Skip to content

Commit

Permalink
Revert "Eliminate sparse warning - bad constant expression"
Browse files Browse the repository at this point in the history 
This reverts commit 2d20ca8.

    The change to kernel crypto and fixes to ntlvm2 and ntlmssp
    series, introduced a regression.  Deferring this patch series
    to 2.6.37 after Shirish fixes it.

Signed-off-by: Steve French <sfrench@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
CC: Shirish Pargaonkar <shirishp@us.ibm.com>
  • Loading branch information
Steve French committed Sep 8, 2010
1 parent 7100ae9 commit 56234e2
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 128 deletions.
193 changes: 72 additions & 121 deletions fs/cifs/cifsencrypt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,38 +45,39 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
struct TCP_Server_Info *server, char *signature)
{
int rc;
int rc = 0;
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(server->ntlmssp.md5)];
} sdesc;

if (cifs_pdu == NULL || server == NULL || signature == NULL)
return -EINVAL;

if (!server->ntlmssp.sdescmd5) {
cERROR(1,
"cifs_calculate_signature: can't generate signature\n");
return -1;
}
sdesc.shash.tfm = server->ntlmssp.md5;
sdesc.shash.flags = 0x0;

rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);
rc = crypto_shash_init(&sdesc.shash);
if (rc) {
cERROR(1, "cifs_calculate_signature: oould not init md5\n");
cERROR(1, "could not initialize master crypto API hmacmd5\n");
return rc;
}

if (server->secType == RawNTLMSSP)
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
server->session_key.data.ntlmv2.key,
CIFS_NTLMV2_SESSKEY_SIZE);
else
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
(char *)&server->session_key.data,
server->session_key.len);

crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
cifs_pdu->Protocol, cifs_pdu->smb_buf_length);

rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);
rc = crypto_shash_final(&sdesc.shash, signature);

return rc;
return 0;
}


Expand Down Expand Up @@ -114,53 +115,55 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
struct TCP_Server_Info *server, char *signature)
{
int i;
int rc;
int rc = 0;
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(server->ntlmssp.md5)];
} sdesc;

if (iov == NULL || server == NULL || signature == NULL)
return -EINVAL;

if (!server->ntlmssp.sdescmd5) {
cERROR(1, "cifs_calc_signature2: can't generate signature\n");
return -1;
}
sdesc.shash.tfm = server->ntlmssp.md5;
sdesc.shash.flags = 0x0;

rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);
rc = crypto_shash_init(&sdesc.shash);
if (rc) {
cERROR(1, "cifs_calc_signature2: oould not init md5\n");
cERROR(1, "could not initialize master crypto API hmacmd5\n");
return rc;
}

if (server->secType == RawNTLMSSP)
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
server->session_key.data.ntlmv2.key,
CIFS_NTLMV2_SESSKEY_SIZE);
else
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
(char *)&server->session_key.data,
server->session_key.len);

for (i = 0; i < n_vec; i++) {
if (iov[i].iov_len == 0)
continue;
if (iov[i].iov_base == NULL) {
cERROR(1, "cifs_calc_signature2: null iovec entry");
cERROR(1, "null iovec entry");
return -EIO;
}
/* The first entry includes a length field (which does not get
signed that occupies the first 4 bytes before the header */
if (i == 0) {
if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
break; /* nothing to sign or corrupt header */
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
iov[i].iov_base + 4, iov[i].iov_len - 4);
} else
crypto_shash_update(&server->ntlmssp.sdescmd5->shash,
crypto_shash_update(&sdesc.shash,
iov[i].iov_base, iov[i].iov_len);
}

rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);
rc = crypto_shash_final(&sdesc.shash, signature);

return rc;
return 0;
}

int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
Expand Down Expand Up @@ -310,89 +313,76 @@ static int calc_ntlmv2_hash(struct cifsSesInfo *ses,
wchar_t *user;
wchar_t *domain;
wchar_t *server;

if (!ses->server->ntlmssp.sdeschmacmd5) {
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
return -1;
}
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];
} sdesc;

/* calculate md4 hash of password */
E_md4hash(ses->password, nt_hash);

sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;
sdesc.shash.flags = 0x0;

crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash,
CIFS_NTHASH_SIZE);

rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash);
rc = crypto_shash_init(&sdesc.shash);
if (rc) {
cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5\n");
cERROR(1, "could not initialize master crypto API hmacmd5\n");
return rc;
}

/* convert ses->userName to unicode and uppercase */
len = strlen(ses->userName);
user = kmalloc(2 + (len * 2), GFP_KERNEL);
if (user == NULL) {
cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
rc = -ENOMEM;
if (user == NULL)
goto calc_exit_2;
}
len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);
UniStrupr(user);

crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
(char *)user, 2 * len);
crypto_shash_update(&sdesc.shash, (char *)user, 2 * len);

/* convert ses->domainName to unicode and uppercase */
if (ses->domainName) {
len = strlen(ses->domainName);

domain = kmalloc(2 + (len * 2), GFP_KERNEL);
if (domain == NULL) {
cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure");
rc = -ENOMEM;
if (domain == NULL)
goto calc_exit_1;
}
len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len,
nls_cp);
/* the following line was removed since it didn't work well
with lower cased domain name that passed as an option.
Maybe converting the domain name earlier makes sense */
/* UniStrupr(domain); */

crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
(char *)domain, 2 * len);
crypto_shash_update(&sdesc.shash, (char *)domain, 2 * len);

kfree(domain);
} else if (ses->serverName) {
len = strlen(ses->serverName);

server = kmalloc(2 + (len * 2), GFP_KERNEL);
if (server == NULL) {
cERROR(1, "calc_ntlmv2_hash: server mem alloc failure");
rc = -ENOMEM;
if (server == NULL)
goto calc_exit_1;
}
len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,
nls_cp);
/* the following line was removed since it didn't work well
with lower cased domain name that passed as an option.
Maybe converting the domain name earlier makes sense */
/* UniStrupr(domain); */

crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
(char *)server, 2 * len);
crypto_shash_update(&sdesc.shash, (char *)server, 2 * len);

kfree(server);
}

rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash,
ses->server->ntlmv2_hash);

calc_exit_1:
kfree(user);
calc_exit_2:
/* BB FIXME what about bytes 24 through 40 of the signing key?
compare with the NTLM example */
rc = crypto_shash_final(&sdesc.shash, ses->server->ntlmv2_hash);

return rc;
}
Expand Down Expand Up @@ -452,33 +442,34 @@ CalcNTLMv2_response(const struct TCP_Server_Info *server,
char *v2_session_response)
{
int rc;
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(server->ntlmssp.hmacmd5)];
} sdesc;

if (!server->ntlmssp.sdeschmacmd5) {
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
return -1;
}
sdesc.shash.tfm = server->ntlmssp.hmacmd5;
sdesc.shash.flags = 0x0;

crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash,
CIFS_HMAC_MD5_HASH_SIZE);

rc = crypto_shash_init(&server->ntlmssp.sdeschmacmd5->shash);
rc = crypto_shash_init(&sdesc.shash);
if (rc) {
cERROR(1, "CalcNTLMv2_response: could not init hmacmd5");
cERROR(1, "could not initialize master crypto API hmacmd5\n");
return rc;
}

memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE);
crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,
crypto_shash_update(&sdesc.shash,
v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,
sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE);

if (server->tilen)
crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,
crypto_shash_update(&sdesc.shash,
server->tiblob, server->tilen);

rc = crypto_shash_final(&server->ntlmssp.sdeschmacmd5->shash,
v2_session_response);
rc = crypto_shash_final(&sdesc.shash, v2_session_response);

return rc;
}
Expand All @@ -489,6 +480,10 @@ setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
{
int rc = 0;
struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf;
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(ses->server->ntlmssp.hmacmd5)];
} sdesc;

buf->blob_signature = cpu_to_le32(0x00000101);
buf->reserved = 0;
Expand Down Expand Up @@ -516,24 +511,21 @@ setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
return rc;
}

if (!ses->server->ntlmssp.sdeschmacmd5) {
cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");
return -1;
}

crypto_shash_setkey(ses->server->ntlmssp.hmacmd5,
ses->server->ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE);

rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash);
sdesc.shash.tfm = ses->server->ntlmssp.hmacmd5;
sdesc.shash.flags = 0x0;

rc = crypto_shash_init(&sdesc.shash);
if (rc) {
cERROR(1, "setup_ntlmv2_rsp: could not init hmacmd5\n");
cERROR(1, "could not initialize master crypto API hmacmd5\n");
return rc;
}

crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,
resp_buf, CIFS_HMAC_MD5_HASH_SIZE);
crypto_shash_update(&sdesc.shash, resp_buf, CIFS_HMAC_MD5_HASH_SIZE);

rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash,
rc = crypto_shash_final(&sdesc.shash,
ses->server->session_key.data.ntlmv2.key);

memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
Expand Down Expand Up @@ -586,65 +578,24 @@ cifs_crypto_shash_release(struct TCP_Server_Info *server)

if (server->ntlmssp.hmacmd5)
crypto_free_shash(server->ntlmssp.hmacmd5);

kfree(server->ntlmssp.sdeschmacmd5);

kfree(server->ntlmssp.sdescmd5);
}

int
cifs_crypto_shash_allocate(struct TCP_Server_Info *server)
{
int rc;
unsigned int size;

server->ntlmssp.hmacmd5 = crypto_alloc_shash("hmac(md5)", 0, 0);
if (!server->ntlmssp.hmacmd5 ||
IS_ERR(server->ntlmssp.hmacmd5)) {
cERROR(1, "could not allocate crypto hmacmd5\n");
cERROR(1, "could not allocate master crypto API hmacmd5\n");
return 1;
}

server->ntlmssp.md5 = crypto_alloc_shash("md5", 0, 0);
if (!server->ntlmssp.md5 || IS_ERR(server->ntlmssp.md5)) {
cERROR(1, "could not allocate crypto md5\n");
rc = 1;
goto cifs_crypto_shash_allocate_ret1;
}

size = sizeof(struct shash_desc) +
crypto_shash_descsize(server->ntlmssp.hmacmd5);
server->ntlmssp.sdeschmacmd5 = kmalloc(size, GFP_KERNEL);
if (!server->ntlmssp.sdeschmacmd5) {
cERROR(1, "cifs_crypto_shash_allocate: can't alloc hmacmd5\n");
rc = -ENOMEM;
goto cifs_crypto_shash_allocate_ret2;
}
server->ntlmssp.sdeschmacmd5->shash.tfm = server->ntlmssp.hmacmd5;
server->ntlmssp.sdeschmacmd5->shash.flags = 0x0;


size = sizeof(struct shash_desc) +
crypto_shash_descsize(server->ntlmssp.md5);
server->ntlmssp.sdescmd5 = kmalloc(size, GFP_KERNEL);
if (!server->ntlmssp.sdescmd5) {
cERROR(1, "cifs_crypto_shash_allocate: can't alloc md5\n");
rc = -ENOMEM;
goto cifs_crypto_shash_allocate_ret3;
crypto_free_shash(server->ntlmssp.hmacmd5);
cERROR(1, "could not allocate master crypto API md5\n");
return 1;
}
server->ntlmssp.sdescmd5->shash.tfm = server->ntlmssp.md5;
server->ntlmssp.sdescmd5->shash.flags = 0x0;

return 0;

cifs_crypto_shash_allocate_ret3:
kfree(server->ntlmssp.sdeschmacmd5);

cifs_crypto_shash_allocate_ret2:
crypto_free_shash(server->ntlmssp.md5);

cifs_crypto_shash_allocate_ret1:
crypto_free_shash(server->ntlmssp.hmacmd5);

return rc;
}
Loading

0 comments on commit 56234e2

Please sign in to comment.