From c28817895464797a8299b24e35ead1085b3e40fb Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Fri, 29 Nov 2019 11:35:22 -0800
Subject: crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms

The essiv and hmac templates refuse to use any hash algorithm that has a
->setkey() function, which includes not just algorithms that always need
a key, but also algorithms that optionally take a key.

Previously the only optionally-keyed hash algorithms in the crypto API
were non-cryptographic algorithms like crc32, so this didn't really
matter.  But that's changed with BLAKE2 support being added.  BLAKE2
should work with essiv and hmac, just like any other cryptographic hash.

Fix this by allowing the use of both algorithms without a ->setkey()
function and algorithms that have the OPTIONAL_KEY flag set.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/essiv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/essiv.c')

diff --git a/crypto/essiv.c b/crypto/essiv.c
index 808f2b362106..e4b32c2ea7ec 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name,
 	if (ivsize != alg->cra_blocksize)
 		goto out;
 
-	if (crypto_shash_alg_has_setkey(hash_alg))
+	if (crypto_shash_alg_needs_key(hash_alg))
 		goto out;
 
 	ret = true;
-- 
cgit v1.2.3