Limit allocation of crypto mechanisms to dialect which requires

Updated patch to try to prevent allocation of cifs, smb2 or smb3 crypto secmech structures unless needed. Currently cifs allocates all crypto mechanisms when the first session is established (4 functions and 4 contexts), rather than only allocating these when needed (smb3 needs two, the rest of the dialects only need one). Acked-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
author: Steve French <smfrench@gmail.com> 2013-07-04 11:35:21 -0400
committer: Steve French <smfrench@gmail.com> 2013-07-04 15:38:08 -0400
commit: 95dc8dd14e2e84cc3adabc8310768c13758e7d96 (patch)
tree: a0c0bb7bd46fd3d527011bb14b53972decf6a818
parent: 80cc38b16389849a6e06441ace4530f6b2497c3c (diff)
4 files changed, 174 insertions, 118 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 3d8bf941d126..45e57cc38200 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -1,7 +1,7 @@
 /*
 *   fs/cifs/cifsencrypt.c
 *
- *   Copyright (C) International Business Machines  Corp., 2005,2006
+ *   Copyright (C) International Business Machines  Corp., 2005,2013
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *
 *   This library is free software; you can redistribute it and/or modify
@@ -31,6 +31,36 @@
 #include <linux/random.h>
 #include <linux/highmem.h>
+static int
+cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
+{
+        int rc;
+        unsigned int size;
+        if (server->secmech.sdescmd5 != NULL)
+                return 0; /* already allocated */
+        server->secmech.md5 = crypto_alloc_shash("md5", 0, 0);
+        if (IS_ERR(server->secmech.md5)) {
+                cifs_dbg(VFS, "could not allocate crypto md5\n");
+                return PTR_ERR(server->secmech.md5);
+        }
+        size = sizeof(struct shash_desc) +
+                        crypto_shash_descsize(server->secmech.md5);
+        server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
+        if (!server->secmech.sdescmd5) {
+                rc = -ENOMEM;
+                crypto_free_shash(server->secmech.md5);
+                server->secmech.md5 = NULL;
+                return rc;
+        }
+        server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
+        server->secmech.sdescmd5->shash.flags = 0x0;
+        return 0;
+}
 /*
 * Calculate and return the CIFS signature based on the mac key and SMB PDU.
 * The 16 byte signature must be allocated by the caller. Note we only use the
@@ -50,8 +80,11 @@ static int cifs_calc_signature(struct smb_rqst *rqst,
                return -EINVAL;
        if (!server->secmech.sdescmd5) {
-                cifs_dbg(VFS, "%s: Can't generate signature\n", __func__);
+                rc = cifs_crypto_shash_md5_allocate(server);
-                return -1;
+                if (rc) {
+                        cifs_dbg(VFS, "%s: Can't alloc md5 crypto\n", __func__);
+                        return -1;
+                }
        }
        rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
@@ -556,6 +589,33 @@ CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash)
        return rc;
 }
+static int crypto_hmacmd5_alloc(struct TCP_Server_Info *server)
+{
+        unsigned int size;
+        /* check if already allocated */
+        if (server->secmech.sdeschmacmd5)
+                return 0;
+        server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
+        if (IS_ERR(server->secmech.hmacmd5)) {
+                cifs_dbg(VFS, "could not allocate crypto hmacmd5\n");
+                return PTR_ERR(server->secmech.hmacmd5);
+        }
+        size = sizeof(struct shash_desc) +
+                        crypto_shash_descsize(server->secmech.hmacmd5);
+        server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
+        if (!server->secmech.sdeschmacmd5) {
+                crypto_free_shash(server->secmech.hmacmd5);
+                server->secmech.hmacmd5 = NULL;
+                return -ENOMEM;
+        }
+        server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
+        server->secmech.sdeschmacmd5->shash.flags = 0x0;
+        return 0;
+}
 int
 setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
@@ -606,6 +666,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
        memcpy(ses->auth_key.response + baselen, tiblob, tilen);
+        rc = crypto_hmacmd5_alloc(ses->server);
+        if (rc) {
+                cifs_dbg(VFS, "could not crypto alloc hmacmd5 rc %d\n", rc);
+                goto setup_ntlmv2_rsp_ret;
+        }
        /* calculate ntlmv2_hash */
        rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
        if (rc) {
@@ -705,123 +771,32 @@ calc_seckey(struct cifs_ses *ses)
 void
 cifs_crypto_shash_release(struct TCP_Server_Info *server)
 {
-        if (server->secmech.cmacaes)
+        if (server->secmech.cmacaes) {
                crypto_free_shash(server->secmech.cmacaes);
+                server->secmech.cmacaes = NULL;
+        }
-        if (server->secmech.hmacsha256)
+        if (server->secmech.hmacsha256) {
                crypto_free_shash(server->secmech.hmacsha256);
+                server->secmech.hmacsha256 = NULL;
+        }
-        if (server->secmech.md5)
+        if (server->secmech.md5) {
                crypto_free_shash(server->secmech.md5);
+                server->secmech.md5 = NULL;
+        }
-        if (server->secmech.hmacmd5)
+        if (server->secmech.hmacmd5) {
                crypto_free_shash(server->secmech.hmacmd5);
+                server->secmech.hmacmd5 = NULL;
+        }
        kfree(server->secmech.sdesccmacaes);
+        server->secmech.sdesccmacaes = NULL;
        kfree(server->secmech.sdeschmacsha256);
+        server->secmech.sdeschmacsha256 = NULL;
        kfree(server->secmech.sdeschmacmd5);
+        server->secmech.sdeschmacmd5 = NULL;
        kfree(server->secmech.sdescmd5);
-}
+        server->secmech.sdescmd5 = NULL;
-int
-cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
-{
-        int rc;
-        unsigned int size;
-        server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
-        if (IS_ERR(server->secmech.hmacmd5)) {
-                cifs_dbg(VFS, "could not allocate crypto hmacmd5\n");
-                return PTR_ERR(server->secmech.hmacmd5);
-        }
-        server->secmech.md5 = crypto_alloc_shash("md5", 0, 0);
-        if (IS_ERR(server->secmech.md5)) {
-                cifs_dbg(VFS, "could not allocate crypto md5\n");
-                rc = PTR_ERR(server->secmech.md5);
-                goto crypto_allocate_md5_fail;
-        }
-        server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
-        if (IS_ERR(server->secmech.hmacsha256)) {
-                cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
-                rc = PTR_ERR(server->secmech.hmacsha256);
-                goto crypto_allocate_hmacsha256_fail;
-        }
-        server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
-        if (IS_ERR(server->secmech.cmacaes)) {
-                cifs_dbg(VFS, "could not allocate crypto cmac-aes");
-                rc = PTR_ERR(server->secmech.cmacaes);
-                goto crypto_allocate_cmacaes_fail;
-        }
-        size = sizeof(struct shash_desc) +
-                        crypto_shash_descsize(server->secmech.hmacmd5);
-        server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
-        if (!server->secmech.sdeschmacmd5) {
-                rc = -ENOMEM;
-                goto crypto_allocate_hmacmd5_sdesc_fail;
-        }
-        server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
-        server->secmech.sdeschmacmd5->shash.flags = 0x0;
-        size = sizeof(struct shash_desc) +
-                        crypto_shash_descsize(server->secmech.md5);
-        server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
-        if (!server->secmech.sdescmd5) {
-                rc = -ENOMEM;
-                goto crypto_allocate_md5_sdesc_fail;
-        }
-        server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
-        server->secmech.sdescmd5->shash.flags = 0x0;
-        size = sizeof(struct shash_desc) +
-                        crypto_shash_descsize(server->secmech.hmacsha256);
-        server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
-        if (!server->secmech.sdeschmacsha256) {
-                rc = -ENOMEM;
-                goto crypto_allocate_hmacsha256_sdesc_fail;
-        }
-        server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
-        server->secmech.sdeschmacsha256->shash.flags = 0x0;
-        size = sizeof(struct shash_desc) +
-                        crypto_shash_descsize(server->secmech.cmacaes);
-        server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
-        if (!server->secmech.sdesccmacaes) {
-                cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
-                rc = -ENOMEM;
-                goto crypto_allocate_cmacaes_sdesc_fail;
-        }
-        server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
-        server->secmech.sdesccmacaes->shash.flags = 0x0;
-        return 0;
-crypto_allocate_cmacaes_sdesc_fail:
-        kfree(server->secmech.sdeschmacsha256);
-crypto_allocate_hmacsha256_sdesc_fail:
-        kfree(server->secmech.sdescmd5);
-crypto_allocate_md5_sdesc_fail:
-        kfree(server->secmech.sdeschmacmd5);
-crypto_allocate_hmacmd5_sdesc_fail:
-        crypto_free_shash(server->secmech.cmacaes);
-crypto_allocate_cmacaes_fail:
-        crypto_free_shash(server->secmech.hmacsha256);
-crypto_allocate_hmacsha256_fail:
-        crypto_free_shash(server->secmech.md5);
-crypto_allocate_md5_fail:
-        crypto_free_shash(server->secmech.hmacmd5);
-        return rc;
 }
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index c8ff018fae68..f7e584d047e2 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -433,7 +433,6 @@ extern int SMBNTencrypt(unsigned char *, unsigned char *, unsigned char *,
                        const struct nls_table *);
 extern int setup_ntlm_response(struct cifs_ses *, const struct nls_table *);
 extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *);
-extern int cifs_crypto_shash_allocate(struct TCP_Server_Info *);
 extern void cifs_crypto_shash_release(struct TCP_Server_Info *);
 extern int calc_seckey(struct cifs_ses *);
 extern void generate_smb3signingkey(struct TCP_Server_Info *);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index afcb8a1a33b7..fa68813396b5 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2108,12 +2108,6 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
                goto out_err;
        }
-        rc = cifs_crypto_shash_allocate(tcp_ses);
-        if (rc) {
-                cifs_dbg(VFS, "could not setup hash structures rc %d\n", rc);
-                goto out_err;
-        }
        tcp_ses->ops = volume_info->ops;
        tcp_ses->vals = volume_info->vals;
        cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 09b4fbaadeb6..301b191270b9 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -39,6 +39,77 @@
 #include "smb2status.h"
 #include "smb2glob.h"
+static int
+smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
+{
+        unsigned int size;
+        if (server->secmech.sdeschmacsha256 != NULL)
+                return 0; /* already allocated */
+        server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
+        if (IS_ERR(server->secmech.hmacsha256)) {
+                cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
+                return PTR_ERR(server->secmech.hmacsha256);
+        }
+        size = sizeof(struct shash_desc) +
+                        crypto_shash_descsize(server->secmech.hmacsha256);
+        server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
+        if (!server->secmech.sdeschmacsha256) {
+                crypto_free_shash(server->secmech.hmacsha256);
+                server->secmech.hmacsha256 = NULL;
+                return -ENOMEM;
+        }
+        server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
+        server->secmech.sdeschmacsha256->shash.flags = 0x0;
+        return 0;
+}
+static int
+smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
+{
+        unsigned int size;
+        int rc;
+        if (server->secmech.sdesccmacaes != NULL)
+                return 0;  /* already allocated */
+        rc = smb2_crypto_shash_allocate(server);
+        if (rc)
+                return rc;
+        server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
+        if (IS_ERR(server->secmech.cmacaes)) {
+                cifs_dbg(VFS, "could not allocate crypto cmac-aes");
+                kfree(server->secmech.sdeschmacsha256);
+                server->secmech.sdeschmacsha256 = NULL;
+                crypto_free_shash(server->secmech.hmacsha256);
+                server->secmech.hmacsha256 = NULL;
+                return PTR_ERR(server->secmech.cmacaes);
+        }
+        size = sizeof(struct shash_desc) +
+                        crypto_shash_descsize(server->secmech.cmacaes);
+        server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
+        if (!server->secmech.sdesccmacaes) {
+                cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
+                kfree(server->secmech.sdeschmacsha256);
+                server->secmech.sdeschmacsha256 = NULL;
+                crypto_free_shash(server->secmech.hmacsha256);
+                crypto_free_shash(server->secmech.cmacaes);
+                server->secmech.hmacsha256 = NULL;
+                server->secmech.cmacaes = NULL;
+                return -ENOMEM;
+        }
+        server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
+        server->secmech.sdesccmacaes->shash.flags = 0x0;
+        return 0;
+}
 int
 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 {
@@ -52,6 +123,12 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
        memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
        memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
+        rc = smb2_crypto_shash_allocate(server);
+        if (rc) {
+                cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
+                return rc;
+        }
        rc = crypto_shash_setkey(server->secmech.hmacsha256,
                server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
        if (rc) {
@@ -61,7 +138,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
        rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
        if (rc) {
-                cifs_dbg(VFS, "%s: Could not init md5\n", __func__);
+                cifs_dbg(VFS, "%s: Could not init sha256", __func__);
                return rc;
        }
@@ -129,6 +206,12 @@ generate_smb3signingkey(struct TCP_Server_Info *server)
        memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
        memset(server->smb3signingkey, 0x0, SMB3_SIGNKEY_SIZE);
+        rc = smb3_crypto_shash_allocate(server);
+        if (rc) {
+                cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
+                goto smb3signkey_ret;
+        }
        rc = crypto_shash_setkey(server->secmech.hmacsha256,
                server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
        if (rc) {
@@ -210,6 +293,11 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
                return rc;
        }
+        /*
+         * we already allocate sdesccmacaes when we init smb3 signing key,
+         * so unlike smb2 case we do not have to check here if secmech are
+         * initialized
+         */
        rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
        if (rc) {
                cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
author	Steve French <smfrench@gmail.com>	2013-07-04 11:35:21 -0400
committer	Steve French <smfrench@gmail.com>	2013-07-04 15:38:08 -0400
commit	95dc8dd14e2e84cc3adabc8310768c13758e7d96 (patch)
tree	a0c0bb7bd46fd3d527011bb14b53972decf6a818
parent	80cc38b16389849a6e06441ace4530f6b2497c3c (diff)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 3d8bf941d126..45e57cc38200 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c
@@ -1,7 +1,7 @@
1	/*	1	/*
2	* fs/cifs/cifsencrypt.c	2	* fs/cifs/cifsencrypt.c
3	*	3	*
4	* Copyright (C) International Business Machines Corp., 2005,2006	4	* Copyright (C) International Business Machines Corp., 2005,2013
5	* Author(s): Steve French (sfrench@us.ibm.com)	5	* Author(s): Steve French (sfrench@us.ibm.com)
6	*	6	*
7	* This library is free software; you can redistribute it and/or modify	7	* This library is free software; you can redistribute it and/or modify
@@ -31,6 +31,36 @@
31	#include <linux/random.h>	31	#include <linux/random.h>
32	#include <linux/highmem.h>	32	#include <linux/highmem.h>
33		33
		34	static int
		35	cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
		36	{
		37	int rc;
		38	unsigned int size;
		39
		40	if (server->secmech.sdescmd5 != NULL)
		41	return 0; /* already allocated */
		42
		43	server->secmech.md5 = crypto_alloc_shash("md5", 0, 0);
		44	if (IS_ERR(server->secmech.md5)) {
		45	cifs_dbg(VFS, "could not allocate crypto md5\n");
		46	return PTR_ERR(server->secmech.md5);
		47	}
		48
		49	size = sizeof(struct shash_desc) +
		50	crypto_shash_descsize(server->secmech.md5);
		51	server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
		52	if (!server->secmech.sdescmd5) {
		53	rc = -ENOMEM;
		54	crypto_free_shash(server->secmech.md5);
		55	server->secmech.md5 = NULL;
		56	return rc;
		57	}
		58	server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
		59	server->secmech.sdescmd5->shash.flags = 0x0;
		60
		61	return 0;
		62	}
		63
34	/*	64	/*
35	* Calculate and return the CIFS signature based on the mac key and SMB PDU.	65	* Calculate and return the CIFS signature based on the mac key and SMB PDU.
36	* The 16 byte signature must be allocated by the caller. Note we only use the	66	* The 16 byte signature must be allocated by the caller. Note we only use the
@@ -50,8 +80,11 @@ static int cifs_calc_signature(struct smb_rqst *rqst,
50	return -EINVAL;	80	return -EINVAL;
51		81
52	if (!server->secmech.sdescmd5) {	82	if (!server->secmech.sdescmd5) {
53	cifs_dbg(VFS, "%s: Can't generate signature\n", __func__);	83	rc = cifs_crypto_shash_md5_allocate(server);
54	return -1;	84	if (rc) {
		85	cifs_dbg(VFS, "%s: Can't alloc md5 crypto\n", __func__);
		86	return -1;
		87	}
55	}	88	}
56		89
57	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);	90	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);
@@ -556,6 +589,33 @@ CalcNTLMv2_response(const struct cifs_ses ses, char ntlmv2_hash)
556	return rc;	589	return rc;
557	}	590	}
558		591
		592	static int crypto_hmacmd5_alloc(struct TCP_Server_Info *server)
		593	{
		594	unsigned int size;
		595
		596	/* check if already allocated */
		597	if (server->secmech.sdeschmacmd5)
		598	return 0;
		599
		600	server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
		601	if (IS_ERR(server->secmech.hmacmd5)) {
		602	cifs_dbg(VFS, "could not allocate crypto hmacmd5\n");
		603	return PTR_ERR(server->secmech.hmacmd5);
		604	}
		605
		606	size = sizeof(struct shash_desc) +
		607	crypto_shash_descsize(server->secmech.hmacmd5);
		608	server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
		609	if (!server->secmech.sdeschmacmd5) {
		610	crypto_free_shash(server->secmech.hmacmd5);
		611	server->secmech.hmacmd5 = NULL;
		612	return -ENOMEM;
		613	}
		614	server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
		615	server->secmech.sdeschmacmd5->shash.flags = 0x0;
		616
		617	return 0;
		618	}
559		619
560	int	620	int
561	setup_ntlmv2_rsp(struct cifs_ses ses, const struct nls_table nls_cp)	621	setup_ntlmv2_rsp(struct cifs_ses ses, const struct nls_table nls_cp)
@@ -606,6 +666,12 @@ setup_ntlmv2_rsp(struct cifs_ses ses, const struct nls_table nls_cp)
606		666
607	memcpy(ses->auth_key.response + baselen, tiblob, tilen);	667	memcpy(ses->auth_key.response + baselen, tiblob, tilen);
608		668
		669	rc = crypto_hmacmd5_alloc(ses->server);
		670	if (rc) {
		671	cifs_dbg(VFS, "could not crypto alloc hmacmd5 rc %d\n", rc);
		672	goto setup_ntlmv2_rsp_ret;
		673	}
		674
609	/* calculate ntlmv2_hash */	675	/* calculate ntlmv2_hash */
610	rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);	676	rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
611	if (rc) {	677	if (rc) {
@@ -705,123 +771,32 @@ calc_seckey(struct cifs_ses *ses)
705	void	771	void
706	cifs_crypto_shash_release(struct TCP_Server_Info *server)	772	cifs_crypto_shash_release(struct TCP_Server_Info *server)
707	{	773	{
708	if (server->secmech.cmacaes)	774	if (server->secmech.cmacaes) {
709	crypto_free_shash(server->secmech.cmacaes);	775	crypto_free_shash(server->secmech.cmacaes);
		776	server->secmech.cmacaes = NULL;
		777	}
710		778
711	if (server->secmech.hmacsha256)	779	if (server->secmech.hmacsha256) {
712	crypto_free_shash(server->secmech.hmacsha256);	780	crypto_free_shash(server->secmech.hmacsha256);
		781	server->secmech.hmacsha256 = NULL;
		782	}
713		783
714	if (server->secmech.md5)	784	if (server->secmech.md5) {
715	crypto_free_shash(server->secmech.md5);	785	crypto_free_shash(server->secmech.md5);
		786	server->secmech.md5 = NULL;
		787	}
716		788
717	if (server->secmech.hmacmd5)	789	if (server->secmech.hmacmd5) {
718	crypto_free_shash(server->secmech.hmacmd5);	790	crypto_free_shash(server->secmech.hmacmd5);
		791	server->secmech.hmacmd5 = NULL;
		792	}
719		793
720	kfree(server->secmech.sdesccmacaes);	794	kfree(server->secmech.sdesccmacaes);
721		795	server->secmech.sdesccmacaes = NULL;
722	kfree(server->secmech.sdeschmacsha256);	796	kfree(server->secmech.sdeschmacsha256);
723		797	server->secmech.sdeschmacsha256 = NULL;
724	kfree(server->secmech.sdeschmacmd5);	798	kfree(server->secmech.sdeschmacmd5);
725		799	server->secmech.sdeschmacmd5 = NULL;
726	kfree(server->secmech.sdescmd5);	800	kfree(server->secmech.sdescmd5);
727	}	801	server->secmech.sdescmd5 = NULL;
728
729	int
730	cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
731	{
732	int rc;
733	unsigned int size;
734
735	server->secmech.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
736	if (IS_ERR(server->secmech.hmacmd5)) {
737	cifs_dbg(VFS, "could not allocate crypto hmacmd5\n");
738	return PTR_ERR(server->secmech.hmacmd5);
739	}
740
741	server->secmech.md5 = crypto_alloc_shash("md5", 0, 0);
742	if (IS_ERR(server->secmech.md5)) {
743	cifs_dbg(VFS, "could not allocate crypto md5\n");
744	rc = PTR_ERR(server->secmech.md5);
745	goto crypto_allocate_md5_fail;
746	}
747
748	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
749	if (IS_ERR(server->secmech.hmacsha256)) {
750	cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
751	rc = PTR_ERR(server->secmech.hmacsha256);
752	goto crypto_allocate_hmacsha256_fail;
753	}
754
755	server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
756	if (IS_ERR(server->secmech.cmacaes)) {
757	cifs_dbg(VFS, "could not allocate crypto cmac-aes");
758	rc = PTR_ERR(server->secmech.cmacaes);
759	goto crypto_allocate_cmacaes_fail;
760	}
761
762	size = sizeof(struct shash_desc) +
763	crypto_shash_descsize(server->secmech.hmacmd5);
764	server->secmech.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
765	if (!server->secmech.sdeschmacmd5) {
766	rc = -ENOMEM;
767	goto crypto_allocate_hmacmd5_sdesc_fail;
768	}
769	server->secmech.sdeschmacmd5->shash.tfm = server->secmech.hmacmd5;
770	server->secmech.sdeschmacmd5->shash.flags = 0x0;
771
772	size = sizeof(struct shash_desc) +
773	crypto_shash_descsize(server->secmech.md5);
774	server->secmech.sdescmd5 = kmalloc(size, GFP_KERNEL);
775	if (!server->secmech.sdescmd5) {
776	rc = -ENOMEM;
777	goto crypto_allocate_md5_sdesc_fail;
778	}
779	server->secmech.sdescmd5->shash.tfm = server->secmech.md5;
780	server->secmech.sdescmd5->shash.flags = 0x0;
781
782	size = sizeof(struct shash_desc) +
783	crypto_shash_descsize(server->secmech.hmacsha256);
784	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
785	if (!server->secmech.sdeschmacsha256) {
786	rc = -ENOMEM;
787	goto crypto_allocate_hmacsha256_sdesc_fail;
788	}
789	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
790	server->secmech.sdeschmacsha256->shash.flags = 0x0;
791
792	size = sizeof(struct shash_desc) +
793	crypto_shash_descsize(server->secmech.cmacaes);
794	server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
795	if (!server->secmech.sdesccmacaes) {
796	cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
797	rc = -ENOMEM;
798	goto crypto_allocate_cmacaes_sdesc_fail;
799	}
800	server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
801	server->secmech.sdesccmacaes->shash.flags = 0x0;
802
803	return 0;
804
805	crypto_allocate_cmacaes_sdesc_fail:
806	kfree(server->secmech.sdeschmacsha256);
807
808	crypto_allocate_hmacsha256_sdesc_fail:
809	kfree(server->secmech.sdescmd5);
810
811	crypto_allocate_md5_sdesc_fail:
812	kfree(server->secmech.sdeschmacmd5);
813
814	crypto_allocate_hmacmd5_sdesc_fail:
815	crypto_free_shash(server->secmech.cmacaes);
816
817	crypto_allocate_cmacaes_fail:
818	crypto_free_shash(server->secmech.hmacsha256);
819
820	crypto_allocate_hmacsha256_fail:
821	crypto_free_shash(server->secmech.md5);
822
823	crypto_allocate_md5_fail:
824	crypto_free_shash(server->secmech.hmacmd5);
825
826	return rc;
827	}	802	}


diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index c8ff018fae68..f7e584d047e2 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h
@@ -433,7 +433,6 @@ extern int SMBNTencrypt(unsigned char , unsigned char , unsigned char *,
433	const struct nls_table *);	433	const struct nls_table *);
434	extern int setup_ntlm_response(struct cifs_ses , const struct nls_table );	434	extern int setup_ntlm_response(struct cifs_ses , const struct nls_table );
435	extern int setup_ntlmv2_rsp(struct cifs_ses , const struct nls_table );	435	extern int setup_ntlmv2_rsp(struct cifs_ses , const struct nls_table );
436	extern int cifs_crypto_shash_allocate(struct TCP_Server_Info *);
437	extern void cifs_crypto_shash_release(struct TCP_Server_Info *);	436	extern void cifs_crypto_shash_release(struct TCP_Server_Info *);
438	extern int calc_seckey(struct cifs_ses *);	437	extern int calc_seckey(struct cifs_ses *);
439	extern void generate_smb3signingkey(struct TCP_Server_Info *);	438	extern void generate_smb3signingkey(struct TCP_Server_Info *);


diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index afcb8a1a33b7..fa68813396b5 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c
@@ -2108,12 +2108,6 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
2108	goto out_err;	2108	goto out_err;
2109	}	2109	}
2110		2110
2111	rc = cifs_crypto_shash_allocate(tcp_ses);
2112	if (rc) {
2113	cifs_dbg(VFS, "could not setup hash structures rc %d\n", rc);
2114	goto out_err;
2115	}
2116
2117	tcp_ses->ops = volume_info->ops;	2111	tcp_ses->ops = volume_info->ops;
2118	tcp_ses->vals = volume_info->vals;	2112	tcp_ses->vals = volume_info->vals;
2119	cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));	2113	cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));


diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c index 09b4fbaadeb6..301b191270b9 100644 --- a/fs/cifs/smb2transport.c +++ b/fs/cifs/smb2transport.c
@@ -39,6 +39,77 @@
39	#include "smb2status.h"	39	#include "smb2status.h"
40	#include "smb2glob.h"	40	#include "smb2glob.h"
41		41
		42	static int
		43	smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
		44	{
		45	unsigned int size;
		46
		47	if (server->secmech.sdeschmacsha256 != NULL)
		48	return 0; /* already allocated */
		49
		50	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
		51	if (IS_ERR(server->secmech.hmacsha256)) {
		52	cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
		53	return PTR_ERR(server->secmech.hmacsha256);
		54	}
		55
		56	size = sizeof(struct shash_desc) +
		57	crypto_shash_descsize(server->secmech.hmacsha256);
		58	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
		59	if (!server->secmech.sdeschmacsha256) {
		60	crypto_free_shash(server->secmech.hmacsha256);
		61	server->secmech.hmacsha256 = NULL;
		62	return -ENOMEM;
		63	}
		64	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
		65	server->secmech.sdeschmacsha256->shash.flags = 0x0;
		66
		67	return 0;
		68	}
		69
		70	static int
		71	smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
		72	{
		73	unsigned int size;
		74	int rc;
		75
		76	if (server->secmech.sdesccmacaes != NULL)
		77	return 0; /* already allocated */
		78
		79	rc = smb2_crypto_shash_allocate(server);
		80	if (rc)
		81	return rc;
		82
		83	server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
		84	if (IS_ERR(server->secmech.cmacaes)) {
		85	cifs_dbg(VFS, "could not allocate crypto cmac-aes");
		86	kfree(server->secmech.sdeschmacsha256);
		87	server->secmech.sdeschmacsha256 = NULL;
		88	crypto_free_shash(server->secmech.hmacsha256);
		89	server->secmech.hmacsha256 = NULL;
		90	return PTR_ERR(server->secmech.cmacaes);
		91	}
		92
		93	size = sizeof(struct shash_desc) +
		94	crypto_shash_descsize(server->secmech.cmacaes);
		95	server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
		96	if (!server->secmech.sdesccmacaes) {
		97	cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
		98	kfree(server->secmech.sdeschmacsha256);
		99	server->secmech.sdeschmacsha256 = NULL;
		100	crypto_free_shash(server->secmech.hmacsha256);
		101	crypto_free_shash(server->secmech.cmacaes);
		102	server->secmech.hmacsha256 = NULL;
		103	server->secmech.cmacaes = NULL;
		104	return -ENOMEM;
		105	}
		106	server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
		107	server->secmech.sdesccmacaes->shash.flags = 0x0;
		108
		109	return 0;
		110	}
		111
		112
42	int	113	int
43	smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)	114	smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
44	{	115	{
@@ -52,6 +123,12 @@ smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
52	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);	123	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
53	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);	124	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
54		125
		126	rc = smb2_crypto_shash_allocate(server);
		127	if (rc) {
		128	cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
		129	return rc;
		130	}
		131
55	rc = crypto_shash_setkey(server->secmech.hmacsha256,	132	rc = crypto_shash_setkey(server->secmech.hmacsha256,
56	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);	133	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
57	if (rc) {	134	if (rc) {
@@ -61,7 +138,7 @@ smb2_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
61		138
62	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);	139	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
63	if (rc) {	140	if (rc) {
64	cifs_dbg(VFS, "%s: Could not init md5\n", __func__);	141	cifs_dbg(VFS, "%s: Could not init sha256", __func__);
65	return rc;	142	return rc;
66	}	143	}
67		144
@@ -129,6 +206,12 @@ generate_smb3signingkey(struct TCP_Server_Info *server)
129	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);	206	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
130	memset(server->smb3signingkey, 0x0, SMB3_SIGNKEY_SIZE);	207	memset(server->smb3signingkey, 0x0, SMB3_SIGNKEY_SIZE);
131		208
		209	rc = smb3_crypto_shash_allocate(server);
		210	if (rc) {
		211	cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
		212	goto smb3signkey_ret;
		213	}
		214
132	rc = crypto_shash_setkey(server->secmech.hmacsha256,	215	rc = crypto_shash_setkey(server->secmech.hmacsha256,
133	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);	216	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
134	if (rc) {	217	if (rc) {
@@ -210,6 +293,11 @@ smb3_calc_signature(struct smb_rqst rqst, struct TCP_Server_Info server)
210	return rc;	293	return rc;
211	}	294	}
212		295
		296	/*
		297	* we already allocate sdesccmacaes when we init smb3 signing key,
		298	* so unlike smb2 case we do not have to check here if secmech are
		299	* initialized
		300	*/
213	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);	301	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
214	if (rc) {	302	if (rc) {
215	cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);	303	cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);