From: Chuck Lever Date: Mon, 27 Apr 2026 13:50:58 +0000 (-0400) Subject: SUNRPC: Remove legacy skcipher/ahash handles from krb5_ctx X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=218c56ddf687e8d243826343831c6e734857fb51;p=thirdparty%2Fkernel%2Flinux.git SUNRPC: Remove legacy skcipher/ahash handles from krb5_ctx Previous patches switched all per-message crypto operations (encrypt, decrypt, get_mic, verify_mic) from the internal skcipher/ahash primitives to crypto/krb5 AEAD and shash handles. The old crypto_sync_skcipher and crypto_ahash fields in struct krb5_ctx are no longer referenced at runtime. Remove the ten legacy handle fields from struct krb5_ctx along with the key derivation and handle allocation code in gss_krb5_import_ctx_v2() that populated them. Context import now prepares only the four crypto/krb5 handles (two AEAD for encryption, two shash for checksums). The corresponding cleanup in gss_krb5_delete_sec_context() and the error path is likewise reduced. The krb5_derive_key() inline wrapper, gss_krb5_alloc_cipher_v2(), and gss_krb5_alloc_hash_v2() become unused and are removed. The per-enctype encrypt/decrypt functions (gss_krb5_aes_encrypt, gss_krb5_aes_decrypt, krb5_etm_encrypt, krb5_etm_decrypt) that were the sole remaining consumers of these fields are also removed; their function-pointer call sites were already deleted in earlier patches. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton Acked-by: Anna Schumaker Signed-off-by: Chuck Lever --- diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 3a8e6710a51bc..cfd5b56d1b523 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c @@ -578,137 +578,6 @@ int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm, } EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_decrypt); -u32 -gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, - struct xdr_buf *buf, struct page **pages) -{ - u32 err; - struct xdr_netobj hmac; - u8 *ecptr; - struct crypto_sync_skcipher *cipher, *aux_cipher; - struct crypto_ahash *ahash; - struct page **save_pages; - unsigned int conflen; - - if (kctx->initiate) { - cipher = kctx->initiator_enc; - aux_cipher = kctx->initiator_enc_aux; - ahash = kctx->initiator_integ; - } else { - cipher = kctx->acceptor_enc; - aux_cipher = kctx->acceptor_enc_aux; - ahash = kctx->acceptor_integ; - } - conflen = crypto_sync_skcipher_blocksize(cipher); - - /* hide the gss token header and insert the confounder */ - offset += GSS_KRB5_TOK_HDR_LEN; - if (xdr_extend_head(buf, offset, conflen)) - return GSS_S_FAILURE; - krb5_make_confounder(buf->head[0].iov_base + offset, conflen); - offset -= GSS_KRB5_TOK_HDR_LEN; - - if (buf->tail[0].iov_base != NULL) { - ecptr = buf->tail[0].iov_base + buf->tail[0].iov_len; - } else { - buf->tail[0].iov_base = buf->head[0].iov_base - + buf->head[0].iov_len; - buf->tail[0].iov_len = 0; - ecptr = buf->tail[0].iov_base; - } - - /* copy plaintext gss token header after filler (if any) */ - memcpy(ecptr, buf->head[0].iov_base + offset, GSS_KRB5_TOK_HDR_LEN); - buf->tail[0].iov_len += GSS_KRB5_TOK_HDR_LEN; - buf->len += GSS_KRB5_TOK_HDR_LEN; - - hmac.len = kctx->gk5e->cksumlength; - hmac.data = buf->tail[0].iov_base + buf->tail[0].iov_len; - - /* - * When we are called, pages points to the real page cache - * data -- which we can't go and encrypt! buf->pages points - * to scratch pages which we are going to send off to the - * client/server. Swap in the plaintext pages to calculate - * the hmac. - */ - save_pages = buf->pages; - buf->pages = pages; - - err = gss_krb5_checksum(ahash, NULL, 0, buf, - offset + GSS_KRB5_TOK_HDR_LEN, &hmac); - buf->pages = save_pages; - if (err) - return GSS_S_FAILURE; - - err = krb5_cbc_cts_encrypt(cipher, aux_cipher, - offset + GSS_KRB5_TOK_HDR_LEN, - buf, pages, NULL, 0); - if (err) - return GSS_S_FAILURE; - - /* Now update buf to account for HMAC */ - buf->tail[0].iov_len += kctx->gk5e->cksumlength; - buf->len += kctx->gk5e->cksumlength; - - return GSS_S_COMPLETE; -} - -u32 -gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, - struct xdr_buf *buf, u32 *headskip, u32 *tailskip) -{ - struct crypto_sync_skcipher *cipher, *aux_cipher; - struct crypto_ahash *ahash; - struct xdr_netobj our_hmac_obj; - u8 our_hmac[GSS_KRB5_MAX_CKSUM_LEN]; - u8 pkt_hmac[GSS_KRB5_MAX_CKSUM_LEN]; - struct xdr_buf subbuf; - u32 ret = 0; - - if (kctx->initiate) { - cipher = kctx->acceptor_enc; - aux_cipher = kctx->acceptor_enc_aux; - ahash = kctx->acceptor_integ; - } else { - cipher = kctx->initiator_enc; - aux_cipher = kctx->initiator_enc_aux; - ahash = kctx->initiator_integ; - } - - /* create a segment skipping the header and leaving out the checksum */ - xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN, - (len - offset - GSS_KRB5_TOK_HDR_LEN - - kctx->gk5e->cksumlength)); - - ret = krb5_cbc_cts_decrypt(cipher, aux_cipher, 0, &subbuf); - if (ret) - goto out_err; - - our_hmac_obj.len = kctx->gk5e->cksumlength; - our_hmac_obj.data = our_hmac; - ret = gss_krb5_checksum(ahash, NULL, 0, &subbuf, 0, &our_hmac_obj); - if (ret) - goto out_err; - - /* Get the packet's hmac value */ - ret = read_bytes_from_xdr_buf(buf, len - kctx->gk5e->cksumlength, - pkt_hmac, kctx->gk5e->cksumlength); - if (ret) - goto out_err; - - if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) { - ret = GSS_S_BAD_SIG; - goto out_err; - } - *headskip = crypto_sync_skcipher_blocksize(cipher); - *tailskip = kctx->gk5e->cksumlength; -out_err: - if (ret && ret != GSS_S_BAD_SIG) - ret = GSS_S_FAILURE; - return ret; -} - /** * krb5_etm_checksum - Compute a MAC for a GSS Wrap token * @cipher: an initialized cipher transform @@ -778,182 +647,6 @@ out_free_mem: } EXPORT_SYMBOL_IF_KUNIT(krb5_etm_checksum); -/** - * krb5_etm_encrypt - Encrypt using the RFC 8009 rules - * @kctx: Kerberos context - * @offset: starting offset of the payload, in bytes - * @buf: OUT: send buffer to contain the encrypted payload - * @pages: plaintext payload - * - * The main difference with aes_encrypt is that "The HMAC is - * calculated over the cipher state concatenated with the AES - * output, instead of being calculated over the confounder and - * plaintext. This allows the message receiver to verify the - * integrity of the message before decrypting the message." - * - * RFC 8009 Section 5: - * - * encryption function: as follows, where E() is AES encryption in - * CBC-CS3 mode, and h is the size of truncated HMAC (128 bits or - * 192 bits as described above). - * - * N = random value of length 128 bits (the AES block size) - * IV = cipher state - * C = E(Ke, N | plaintext, IV) - * H = HMAC(Ki, IV | C) - * ciphertext = C | H[1..h] - * - * This encryption formula provides AEAD EtM with key separation. - * - * Return values: - * %GSS_S_COMPLETE: Encryption successful - * %GSS_S_FAILURE: Encryption failed - */ -u32 -krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset, - struct xdr_buf *buf, struct page **pages) -{ - struct crypto_sync_skcipher *cipher, *aux_cipher; - struct crypto_ahash *ahash; - struct xdr_netobj hmac; - unsigned int conflen; - u8 *ecptr; - u32 err; - - if (kctx->initiate) { - cipher = kctx->initiator_enc; - aux_cipher = kctx->initiator_enc_aux; - ahash = kctx->initiator_integ; - } else { - cipher = kctx->acceptor_enc; - aux_cipher = kctx->acceptor_enc_aux; - ahash = kctx->acceptor_integ; - } - conflen = crypto_sync_skcipher_blocksize(cipher); - - offset += GSS_KRB5_TOK_HDR_LEN; - if (xdr_extend_head(buf, offset, conflen)) - return GSS_S_FAILURE; - krb5_make_confounder(buf->head[0].iov_base + offset, conflen); - offset -= GSS_KRB5_TOK_HDR_LEN; - - if (buf->tail[0].iov_base) { - ecptr = buf->tail[0].iov_base + buf->tail[0].iov_len; - } else { - buf->tail[0].iov_base = buf->head[0].iov_base - + buf->head[0].iov_len; - buf->tail[0].iov_len = 0; - ecptr = buf->tail[0].iov_base; - } - - memcpy(ecptr, buf->head[0].iov_base + offset, GSS_KRB5_TOK_HDR_LEN); - buf->tail[0].iov_len += GSS_KRB5_TOK_HDR_LEN; - buf->len += GSS_KRB5_TOK_HDR_LEN; - - err = krb5_cbc_cts_encrypt(cipher, aux_cipher, - offset + GSS_KRB5_TOK_HDR_LEN, - buf, pages, NULL, 0); - if (err) - return GSS_S_FAILURE; - - hmac.data = buf->tail[0].iov_base + buf->tail[0].iov_len; - hmac.len = kctx->gk5e->cksumlength; - err = krb5_etm_checksum(cipher, ahash, - buf, offset + GSS_KRB5_TOK_HDR_LEN, &hmac); - if (err) - goto out_err; - buf->tail[0].iov_len += kctx->gk5e->cksumlength; - buf->len += kctx->gk5e->cksumlength; - - return GSS_S_COMPLETE; - -out_err: - return GSS_S_FAILURE; -} - -/** - * krb5_etm_decrypt - Decrypt using the RFC 8009 rules - * @kctx: Kerberos context - * @offset: starting offset of the ciphertext, in bytes - * @len: size of ciphertext to unwrap - * @buf: ciphertext to unwrap - * @headskip: OUT: the enctype's confounder length, in octets - * @tailskip: OUT: the enctype's HMAC length, in octets - * - * RFC 8009 Section 5: - * - * decryption function: as follows, where D() is AES decryption in - * CBC-CS3 mode, and h is the size of truncated HMAC. - * - * (C, H) = ciphertext - * (Note: H is the last h bits of the ciphertext.) - * IV = cipher state - * if H != HMAC(Ki, IV | C)[1..h] - * stop, report error - * (N, P) = D(Ke, C, IV) - * - * Return values: - * %GSS_S_COMPLETE: Decryption successful - * %GSS_S_BAD_SIG: computed HMAC != received HMAC - * %GSS_S_FAILURE: Decryption failed - */ -u32 -krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, - struct xdr_buf *buf, u32 *headskip, u32 *tailskip) -{ - struct crypto_sync_skcipher *cipher, *aux_cipher; - u8 our_hmac[GSS_KRB5_MAX_CKSUM_LEN]; - u8 pkt_hmac[GSS_KRB5_MAX_CKSUM_LEN]; - struct xdr_netobj our_hmac_obj; - struct crypto_ahash *ahash; - struct xdr_buf subbuf; - u32 ret = 0; - - if (kctx->initiate) { - cipher = kctx->acceptor_enc; - aux_cipher = kctx->acceptor_enc_aux; - ahash = kctx->acceptor_integ; - } else { - cipher = kctx->initiator_enc; - aux_cipher = kctx->initiator_enc_aux; - ahash = kctx->initiator_integ; - } - - /* Extract the ciphertext into @subbuf. */ - xdr_buf_subsegment(buf, &subbuf, offset + GSS_KRB5_TOK_HDR_LEN, - (len - offset - GSS_KRB5_TOK_HDR_LEN - - kctx->gk5e->cksumlength)); - - our_hmac_obj.data = our_hmac; - our_hmac_obj.len = kctx->gk5e->cksumlength; - ret = krb5_etm_checksum(cipher, ahash, &subbuf, 0, &our_hmac_obj); - if (ret) - goto out_err; - ret = read_bytes_from_xdr_buf(buf, len - kctx->gk5e->cksumlength, - pkt_hmac, kctx->gk5e->cksumlength); - if (ret) - goto out_err; - if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) { - ret = GSS_S_BAD_SIG; - goto out_err; - } - - ret = krb5_cbc_cts_decrypt(cipher, aux_cipher, 0, &subbuf); - if (ret) { - ret = GSS_S_FAILURE; - goto out_err; - } - - *headskip = crypto_sync_skcipher_blocksize(cipher); - *tailskip = kctx->gk5e->cksumlength; - return GSS_S_COMPLETE; - -out_err: - if (ret != GSS_S_BAD_SIG) - ret = GSS_S_FAILURE; - return ret; -} - /** * gss_krb5_aead_encrypt - Encrypt a wrap token using crypto/krb5 * @kctx: Kerberos context diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h index 8258e6862aa20..6b08a7486e0b5 100644 --- a/net/sunrpc/auth_gss/gss_krb5_internal.h +++ b/net/sunrpc/auth_gss/gss_krb5_internal.h @@ -56,16 +56,6 @@ struct krb5_ctx { struct crypto_aead *acceptor_enc_aead; struct crypto_shash *initiator_sign_shash; struct crypto_shash *acceptor_sign_shash; - struct crypto_sync_skcipher *enc; - struct crypto_sync_skcipher *seq; - struct crypto_sync_skcipher *acceptor_enc; - struct crypto_sync_skcipher *initiator_enc; - struct crypto_sync_skcipher *acceptor_enc_aux; - struct crypto_sync_skcipher *initiator_enc_aux; - struct crypto_ahash *acceptor_sign; - struct crypto_ahash *initiator_sign; - struct crypto_ahash *initiator_integ; - struct crypto_ahash *acceptor_integ; u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */ u8 cksum[GSS_KRB5_MAX_KEYLEN]; atomic_t seq_send; @@ -115,38 +105,6 @@ int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e, const struct xdr_netobj *in_constant, gfp_t gfp_mask); -/** - * krb5_derive_key - Derive a subkey from a protocol key - * @kctx: Kerberos 5 context - * @inkey: base protocol key - * @outkey: OUT: derived key - * @usage: key usage value - * @seed: key usage seed (one octet) - * @gfp_mask: memory allocation control flags - * - * Caller sets @outkey->len to the desired length of the derived key. - * - * On success, returns 0 and fills in @outkey. A negative errno value - * is returned on failure. - */ -static inline int krb5_derive_key(struct krb5_ctx *kctx, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - u32 usage, u8 seed, gfp_t gfp_mask) -{ - const struct gss_krb5_enctype *gk5e = kctx->gk5e; - u8 label_data[GSS_KRB5_K5CLENGTH]; - struct xdr_netobj label = { - .len = sizeof(label_data), - .data = label_data, - }; - __be32 *p = (__be32 *)label_data; - - *p = cpu_to_be32(usage); - label_data[4] = seed; - return gk5e->derive_key(gk5e, inkey, outkey, &label, gfp_mask); -} - void krb5_make_confounder(u8 *p, int conflen); u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, @@ -159,18 +117,6 @@ u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in, int xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen); -u32 gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, - struct xdr_buf *buf, struct page **pages); - -u32 gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, - struct xdr_buf *buf, u32 *plainoffset, u32 *plainlen); - -u32 krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf, - struct page **pages); - -u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, - struct xdr_buf *buf, u32 *headskip, u32 *tailskip); - u32 gss_krb5_errno_to_status(int err); int gss_krb5_mic_build_sg(const struct xdr_buf *body, diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 912821efc937a..d8cb79fd2463a 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -9,8 +9,6 @@ * J. Bruce Fields */ -#include -#include #include #include #include @@ -225,120 +223,14 @@ const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype) } EXPORT_SYMBOL_IF_KUNIT(gss_krb5_lookup_enctype); -static struct crypto_sync_skcipher * -gss_krb5_alloc_cipher_v2(const char *cname, const struct xdr_netobj *key) -{ - struct crypto_sync_skcipher *tfm; - - tfm = crypto_alloc_sync_skcipher(cname, 0, 0); - if (IS_ERR(tfm)) - return NULL; - if (crypto_sync_skcipher_setkey(tfm, key->data, key->len)) { - crypto_free_sync_skcipher(tfm); - return NULL; - } - return tfm; -} - -static struct crypto_ahash * -gss_krb5_alloc_hash_v2(struct krb5_ctx *kctx, const struct xdr_netobj *key) -{ - struct crypto_ahash *tfm; - - tfm = crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(tfm)) - return NULL; - if (crypto_ahash_setkey(tfm, key->data, key->len)) { - crypto_free_ahash(tfm); - return NULL; - } - return tfm; -} - static int gss_krb5_import_ctx_v2(struct krb5_ctx *ctx, gfp_t gfp_mask) { - struct xdr_netobj keyin = { - .len = ctx->gk5e->keylength, - .data = ctx->Ksess, - }; struct krb5_buffer TK = { .len = ctx->gk5e->keylength, .data = ctx->Ksess, }; - struct xdr_netobj keyout; - int ret = -EINVAL; - - keyout.data = kmalloc(GSS_KRB5_MAX_KEYLEN, gfp_mask); - if (!keyout.data) - return -ENOMEM; - - /* initiator seal encryption */ - keyout.len = ctx->gk5e->Ke_length; - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_INITIATOR_SEAL, - KEY_USAGE_SEED_ENCRYPTION, gfp_mask)) - goto out; - ctx->initiator_enc = gss_krb5_alloc_cipher_v2(ctx->gk5e->encrypt_name, - &keyout); - if (ctx->initiator_enc == NULL) - goto out; - if (ctx->gk5e->aux_cipher) { - ctx->initiator_enc_aux = - gss_krb5_alloc_cipher_v2(ctx->gk5e->aux_cipher, - &keyout); - if (ctx->initiator_enc_aux == NULL) - goto out_free; - } - - /* acceptor seal encryption */ - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_ACCEPTOR_SEAL, - KEY_USAGE_SEED_ENCRYPTION, gfp_mask)) - goto out_free; - ctx->acceptor_enc = gss_krb5_alloc_cipher_v2(ctx->gk5e->encrypt_name, - &keyout); - if (ctx->acceptor_enc == NULL) - goto out_free; - if (ctx->gk5e->aux_cipher) { - ctx->acceptor_enc_aux = - gss_krb5_alloc_cipher_v2(ctx->gk5e->aux_cipher, - &keyout); - if (ctx->acceptor_enc_aux == NULL) - goto out_free; - } - - /* initiator sign checksum */ - keyout.len = ctx->gk5e->Kc_length; - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_INITIATOR_SIGN, - KEY_USAGE_SEED_CHECKSUM, gfp_mask)) - goto out_free; - ctx->initiator_sign = gss_krb5_alloc_hash_v2(ctx, &keyout); - if (ctx->initiator_sign == NULL) - goto out_free; - - /* acceptor sign checksum */ - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_ACCEPTOR_SIGN, - KEY_USAGE_SEED_CHECKSUM, gfp_mask)) - goto out_free; - ctx->acceptor_sign = gss_krb5_alloc_hash_v2(ctx, &keyout); - if (ctx->acceptor_sign == NULL) - goto out_free; - - /* initiator seal integrity */ - keyout.len = ctx->gk5e->Ki_length; - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_INITIATOR_SEAL, - KEY_USAGE_SEED_INTEGRITY, gfp_mask)) - goto out_free; - ctx->initiator_integ = gss_krb5_alloc_hash_v2(ctx, &keyout); - if (ctx->initiator_integ == NULL) - goto out_free; - - /* acceptor seal integrity */ - if (krb5_derive_key(ctx, &keyin, &keyout, KG_USAGE_ACCEPTOR_SEAL, - KEY_USAGE_SEED_INTEGRITY, gfp_mask)) - goto out_free; - ctx->acceptor_integ = gss_krb5_alloc_hash_v2(ctx, &keyout); - if (ctx->acceptor_integ == NULL) - goto out_free; + int ret; ctx->initiator_enc_aead = crypto_krb5_prepare_encryption(ctx->krb5e, &TK, @@ -373,25 +265,14 @@ gss_krb5_import_ctx_v2(struct krb5_ctx *ctx, gfp_t gfp_mask) goto out_free; } - ret = 0; -out: - kfree_sensitive(keyout.data); - return ret; + return 0; out_free: crypto_free_shash(ctx->acceptor_sign_shash); crypto_free_shash(ctx->initiator_sign_shash); crypto_free_aead(ctx->acceptor_enc_aead); crypto_free_aead(ctx->initiator_enc_aead); - crypto_free_ahash(ctx->acceptor_integ); - crypto_free_ahash(ctx->initiator_integ); - crypto_free_ahash(ctx->acceptor_sign); - crypto_free_ahash(ctx->initiator_sign); - crypto_free_sync_skcipher(ctx->acceptor_enc_aux); - crypto_free_sync_skcipher(ctx->acceptor_enc); - crypto_free_sync_skcipher(ctx->initiator_enc_aux); - crypto_free_sync_skcipher(ctx->initiator_enc); - goto out; + return ret; } static int @@ -509,16 +390,6 @@ gss_krb5_delete_sec_context(void *internal_ctx) crypto_free_shash(kctx->initiator_sign_shash); crypto_free_aead(kctx->acceptor_enc_aead); crypto_free_aead(kctx->initiator_enc_aead); - crypto_free_sync_skcipher(kctx->seq); - crypto_free_sync_skcipher(kctx->enc); - crypto_free_sync_skcipher(kctx->acceptor_enc); - crypto_free_sync_skcipher(kctx->initiator_enc); - crypto_free_sync_skcipher(kctx->acceptor_enc_aux); - crypto_free_sync_skcipher(kctx->initiator_enc_aux); - crypto_free_ahash(kctx->acceptor_sign); - crypto_free_ahash(kctx->initiator_sign); - crypto_free_ahash(kctx->acceptor_integ); - crypto_free_ahash(kctx->initiator_integ); kfree(kctx->mech_used.data); kfree(kctx); }