
- *
- * Prior to allowing load, try to load the arc4 and sha1 crypto
- * libraries.  The actual use will be allocated later, but
- * this way the module will fail to insmod if they aren't available.
- */
-
 static int __init ppp_mppe_init(void)
 {
        int answer;
-       if (fips_enabled || !crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC))
-               return -ENODEV;
 
-       sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);
-       if (!sha_pad)
-               return -ENOMEM;
-       sha_pad_init(sha_pad);
+       if (fips_enabled)
+               return -ENODEV;
 
        answer = ppp_register_compressor(&ppp_mppe);
 
        if (answer == 0)
                printk(KERN_INFO "PPP MPPE Compression module registered\n");
-       else
-               kfree(sha_pad);
 
        return answer;
 }
@@ -681,7 +610,6 @@ static int __init ppp_mppe_init(void)
 static void __exit ppp_mppe_cleanup(void)
 {
        ppp_unregister_compressor(&ppp_mppe);
-       kfree(sha_pad);
 }
 
 module_init(ppp_mppe_init);