• Eric Biggers's avatar
    fscrypt: switch fscrypt_do_sha256() to use the SHA-256 library · bd0d97b7
    Eric Biggers authored
    fscrypt_do_sha256() is only used for hashing encrypted filenames to
    create no-key tokens, which isn't performance-critical.  Therefore a C
    implementation of SHA-256 is sufficient.
    
    Also, the logic to create no-key tokens is always potentially needed.
    This differs from fscrypt's other dependencies on crypto API algorithms,
    which are conditionally needed depending on what encryption policies
    userspace is using.  Therefore, for fscrypt there isn't much benefit to
    allowing SHA-256 to be a loadable module.
    
    So, make fscrypt_do_sha256() use the SHA-256 library instead of the
    crypto_shash API.  This is much simpler, since it avoids having to
    implement one-time-init (which is hard to do correctly, and in fact was
    implemented incorrectly) and handle failures to allocate the
    crypto_shash object.
    
    Fixes: edc440e3 ("fscrypt: improve format of no-key names")
    Cc: Daniel Rosenberg <drosen@google.com>
    Link: https://lore.kernel.org/r/20200721225920.114347-2-ebiggers@kernel.orgSigned-off-by: default avatarEric Biggers <ebiggers@google.com>
    bd0d97b7
fname.c 18.8 KB