tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: target: remove obsolete crypto_has_shash() checks

Since nvme-auth is now doing its HMAC computations using the crypto
library, it's guaranteed that all the algorithms actually work.
Therefore, remove the crypto_has_shash() checks which are now obsolete.

However, the caller in nvmet_auth_negotiate() seems to have also been
relying on crypto_has_shash(nvme_auth_hmac_name(host_hmac_id)) to
validate the host_hmac_id. Therefore, make it validate the ID more
directly by checking whether nvme_auth_hmac_hash_len() returns 0 or not.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch efe8df9f ac9a49cf

+1 -15
-9
drivers/nvme/target/auth.c
··· 45 45 key_hash); 46 46 return -EINVAL; 47 47 } 48 - if (key_hash > 0) { 49 - /* Validate selected hash algorithm */ 50 - const char *hmac = nvme_auth_hmac_name(key_hash); 51 - 52 - if (!crypto_has_shash(hmac, 0, 0)) { 53 - pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac); 54 - return -ENOTSUPP; 55 - } 56 - } 57 48 dhchap_secret = kstrdup(secret, GFP_KERNEL); 58 49 if (!dhchap_secret) 59 50 return -ENOMEM;
-3
drivers/nvme/target/configfs.c
··· 17 17 #include <linux/nvme-auth.h> 18 18 #endif 19 19 #include <linux/nvme-keyring.h> 20 - #include <crypto/hash.h> 21 20 #include <crypto/kpp.h> 22 21 #include <linux/nospec.h> 23 22 ··· 2180 2181 hmac_id = nvme_auth_hmac_id(page); 2181 2182 if (hmac_id == NVME_AUTH_HASH_INVALID) 2182 2183 return -EINVAL; 2183 - if (!crypto_has_shash(nvme_auth_hmac_name(hmac_id), 0, 0)) 2184 - return -ENOTSUPP; 2185 2184 host->dhchap_hash_id = hmac_id; 2186 2185 return count; 2187 2186 }
+1 -3
drivers/nvme/target/fabrics-cmd-auth.c
··· 8 8 #include <linux/blkdev.h> 9 9 #include <linux/random.h> 10 10 #include <linux/nvme-auth.h> 11 - #include <crypto/hash.h> 12 11 #include <crypto/kpp.h> 13 12 #include "nvmet.h" 14 13 ··· 74 75 for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) { 75 76 u8 host_hmac_id = data->auth_protocol[0].dhchap.idlist[i]; 76 77 77 - if (!fallback_hash_id && 78 - crypto_has_shash(nvme_auth_hmac_name(host_hmac_id), 0, 0)) 78 + if (!fallback_hash_id && nvme_auth_hmac_hash_len(host_hmac_id)) 79 79 fallback_hash_id = host_hmac_id; 80 80 if (ctrl->shash_id != host_hmac_id) 81 81 continue;