diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2026-03-02 10:59:54 +0300 |
|---|---|---|
| committer | Keith Busch <kbusch@kernel.org> | 2026-03-27 17:35:02 +0300 |
| commit | efe8df9f9ce12903244e42038346de6afec473de (patch) | |
| tree | 7c079a68a335b2a3fb75a0e394643d94a0e274b5 | |
| parent | ac9a49cf6e0c230e81de1c91b59e4ad912ee98c1 (diff) | |
| download | linux-efe8df9f9ce12903244e42038346de6afec473de.tar.xz | |
nvme-auth: target: remove obsolete crypto_has_shash() checks
Since nvme-auth is now doing its HMAC computations using the crypto
library, it's guaranteed that all the algorithms actually work.
Therefore, remove the crypto_has_shash() checks which are now obsolete.
However, the caller in nvmet_auth_negotiate() seems to have also been
relying on crypto_has_shash(nvme_auth_hmac_name(host_hmac_id)) to
validate the host_hmac_id. Therefore, make it validate the ID more
directly by checking whether nvme_auth_hmac_hash_len() returns 0 or not.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>
| -rw-r--r-- | drivers/nvme/target/auth.c | 9 | ||||
| -rw-r--r-- | drivers/nvme/target/configfs.c | 3 | ||||
| -rw-r--r-- | drivers/nvme/target/fabrics-cmd-auth.c | 4 |
3 files changed, 1 insertions, 15 deletions
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index f483e1fd48ac..08c1783d70fc 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -45,15 +45,6 @@ int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, key_hash); return -EINVAL; } - if (key_hash > 0) { - /* Validate selected hash algorithm */ - const char *hmac = nvme_auth_hmac_name(key_hash); - - if (!crypto_has_shash(hmac, 0, 0)) { - pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac); - return -ENOTSUPP; - } - } dhchap_secret = kstrdup(secret, GFP_KERNEL); if (!dhchap_secret) return -ENOMEM; diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c index 3088e044dbcb..463348c7f097 100644 --- a/drivers/nvme/target/configfs.c +++ b/drivers/nvme/target/configfs.c @@ -17,7 +17,6 @@ #include <linux/nvme-auth.h> #endif #include <linux/nvme-keyring.h> -#include <crypto/hash.h> #include <crypto/kpp.h> #include <linux/nospec.h> @@ -2181,8 +2180,6 @@ static ssize_t nvmet_host_dhchap_hash_store(struct config_item *item, hmac_id = nvme_auth_hmac_id(page); if (hmac_id == NVME_AUTH_HASH_INVALID) return -EINVAL; - if (!crypto_has_shash(nvme_auth_hmac_name(hmac_id), 0, 0)) - return -ENOTSUPP; host->dhchap_hash_id = hmac_id; return count; } diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c index 5946681cb0e3..b703e3bebae4 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -8,7 +8,6 @@ #include <linux/blkdev.h> #include <linux/random.h> #include <linux/nvme-auth.h> -#include <crypto/hash.h> #include <crypto/kpp.h> #include "nvmet.h" @@ -75,8 +74,7 @@ static u8 nvmet_auth_negotiate(struct nvmet_req *req, void *d) for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) { u8 host_hmac_id = data->auth_protocol[0].dhchap.idlist[i]; - if (!fallback_hash_id && - crypto_has_shash(nvme_auth_hmac_name(host_hmac_id), 0, 0)) + if (!fallback_hash_id && nvme_auth_hmac_hash_len(host_hmac_id)) fallback_hash_id = host_hmac_id; if (ctrl->shash_id != host_hmac_id) continue; |