Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Eliminate sparse warning - bad constant expression
Eliminiate sparse warning during usage of crypto_shash_* APIs
error: bad constant expression
Allocate memory for shash descriptors once, so that we do not kmalloc/kfree it
for every signature generation (shash descriptor for md5 hash).
From ed7538619817777decc44b5660b52268077b74f3 Mon Sep 17 00:00:00 2001
From: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Date: Tue, 24 Aug 2010 11:47:43 -0500
Subject: [PATCH] eliminate sparse warnings during crypto_shash_* APis usage
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
authored by shirishpargaonkar@gmail.com and committed by Steve French 2d20ca83 24e6cf92
+121
-72
fs/cifs/cifsencrypt.c
+121
-72
fs/cifs/cifsencrypt.c
···
45
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
46
struct TCP_Server_Info *server, char *signature)
47
{
48
-
int rc = 0;
49
-
struct {
50
-
struct shash_desc shash;
51
-
char ctx[crypto_shash_descsize(server->ntlmssp.md5)];
52
-
} sdesc;
53
54
if (cifs_pdu == NULL || server == NULL || signature == NULL)
55
return -EINVAL;
56
57
-
sdesc.shash.tfm = server->ntlmssp.md5;
58
-
sdesc.shash.flags = 0x0;
59
60
-
rc = crypto_shash_init(&sdesc.shash);
61
if (rc) {
62
-
cERROR(1, "could not initialize master crypto API hmacmd5\n");
63
return rc;
64
}
65
66
if (server->secType == RawNTLMSSP)
67
-
crypto_shash_update(&sdesc.shash,
68
server->session_key.data.ntlmv2.key,
69
CIFS_NTLMV2_SESSKEY_SIZE);
70
else
71
-
crypto_shash_update(&sdesc.shash,
72
(char *)&server->session_key.data,
73
server->session_key.len);
74
75
-
crypto_shash_update(&sdesc.shash,
76
cifs_pdu->Protocol, cifs_pdu->smb_buf_length);
77
78
-
rc = crypto_shash_final(&sdesc.shash, signature);
79
80
-
return 0;
81
}
82
83
···
114
struct TCP_Server_Info *server, char *signature)
115
{
116
int i;
117
-
int rc = 0;
118
-
struct {
119
-
struct shash_desc shash;
120
-
char ctx[crypto_shash_descsize(server->ntlmssp.md5)];
121
-
} sdesc;
122
123
if (iov == NULL || server == NULL || signature == NULL)
124
return -EINVAL;
125
126
-
sdesc.shash.tfm = server->ntlmssp.md5;
127
-
sdesc.shash.flags = 0x0;
128
129
-
rc = crypto_shash_init(&sdesc.shash);
130
if (rc) {
131
-
cERROR(1, "could not initialize master crypto API hmacmd5\n");
132
return rc;
133
}
134
135
if (server->secType == RawNTLMSSP)
136
-
crypto_shash_update(&sdesc.shash,
137
server->session_key.data.ntlmv2.key,
138
CIFS_NTLMV2_SESSKEY_SIZE);
139
else
140
-
crypto_shash_update(&sdesc.shash,
141
(char *)&server->session_key.data,
142
server->session_key.len);
143
···
143
if (iov[i].iov_len == 0)
144
continue;
145
if (iov[i].iov_base == NULL) {
146
-
cERROR(1, "null iovec entry");
147
return -EIO;
148
}
149
/* The first entry includes a length field (which does not get
···
151
if (i == 0) {
152
if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
153
break; /* nothing to sign or corrupt header */
154
-
crypto_shash_update(&sdesc.shash,
155
iov[i].iov_base + 4, iov[i].iov_len - 4);
156
} else
157
-
crypto_shash_update(&sdesc.shash,
158
iov[i].iov_base, iov[i].iov_len);
159
}
160
161
-
rc = crypto_shash_final(&sdesc.shash, signature);
162
163
-
return 0;
164
}
165
166
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
···
310
wchar_t *user;
311
wchar_t *domain;
312
wchar_t *server;
313
-
struct {
314
-
struct shash_desc shash;
315
-
char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];
316
-
} sdesc;
317
318
/* calculate md4 hash of password */
319
E_md4hash(ses->password, nt_hash);
320
321
-
sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;
322
-
sdesc.shash.flags = 0x0;
323
-
324
crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash,
325
CIFS_NTHASH_SIZE);
326
327
-
rc = crypto_shash_init(&sdesc.shash);
328
if (rc) {
329
-
cERROR(1, "could not initialize master crypto API hmacmd5\n");
330
return rc;
331
}
332
333
/* convert ses->userName to unicode and uppercase */
334
len = strlen(ses->userName);
335
user = kmalloc(2 + (len * 2), GFP_KERNEL);
336
-
if (user == NULL)
337
goto calc_exit_2;
338
len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);
339
UniStrupr(user);
340
341
-
crypto_shash_update(&sdesc.shash, (char *)user, 2 * len);
342
343
/* convert ses->domainName to unicode and uppercase */
344
if (ses->domainName) {
345
len = strlen(ses->domainName);
346
347
domain = kmalloc(2 + (len * 2), GFP_KERNEL);
348
-
if (domain == NULL)
349
goto calc_exit_1;
350
len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len,
351
nls_cp);
352
/* the following line was removed since it didn't work well
···
359
Maybe converting the domain name earlier makes sense */
360
/* UniStrupr(domain); */
361
362
-
crypto_shash_update(&sdesc.shash, (char *)domain, 2 * len);
363
364
kfree(domain);
365
} else if (ses->serverName) {
366
len = strlen(ses->serverName);
367
368
server = kmalloc(2 + (len * 2), GFP_KERNEL);
369
-
if (server == NULL)
370
goto calc_exit_1;
371
len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,
372
nls_cp);
373
/* the following line was removed since it didn't work well
···
379
Maybe converting the domain name earlier makes sense */
380
/* UniStrupr(domain); */
381
382
-
crypto_shash_update(&sdesc.shash, (char *)server, 2 * len);
383
384
kfree(server);
385
}
386
calc_exit_1:
387
kfree(user);
388
calc_exit_2:
389
/* BB FIXME what about bytes 24 through 40 of the signing key?
390
compare with the NTLM example */
391
-
rc = crypto_shash_final(&sdesc.shash, ses->server->ntlmv2_hash);
392
393
return rc;
394
}
···
452
char *v2_session_response)
453
{
454
int rc;
455
-
struct {
456
-
struct shash_desc shash;
457
-
char ctx[crypto_shash_descsize(server->ntlmssp.hmacmd5)];
458
-
} sdesc;
459
460
-
sdesc.shash.tfm = server->ntlmssp.hmacmd5;
461
-
sdesc.shash.flags = 0x0;
462
463
crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash,
464
CIFS_HMAC_MD5_HASH_SIZE);
465
466
-
rc = crypto_shash_init(&sdesc.shash);
467
if (rc) {
468
-
cERROR(1, "could not initialize master crypto API hmacmd5\n");
469
return rc;
470
}
471
472
memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
473
server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE);
474
-
crypto_shash_update(&sdesc.shash,
475
v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
476
sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE);
477
478
if (server->tilen)
479
-
crypto_shash_update(&sdesc.shash,
480
server->tiblob, server->tilen);
481
482
-
rc = crypto_shash_final(&sdesc.shash, v2_session_response);
483
484
return rc;
485
}
···
489
{
490
int rc = 0;
491
struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf;
492
-
struct {
493
-
struct shash_desc shash;
494
-
char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];
495
-
} sdesc;
496
497
buf->blob_signature = cpu_to_le32(0x00000101);
498
buf->reserved = 0;
···
516
return rc;
517
}
518
519
crypto_shash_setkey(ses->server->ntlmssp.hmacmd5,
520
ses->server->ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
521
522
-
sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;
523
-
sdesc.shash.flags = 0x0;
524
-
525
-
rc = crypto_shash_init(&sdesc.shash);
526
if (rc) {
527
-
cERROR(1, "could not initialize master crypto API hmacmd5\n");
528
return rc;
529
}
530
531
-
crypto_shash_update(&sdesc.shash, resp_buf, CIFS_HMAC_MD5_HASH_SIZE);
532
533
-
rc = crypto_shash_final(&sdesc.shash,
534
ses->server->session_key.data.ntlmv2.key);
535
536
memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
···
586
587
if (server->ntlmssp.hmacmd5)
588
crypto_free_shash(server->ntlmssp.hmacmd5);
589
}
590
591
int
592
cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
593
{
594
server->ntlmssp.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
595
if (!server->ntlmssp.hmacmd5 ||
596
IS_ERR(server->ntlmssp.hmacmd5)) {
597
-
cERROR(1, "could not allocate master crypto API hmacmd5\n");
598
return 1;
599
}
600
601
server->ntlmssp.md5 = crypto_alloc_shash("md5", 0, 0);
602
if (!server->ntlmssp.md5 || IS_ERR(server->ntlmssp.md5)) {
603
-
crypto_free_shash(server->ntlmssp.hmacmd5);
604
-
cERROR(1, "could not allocate master crypto API md5\n");
605
-
return 1;
606
}
607
608
return 0;
609
}
···
45
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
46
struct TCP_Server_Info *server, char *signature)
47
{
48
+
int rc;
49
50
if (cifs_pdu == NULL || server == NULL || signature == NULL)
51
return -EINVAL;
52
53
+
if (!server->ntlmssp.sdescmd5) {
54
+
cERROR(1,
55
+
"cifs_calculate_signature: can't generate signature\n");
56
+
return -1;
57
+
}
58
59
+
rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);
60
if (rc) {
61
+
cERROR(1, "cifs_calculate_signature: oould not init md5\n");
62
return rc;
63
}
64
65
if (server->secType == RawNTLMSSP)
66
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
67
server->session_key.data.ntlmv2.key,
68
CIFS_NTLMV2_SESSKEY_SIZE);
69
else
70
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
71
(char *)&server->session_key.data,
72
server->session_key.len);
73
74
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
75
cifs_pdu->Protocol, cifs_pdu->smb_buf_length);
76
77
+
rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);
78
79
+
return rc;
80
}
81
82
···
115
struct TCP_Server_Info *server, char *signature)
116
{
117
int i;
118
+
int rc;
119
120
if (iov == NULL || server == NULL || signature == NULL)
121
return -EINVAL;
122
123
+
if (!server->ntlmssp.sdescmd5) {
124
+
cERROR(1, "cifs_calc_signature2: can't generate signature\n");
125
+
return -1;
126
+
}
127
128
+
rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);
129
if (rc) {
130
+
cERROR(1, "cifs_calc_signature2: oould not init md5\n");
131
return rc;
132
}
133
134
if (server->secType == RawNTLMSSP)
135
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
136
server->session_key.data.ntlmv2.key,
137
CIFS_NTLMV2_SESSKEY_SIZE);
138
else
139
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
140
(char *)&server->session_key.data,
141
server->session_key.len);
142
···
146
if (iov[i].iov_len == 0)
147
continue;
148
if (iov[i].iov_base == NULL) {
149
+
cERROR(1, "cifs_calc_signature2: null iovec entry");
150
return -EIO;
151
}
152
/* The first entry includes a length field (which does not get
···
154
if (i == 0) {
155
if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
156
break; /* nothing to sign or corrupt header */
157
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
158
iov[i].iov_base + 4, iov[i].iov_len - 4);
159
} else
160
+
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
161
iov[i].iov_base, iov[i].iov_len);
162
}
163
164
+
rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);
165
166
+
return rc;
167
}
168
169
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
···
313
wchar_t *user;
314
wchar_t *domain;
315
wchar_t *server;
316
+
317
+
if (!ses->server->ntlmssp.sdeschmacmd5) {
318
+
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
319
+
return -1;
320
+
}
321
322
/* calculate md4 hash of password */
323
E_md4hash(ses->password, nt_hash);
324
325
crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash,
326
CIFS_NTHASH_SIZE);
327
328
+
rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash);
329
if (rc) {
330
+
cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5\n");
331
return rc;
332
}
333
334
/* convert ses->userName to unicode and uppercase */
335
len = strlen(ses->userName);
336
user = kmalloc(2 + (len * 2), GFP_KERNEL);
337
+
if (user == NULL) {
338
+
cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
339
+
rc = -ENOMEM;
340
goto calc_exit_2;
341
+
}
342
len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);
343
UniStrupr(user);
344
345
+
crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
346
+
(char *)user, 2 * len);
347
348
/* convert ses->domainName to unicode and uppercase */
349
if (ses->domainName) {
350
len = strlen(ses->domainName);
351
352
domain = kmalloc(2 + (len * 2), GFP_KERNEL);
353
+
if (domain == NULL) {
354
+
cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure");
355
+
rc = -ENOMEM;
356
goto calc_exit_1;
357
+
}
358
len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len,
359
nls_cp);
360
/* the following line was removed since it didn't work well
···
357
Maybe converting the domain name earlier makes sense */
358
/* UniStrupr(domain); */
359
360
+
crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
361
+
(char *)domain, 2 * len);
362
363
kfree(domain);
364
} else if (ses->serverName) {
365
len = strlen(ses->serverName);
366
367
server = kmalloc(2 + (len * 2), GFP_KERNEL);
368
+
if (server == NULL) {
369
+
cERROR(1, "calc_ntlmv2_hash: server mem alloc failure");
370
+
rc = -ENOMEM;
371
goto calc_exit_1;
372
+
}
373
len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,
374
nls_cp);
375
/* the following line was removed since it didn't work well
···
373
Maybe converting the domain name earlier makes sense */
374
/* UniStrupr(domain); */
375
376
+
crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
377
+
(char *)server, 2 * len);
378
379
kfree(server);
380
}
381
+
382
+
rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash,
383
+
ses->server->ntlmv2_hash);
384
+
385
calc_exit_1:
386
kfree(user);
387
calc_exit_2:
388
/* BB FIXME what about bytes 24 through 40 of the signing key?
389
compare with the NTLM example */
390
391
return rc;
392
}
···
442
char *v2_session_response)
443
{
444
int rc;
445
446
+
if (!server->ntlmssp.sdeschmacmd5) {
447
+
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
448
+
return -1;
449
+
}
450
451
crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash,
452
CIFS_HMAC_MD5_HASH_SIZE);
453
454
+
rc = crypto_shash_init(&server->ntlmssp.sdeschmacmd5->shash);
455
if (rc) {
456
+
cERROR(1, "CalcNTLMv2_response: could not init hmacmd5");
457
return rc;
458
}
459
460
memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
461
server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE);
462
+
crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,
463
v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
464
sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE);
465
466
if (server->tilen)
467
+
crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,
468
server->tiblob, server->tilen);
469
470
+
rc = crypto_shash_final(&server->ntlmssp.sdeschmacmd5->shash,
471
+
v2_session_response);
472
473
return rc;
474
}
···
480
{
481
int rc = 0;
482
struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf;
483
484
buf->blob_signature = cpu_to_le32(0x00000101);
485
buf->reserved = 0;
···
511
return rc;
512
}
513
514
+
if (!ses->server->ntlmssp.sdeschmacmd5) {
515
+
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
516
+
return -1;
517
+
}
518
+
519
crypto_shash_setkey(ses->server->ntlmssp.hmacmd5,
520
ses->server->ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);
521
522
+
rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash);
523
if (rc) {
524
+
cERROR(1, "setup_ntlmv2_rsp: could not init hmacmd5\n");
525
return rc;
526
}
527
528
+
crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
529
+
resp_buf, CIFS_HMAC_MD5_HASH_SIZE);
530
531
+
rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash,
532
ses->server->session_key.data.ntlmv2.key);
533
534
memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
···
578
579
if (server->ntlmssp.hmacmd5)
580
crypto_free_shash(server->ntlmssp.hmacmd5);
581
+
582
+
kfree(server->ntlmssp.sdeschmacmd5);
583
+
584
+
kfree(server->ntlmssp.sdescmd5);
585
}
586
587
int
588
cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
589
{
590
+
int rc;
591
+
unsigned int size;
592
+
593
server->ntlmssp.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
594
if (!server->ntlmssp.hmacmd5 ||
595
IS_ERR(server->ntlmssp.hmacmd5)) {
596
+
cERROR(1, "could not allocate crypto hmacmd5\n");
597
return 1;
598
}
599
600
server->ntlmssp.md5 = crypto_alloc_shash("md5", 0, 0);
601
if (!server->ntlmssp.md5 || IS_ERR(server->ntlmssp.md5)) {
602
+
cERROR(1, "could not allocate crypto md5\n");
603
+
rc = 1;
604
+
goto cifs_crypto_shash_allocate_ret1;
605
}
606
607
+
size = sizeof(struct shash_desc) +
608
+
crypto_shash_descsize(server->ntlmssp.hmacmd5);
609
+
server->ntlmssp.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
610
+
if (!server->ntlmssp.sdeschmacmd5) {
611
+
cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5\n");
612
+
rc = -ENOMEM;
613
+
goto cifs_crypto_shash_allocate_ret2;
614
+
}
615
+
server->ntlmssp.sdeschmacmd5->shash.tfm = server->ntlmssp.hmacmd5;
616
+
server->ntlmssp.sdeschmacmd5->shash.flags = 0x0;
617
+
618
+
619
+
size = sizeof(struct shash_desc) +
620
+
crypto_shash_descsize(server->ntlmssp.md5);
621
+
server->ntlmssp.sdescmd5 = kmalloc(size, GFP_KERNEL);
622
+
if (!server->ntlmssp.sdescmd5) {
623
+
cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5\n");
624
+
rc = -ENOMEM;
625
+
goto cifs_crypto_shash_allocate_ret3;
626
+
}
627
+
server->ntlmssp.sdescmd5->shash.tfm = server->ntlmssp.md5;
628
+
server->ntlmssp.sdescmd5->shash.flags = 0x0;
629
+
630
return 0;
631
+
632
+
cifs_crypto_shash_allocate_ret3:
633
+
kfree(server->ntlmssp.sdeschmacmd5);
634
+
635
+
cifs_crypto_shash_allocate_ret2:
636
+
crypto_free_shash(server->ntlmssp.md5);
637
+
638
+
cifs_crypto_shash_allocate_ret1:
639
+
crypto_free_shash(server->ntlmssp.hmacmd5);
640
+
641
+
return rc;
642
}
+7
fs/cifs/cifsglob.h
+7
fs/cifs/cifsglob.h
···
123
struct cifs_ace *aces;
124
};
125
126
+
struct sdesc {
127
+
struct shash_desc shash;
128
+
char ctx[];
129
+
};
130
+
131
struct ntlmssp_auth {
132
__u32 client_flags;
133
__u32 server_flags;
134
unsigned char ciphertext[CIFS_CPHTXT_SIZE];
135
struct crypto_shash *hmacmd5;
136
struct crypto_shash *md5;
137
+
struct sdesc *sdeschmacmd5;
138
+
struct sdesc *sdescmd5;
139
};
140
141
/*