Commit c2881789 authored by Eric Biggers's avatar Eric Biggers Committed by Herbert Xu

crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms

The essiv and hmac templates refuse to use any hash algorithm that has a
->setkey() function, which includes not just algorithms that always need
a key, but also algorithms that optionally take a key.

Previously the only optionally-keyed hash algorithms in the crypto API
were non-cryptographic algorithms like crc32, so this didn't really
matter.  But that's changed with BLAKE2 support being added.  BLAKE2
should work with essiv and hmac, just like any other cryptographic hash.

Fix this by allowing the use of both algorithms without a ->setkey()
function and algorithms that have the OPTIONAL_KEY flag set.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 89873b44
...@@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, ...@@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name,
if (ivsize != alg->cra_blocksize) if (ivsize != alg->cra_blocksize)
goto out; goto out;
if (crypto_shash_alg_has_setkey(hash_alg)) if (crypto_shash_alg_needs_key(hash_alg))
goto out; goto out;
ret = true; ret = true;
......
...@@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) ...@@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
return PTR_ERR(salg); return PTR_ERR(salg);
alg = &salg->base; alg = &salg->base;
/* The underlying hash algorithm must be unkeyed */ /* The underlying hash algorithm must not require a key */
err = -EINVAL; err = -EINVAL;
if (crypto_shash_alg_has_setkey(salg)) if (crypto_shash_alg_needs_key(salg))
goto out_put_alg; goto out_put_alg;
ds = salg->digestsize; ds = salg->digestsize;
......
...@@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, ...@@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
{ {
if (crypto_shash_alg_has_setkey(alg) && if (crypto_shash_alg_needs_key(alg))
!(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
} }
......
...@@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg) ...@@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
return alg->setkey != shash_no_setkey; return alg->setkey != shash_no_setkey;
} }
static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg)
{
return crypto_shash_alg_has_setkey(alg) &&
!(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY);
}
bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg); bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn, int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment