2 * fs/cifs/cifsencrypt.c
4 * Copyright (C) International Business Machines Corp., 2005,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include <linux/slab.h>
26 #include "cifs_debug.h"
27 #include "cifs_unicode.h"
28 #include "cifsproto.h"
30 #include <linux/ctype.h>
31 #include <linux/random.h>
34 * Calculate and return the CIFS signature based on the mac key and SMB PDU.
35 * The 16 byte signature must be allocated by the caller. Note we only use the
36 * 1st eight bytes and that the smb header signature field on input contains
37 * the sequence number before this function is called. Also, this function
38 * should be called with the server->srv_mutex held.
40 static int cifs_calc_signature(const struct kvec
*iov
, int n_vec
,
41 struct TCP_Server_Info
*server
, char *signature
)
46 if (iov
== NULL
|| signature
== NULL
|| server
== NULL
)
49 if (!server
->secmech
.sdescmd5
) {
50 cERROR(1, "%s: Can't generate signature\n", __func__
);
54 rc
= crypto_shash_init(&server
->secmech
.sdescmd5
->shash
);
56 cERROR(1, "%s: Could not init md5\n", __func__
);
60 rc
= crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
61 server
->session_key
.response
, server
->session_key
.len
);
63 cERROR(1, "%s: Could not update with response\n", __func__
);
67 for (i
= 0; i
< n_vec
; i
++) {
68 if (iov
[i
].iov_len
== 0)
70 if (iov
[i
].iov_base
== NULL
) {
71 cERROR(1, "null iovec entry");
74 /* The first entry includes a length field (which does not get
75 signed that occupies the first 4 bytes before the header */
77 if (iov
[0].iov_len
<= 8) /* cmd field at offset 9 */
78 break; /* nothing to sign or corrupt header */
80 crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
81 iov
[i
].iov_base
+ 4, iov
[i
].iov_len
- 4);
84 crypto_shash_update(&server
->secmech
.sdescmd5
->shash
,
85 iov
[i
].iov_base
, iov
[i
].iov_len
);
88 cERROR(1, "%s: Could not update with payload\n",
94 rc
= crypto_shash_final(&server
->secmech
.sdescmd5
->shash
, signature
);
96 cERROR(1, "%s: Could not generate md5 hash\n", __func__
);
101 /* must be called with server->srv_mutex held */
102 int cifs_sign_smb2(struct kvec
*iov
, int n_vec
, struct TCP_Server_Info
*server
,
103 __u32
*pexpected_response_sequence_number
)
106 char smb_signature
[20];
107 struct smb_hdr
*cifs_pdu
= (struct smb_hdr
*)iov
[0].iov_base
;
109 if ((cifs_pdu
== NULL
) || (server
== NULL
))
112 if (!(cifs_pdu
->Flags2
& SMBFLG2_SECURITY_SIGNATURE
) ||
113 server
->tcpStatus
== CifsNeedNegotiate
)
116 if (!server
->session_estab
) {
117 memcpy(cifs_pdu
->Signature
.SecuritySignature
, "BSRSPYL", 8);
121 cifs_pdu
->Signature
.Sequence
.SequenceNumber
=
122 cpu_to_le32(server
->sequence_number
);
123 cifs_pdu
->Signature
.Sequence
.Reserved
= 0;
125 *pexpected_response_sequence_number
= server
->sequence_number
++;
126 server
->sequence_number
++;
128 rc
= cifs_calc_signature(iov
, n_vec
, server
, smb_signature
);
130 memset(cifs_pdu
->Signature
.SecuritySignature
, 0, 8);
132 memcpy(cifs_pdu
->Signature
.SecuritySignature
, smb_signature
, 8);
137 /* must be called with server->srv_mutex held */
138 int cifs_sign_smb(struct smb_hdr
*cifs_pdu
, struct TCP_Server_Info
*server
,
139 __u32
*pexpected_response_sequence_number
)
143 iov
.iov_base
= cifs_pdu
;
144 iov
.iov_len
= be32_to_cpu(cifs_pdu
->smb_buf_length
) + 4;
146 return cifs_sign_smb2(&iov
, 1, server
,
147 pexpected_response_sequence_number
);
150 int cifs_verify_signature(struct kvec
*iov
, unsigned int nr_iov
,
151 struct TCP_Server_Info
*server
,
152 __u32 expected_sequence_number
)
155 char server_response_sig
[8];
156 char what_we_think_sig_should_be
[20];
157 struct smb_hdr
*cifs_pdu
= (struct smb_hdr
*)iov
[0].iov_base
;
159 if (cifs_pdu
== NULL
|| server
== NULL
)
162 if (!server
->session_estab
)
165 if (cifs_pdu
->Command
== SMB_COM_LOCKING_ANDX
) {
166 struct smb_com_lock_req
*pSMB
=
167 (struct smb_com_lock_req
*)cifs_pdu
;
168 if (pSMB
->LockType
& LOCKING_ANDX_OPLOCK_RELEASE
)
172 /* BB what if signatures are supposed to be on for session but
173 server does not send one? BB */
175 /* Do not need to verify session setups with signature "BSRSPYL " */
176 if (memcmp(cifs_pdu
->Signature
.SecuritySignature
, "BSRSPYL ", 8) == 0)
177 cFYI(1, "dummy signature received for smb command 0x%x",
180 /* save off the origiginal signature so we can modify the smb and check
181 its signature against what the server sent */
182 memcpy(server_response_sig
, cifs_pdu
->Signature
.SecuritySignature
, 8);
184 cifs_pdu
->Signature
.Sequence
.SequenceNumber
=
185 cpu_to_le32(expected_sequence_number
);
186 cifs_pdu
->Signature
.Sequence
.Reserved
= 0;
188 mutex_lock(&server
->srv_mutex
);
189 rc
= cifs_calc_signature(iov
, nr_iov
, server
,
190 what_we_think_sig_should_be
);
191 mutex_unlock(&server
->srv_mutex
);
196 /* cifs_dump_mem("what we think it should be: ",
197 what_we_think_sig_should_be, 16); */
199 if (memcmp(server_response_sig
, what_we_think_sig_should_be
, 8))
206 /* first calculate 24 bytes ntlm response and then 16 byte session key */
207 int setup_ntlm_response(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
210 unsigned int temp_len
= CIFS_SESS_KEY_SIZE
+ CIFS_AUTH_RESP_SIZE
;
211 char temp_key
[CIFS_SESS_KEY_SIZE
];
216 ses
->auth_key
.response
= kmalloc(temp_len
, GFP_KERNEL
);
217 if (!ses
->auth_key
.response
) {
218 cERROR(1, "NTLM can't allocate (%u bytes) memory", temp_len
);
221 ses
->auth_key
.len
= temp_len
;
223 rc
= SMBNTencrypt(ses
->password
, ses
->server
->cryptkey
,
224 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
, nls_cp
);
226 cFYI(1, "%s Can't generate NTLM response, error: %d",
231 rc
= E_md4hash(ses
->password
, temp_key
, nls_cp
);
233 cFYI(1, "%s Can't generate NT hash, error: %d", __func__
, rc
);
237 rc
= mdfour(ses
->auth_key
.response
, temp_key
, CIFS_SESS_KEY_SIZE
);
239 cFYI(1, "%s Can't generate NTLM session key, error: %d",
245 #ifdef CONFIG_CIFS_WEAK_PW_HASH
246 int calc_lanman_hash(const char *password
, const char *cryptkey
, bool encrypt
,
247 char *lnm_session_key
)
251 char password_with_pad
[CIFS_ENCPWD_SIZE
];
253 memset(password_with_pad
, 0, CIFS_ENCPWD_SIZE
);
255 strncpy(password_with_pad
, password
, CIFS_ENCPWD_SIZE
);
257 if (!encrypt
&& global_secflags
& CIFSSEC_MAY_PLNTXT
) {
258 memset(lnm_session_key
, 0, CIFS_SESS_KEY_SIZE
);
259 memcpy(lnm_session_key
, password_with_pad
,
264 /* calculate old style session key */
265 /* calling toupper is less broken than repeatedly
266 calling nls_toupper would be since that will never
267 work for UTF8, but neither handles multibyte code pages
268 but the only alternative would be converting to UCS-16 (Unicode)
269 (using a routine something like UniStrupr) then
270 uppercasing and then converting back from Unicode - which
271 would only worth doing it if we knew it were utf8. Basically
272 utf8 and other multibyte codepages each need their own strupper
273 function since a byte at a time will ont work. */
275 for (i
= 0; i
< CIFS_ENCPWD_SIZE
; i
++)
276 password_with_pad
[i
] = toupper(password_with_pad
[i
]);
278 rc
= SMBencrypt(password_with_pad
, cryptkey
, lnm_session_key
);
282 #endif /* CIFS_WEAK_PW_HASH */
284 /* Build a proper attribute value/target info pairs blob.
285 * Fill in netbios and dns domain name and workstation name
286 * and client time (total five av pairs and + one end of fields indicator.
287 * Allocate domain name which gets freed when session struct is deallocated.
290 build_avpair_blob(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
293 unsigned int size
= 2 * sizeof(struct ntlmssp2_name
);
294 char *defdmname
= "WORKGROUP";
295 unsigned char *blobptr
;
296 struct ntlmssp2_name
*attrptr
;
298 if (!ses
->domainName
) {
299 ses
->domainName
= kstrdup(defdmname
, GFP_KERNEL
);
300 if (!ses
->domainName
)
304 dlen
= strlen(ses
->domainName
);
307 * The length of this blob is two times the size of a
308 * structure (av pair) which holds name/size
309 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
310 * unicode length of a netbios domain name
312 ses
->auth_key
.len
= size
+ 2 * dlen
;
313 ses
->auth_key
.response
= kzalloc(ses
->auth_key
.len
, GFP_KERNEL
);
314 if (!ses
->auth_key
.response
) {
315 ses
->auth_key
.len
= 0;
316 cERROR(1, "Challenge target info allocation failure");
320 blobptr
= ses
->auth_key
.response
;
321 attrptr
= (struct ntlmssp2_name
*) blobptr
;
324 * As defined in MS-NTLM 3.3.2, just this av pair field
325 * is sufficient as part of the temp
327 attrptr
->type
= cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME
);
328 attrptr
->length
= cpu_to_le16(2 * dlen
);
329 blobptr
= (unsigned char *)attrptr
+ sizeof(struct ntlmssp2_name
);
330 cifs_strtoUTF16((__le16
*)blobptr
, ses
->domainName
, dlen
, nls_cp
);
335 /* Server has provided av pairs/target info in the type 2 challenge
336 * packet and we have plucked it and stored within smb session.
337 * We parse that blob here to find netbios domain name to be used
338 * as part of ntlmv2 authentication (in Target String), if not already
339 * specified on the command line.
340 * If this function returns without any error but without fetching
341 * domain name, authentication may fail against some server but
342 * may not fail against other (those who are not very particular
343 * about target string i.e. for some, just user name might suffice.
346 find_domain_name(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
348 unsigned int attrsize
;
350 unsigned int onesize
= sizeof(struct ntlmssp2_name
);
351 unsigned char *blobptr
;
352 unsigned char *blobend
;
353 struct ntlmssp2_name
*attrptr
;
355 if (!ses
->auth_key
.len
|| !ses
->auth_key
.response
)
358 blobptr
= ses
->auth_key
.response
;
359 blobend
= blobptr
+ ses
->auth_key
.len
;
361 while (blobptr
+ onesize
< blobend
) {
362 attrptr
= (struct ntlmssp2_name
*) blobptr
;
363 type
= le16_to_cpu(attrptr
->type
);
364 if (type
== NTLMSSP_AV_EOL
)
366 blobptr
+= 2; /* advance attr type */
367 attrsize
= le16_to_cpu(attrptr
->length
);
368 blobptr
+= 2; /* advance attr size */
369 if (blobptr
+ attrsize
> blobend
)
371 if (type
== NTLMSSP_AV_NB_DOMAIN_NAME
) {
374 if (!ses
->domainName
) {
376 kmalloc(attrsize
+ 1, GFP_KERNEL
);
377 if (!ses
->domainName
)
379 cifs_from_utf16(ses
->domainName
,
380 (__le16
*)blobptr
, attrsize
, attrsize
,
385 blobptr
+= attrsize
; /* advance attr value */
391 static int calc_ntlmv2_hash(struct cifs_ses
*ses
, char *ntlmv2_hash
,
392 const struct nls_table
*nls_cp
)
396 char nt_hash
[CIFS_NTHASH_SIZE
];
401 if (!ses
->server
->secmech
.sdeschmacmd5
) {
402 cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
406 /* calculate md4 hash of password */
407 E_md4hash(ses
->password
, nt_hash
, nls_cp
);
409 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
, nt_hash
,
412 cERROR(1, "%s: Could not set NT Hash as a key", __func__
);
416 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
418 cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5\n");
422 /* convert ses->user_name to unicode and uppercase */
423 len
= ses
->user_name
? strlen(ses
->user_name
) : 0;
424 user
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
426 cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
432 len
= cifs_strtoUTF16((__le16
*)user
, ses
->user_name
, len
, nls_cp
);
435 memset(user
, '\0', 2);
438 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
439 (char *)user
, 2 * len
);
442 cERROR(1, "%s: Could not update with user\n", __func__
);
446 /* convert ses->domainName to unicode and uppercase */
447 if (ses
->domainName
) {
448 len
= strlen(ses
->domainName
);
450 domain
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
451 if (domain
== NULL
) {
452 cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure");
456 len
= cifs_strtoUTF16((__le16
*)domain
, ses
->domainName
, len
,
459 crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
460 (char *)domain
, 2 * len
);
463 cERROR(1, "%s: Could not update with domain\n",
467 } else if (ses
->serverName
) {
468 len
= strlen(ses
->serverName
);
470 server
= kmalloc(2 + (len
* 2), GFP_KERNEL
);
471 if (server
== NULL
) {
472 cERROR(1, "calc_ntlmv2_hash: server mem alloc failure");
476 len
= cifs_strtoUTF16((__le16
*)server
, ses
->serverName
, len
,
479 crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
480 (char *)server
, 2 * len
);
483 cERROR(1, "%s: Could not update with server\n",
489 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
492 cERROR(1, "%s: Could not generate md5 hash\n", __func__
);
498 CalcNTLMv2_response(const struct cifs_ses
*ses
, char *ntlmv2_hash
)
501 unsigned int offset
= CIFS_SESS_KEY_SIZE
+ 8;
503 if (!ses
->server
->secmech
.sdeschmacmd5
) {
504 cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
508 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
,
509 ntlmv2_hash
, CIFS_HMAC_MD5_HASH_SIZE
);
511 cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__
);
515 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
517 cERROR(1, "CalcNTLMv2_response: could not init hmacmd5");
521 if (ses
->server
->secType
== RawNTLMSSP
)
522 memcpy(ses
->auth_key
.response
+ offset
,
523 ses
->ntlmssp
->cryptkey
, CIFS_SERVER_CHALLENGE_SIZE
);
525 memcpy(ses
->auth_key
.response
+ offset
,
526 ses
->server
->cryptkey
, CIFS_SERVER_CHALLENGE_SIZE
);
527 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
528 ses
->auth_key
.response
+ offset
, ses
->auth_key
.len
- offset
);
530 cERROR(1, "%s: Could not update with response\n", __func__
);
534 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
535 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
);
537 cERROR(1, "%s: Could not generate md5 hash\n", __func__
);
544 setup_ntlmv2_rsp(struct cifs_ses
*ses
, const struct nls_table
*nls_cp
)
549 struct ntlmv2_resp
*buf
;
550 char ntlmv2_hash
[16];
551 unsigned char *tiblob
= NULL
; /* target info blob */
553 if (ses
->server
->secType
== RawNTLMSSP
) {
554 if (!ses
->domainName
) {
555 rc
= find_domain_name(ses
, nls_cp
);
557 cERROR(1, "error %d finding domain name", rc
);
558 goto setup_ntlmv2_rsp_ret
;
562 rc
= build_avpair_blob(ses
, nls_cp
);
564 cERROR(1, "error %d building av pair blob", rc
);
565 goto setup_ntlmv2_rsp_ret
;
569 baselen
= CIFS_SESS_KEY_SIZE
+ sizeof(struct ntlmv2_resp
);
570 tilen
= ses
->auth_key
.len
;
571 tiblob
= ses
->auth_key
.response
;
573 ses
->auth_key
.response
= kmalloc(baselen
+ tilen
, GFP_KERNEL
);
574 if (!ses
->auth_key
.response
) {
576 ses
->auth_key
.len
= 0;
577 cERROR(1, "%s: Can't allocate auth blob", __func__
);
578 goto setup_ntlmv2_rsp_ret
;
580 ses
->auth_key
.len
+= baselen
;
582 buf
= (struct ntlmv2_resp
*)
583 (ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
);
584 buf
->blob_signature
= cpu_to_le32(0x00000101);
586 buf
->time
= cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME
));
587 get_random_bytes(&buf
->client_chal
, sizeof(buf
->client_chal
));
590 memcpy(ses
->auth_key
.response
+ baselen
, tiblob
, tilen
);
592 /* calculate ntlmv2_hash */
593 rc
= calc_ntlmv2_hash(ses
, ntlmv2_hash
, nls_cp
);
595 cERROR(1, "could not get v2 hash rc %d", rc
);
596 goto setup_ntlmv2_rsp_ret
;
599 /* calculate first part of the client response (CR1) */
600 rc
= CalcNTLMv2_response(ses
, ntlmv2_hash
);
602 cERROR(1, "Could not calculate CR1 rc: %d", rc
);
603 goto setup_ntlmv2_rsp_ret
;
606 /* now calculate the session key for NTLMv2 */
607 rc
= crypto_shash_setkey(ses
->server
->secmech
.hmacmd5
,
608 ntlmv2_hash
, CIFS_HMAC_MD5_HASH_SIZE
);
610 cERROR(1, "%s: Could not set NTLMV2 Hash as a key", __func__
);
611 goto setup_ntlmv2_rsp_ret
;
614 rc
= crypto_shash_init(&ses
->server
->secmech
.sdeschmacmd5
->shash
);
616 cERROR(1, "%s: Could not init hmacmd5\n", __func__
);
617 goto setup_ntlmv2_rsp_ret
;
620 rc
= crypto_shash_update(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
621 ses
->auth_key
.response
+ CIFS_SESS_KEY_SIZE
,
622 CIFS_HMAC_MD5_HASH_SIZE
);
624 cERROR(1, "%s: Could not update with response\n", __func__
);
625 goto setup_ntlmv2_rsp_ret
;
628 rc
= crypto_shash_final(&ses
->server
->secmech
.sdeschmacmd5
->shash
,
629 ses
->auth_key
.response
);
631 cERROR(1, "%s: Could not generate md5 hash\n", __func__
);
633 setup_ntlmv2_rsp_ret
:
640 calc_seckey(struct cifs_ses
*ses
)
643 struct crypto_blkcipher
*tfm_arc4
;
644 struct scatterlist sgin
, sgout
;
645 struct blkcipher_desc desc
;
646 unsigned char sec_key
[CIFS_SESS_KEY_SIZE
]; /* a nonce */
648 get_random_bytes(sec_key
, CIFS_SESS_KEY_SIZE
);
650 tfm_arc4
= crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC
);
651 if (IS_ERR(tfm_arc4
)) {
652 rc
= PTR_ERR(tfm_arc4
);
653 cERROR(1, "could not allocate crypto API arc4\n");
659 rc
= crypto_blkcipher_setkey(tfm_arc4
, ses
->auth_key
.response
,
662 cERROR(1, "%s: Could not set response as a key", __func__
);
666 sg_init_one(&sgin
, sec_key
, CIFS_SESS_KEY_SIZE
);
667 sg_init_one(&sgout
, ses
->ntlmssp
->ciphertext
, CIFS_CPHTXT_SIZE
);
669 rc
= crypto_blkcipher_encrypt(&desc
, &sgout
, &sgin
, CIFS_CPHTXT_SIZE
);
671 cERROR(1, "could not encrypt session key rc: %d\n", rc
);
672 crypto_free_blkcipher(tfm_arc4
);
676 /* make secondary_key/nonce as session key */
677 memcpy(ses
->auth_key
.response
, sec_key
, CIFS_SESS_KEY_SIZE
);
678 /* and make len as that of session key only */
679 ses
->auth_key
.len
= CIFS_SESS_KEY_SIZE
;
681 crypto_free_blkcipher(tfm_arc4
);
687 cifs_crypto_shash_release(struct TCP_Server_Info
*server
)
689 if (server
->secmech
.md5
)
690 crypto_free_shash(server
->secmech
.md5
);
692 if (server
->secmech
.hmacmd5
)
693 crypto_free_shash(server
->secmech
.hmacmd5
);
695 kfree(server
->secmech
.sdeschmacmd5
);
697 kfree(server
->secmech
.sdescmd5
);
701 cifs_crypto_shash_allocate(struct TCP_Server_Info
*server
)
706 server
->secmech
.hmacmd5
= crypto_alloc_shash("hmac(md5)", 0, 0);
707 if (IS_ERR(server
->secmech
.hmacmd5
)) {
708 cERROR(1, "could not allocate crypto hmacmd5\n");
709 return PTR_ERR(server
->secmech
.hmacmd5
);
712 server
->secmech
.md5
= crypto_alloc_shash("md5", 0, 0);
713 if (IS_ERR(server
->secmech
.md5
)) {
714 cERROR(1, "could not allocate crypto md5\n");
715 rc
= PTR_ERR(server
->secmech
.md5
);
716 goto crypto_allocate_md5_fail
;
719 size
= sizeof(struct shash_desc
) +
720 crypto_shash_descsize(server
->secmech
.hmacmd5
);
721 server
->secmech
.sdeschmacmd5
= kmalloc(size
, GFP_KERNEL
);
722 if (!server
->secmech
.sdeschmacmd5
) {
723 cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5\n");
725 goto crypto_allocate_hmacmd5_sdesc_fail
;
727 server
->secmech
.sdeschmacmd5
->shash
.tfm
= server
->secmech
.hmacmd5
;
728 server
->secmech
.sdeschmacmd5
->shash
.flags
= 0x0;
731 size
= sizeof(struct shash_desc
) +
732 crypto_shash_descsize(server
->secmech
.md5
);
733 server
->secmech
.sdescmd5
= kmalloc(size
, GFP_KERNEL
);
734 if (!server
->secmech
.sdescmd5
) {
735 cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5\n");
737 goto crypto_allocate_md5_sdesc_fail
;
739 server
->secmech
.sdescmd5
->shash
.tfm
= server
->secmech
.md5
;
740 server
->secmech
.sdescmd5
->shash
.flags
= 0x0;
744 crypto_allocate_md5_sdesc_fail
:
745 kfree(server
->secmech
.sdeschmacmd5
);
747 crypto_allocate_hmacmd5_sdesc_fail
:
748 crypto_free_shash(server
->secmech
.md5
);
750 crypto_allocate_md5_fail
:
751 crypto_free_shash(server
->secmech
.hmacmd5
);