]> www.infradead.org Git - linux.git/commitdiff
nfsd: use SHA-256 library API instead of crypto_shash API
authorEric Biggers <ebiggers@google.com>
Mon, 28 Apr 2025 19:36:58 +0000 (12:36 -0700)
committerChuck Lever <chuck.lever@oracle.com>
Sun, 11 May 2025 23:48:29 +0000 (19:48 -0400)
This user of SHA-256 does not support any other algorithm, so the
crypto_shash abstraction provides no value.  Just use the SHA-256
library API instead, which is much simpler and easier to use.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
fs/nfsd/Kconfig
fs/nfsd/nfs4recover.c

index 731a88f6313ebff32ad66625e41324cec71c5484..879e0b104d1c84cbdabdc42993bf52cf2ec11a48 100644 (file)
@@ -77,8 +77,8 @@ config NFSD_V4
        select FS_POSIX_ACL
        select RPCSEC_GSS_KRB5
        select CRYPTO
+       select CRYPTO_LIB_SHA256
        select CRYPTO_MD5
-       select CRYPTO_SHA256
        select GRACE_PERIOD
        select NFS_V4_2_SSC_HELPER if NFS_V4_2
        help
index c1d9bd07285f4be852c6d8b61f1c8516b8441515..a79823020062791603213505a7bc3b1f7da18f0b 100644 (file)
@@ -33,6 +33,7 @@
 */
 
 #include <crypto/hash.h>
+#include <crypto/sha2.h>
 #include <linux/file.h>
 #include <linux/slab.h>
 #include <linux/namei.h>
@@ -736,7 +737,6 @@ struct cld_net {
        spinlock_t               cn_lock;
        struct list_head         cn_list;
        unsigned int             cn_xid;
-       struct crypto_shash     *cn_tfm;
 #ifdef CONFIG_NFSD_LEGACY_CLIENT_TRACKING
        bool                     cn_has_legacy;
 #endif
@@ -1062,8 +1062,6 @@ nfsd4_remove_cld_pipe(struct net *net)
 
        nfsd4_cld_unregister_net(net, cn->cn_pipe);
        rpc_destroy_pipe_data(cn->cn_pipe);
-       if (cn->cn_tfm)
-               crypto_free_shash(cn->cn_tfm);
        kfree(nn->cld_net);
        nn->cld_net = NULL;
 }
@@ -1157,8 +1155,6 @@ nfsd4_cld_create_v2(struct nfs4_client *clp)
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
        struct cld_net *cn = nn->cld_net;
        struct cld_msg_v2 *cmsg;
-       struct crypto_shash *tfm = cn->cn_tfm;
-       struct xdr_netobj cksum;
        char *principal = NULL;
 
        /* Don't upcall if it's already stored */
@@ -1181,22 +1177,9 @@ nfsd4_cld_create_v2(struct nfs4_client *clp)
        else if (clp->cl_cred.cr_principal)
                principal = clp->cl_cred.cr_principal;
        if (principal) {
-               cksum.len = crypto_shash_digestsize(tfm);
-               cksum.data = kmalloc(cksum.len, GFP_KERNEL);
-               if (cksum.data == NULL) {
-                       ret = -ENOMEM;
-                       goto out;
-               }
-               ret = crypto_shash_tfm_digest(tfm, principal, strlen(principal),
-                                             cksum.data);
-               if (ret) {
-                       kfree(cksum.data);
-                       goto out;
-               }
-               cmsg->cm_u.cm_clntinfo.cc_princhash.cp_len = cksum.len;
-               memcpy(cmsg->cm_u.cm_clntinfo.cc_princhash.cp_data,
-                      cksum.data, cksum.len);
-               kfree(cksum.data);
+               sha256(principal, strlen(principal),
+                      cmsg->cm_u.cm_clntinfo.cc_princhash.cp_data);
+               cmsg->cm_u.cm_clntinfo.cc_princhash.cp_len = SHA256_DIGEST_SIZE;
        } else
                cmsg->cm_u.cm_clntinfo.cc_princhash.cp_len = 0;
 
@@ -1206,7 +1189,6 @@ nfsd4_cld_create_v2(struct nfs4_client *clp)
                set_bit(NFSD4_CLIENT_STABLE, &clp->cl_flags);
        }
 
-out:
        free_cld_upcall(cup);
 out_err:
        if (ret)
@@ -1345,12 +1327,11 @@ found:
 static int
 nfsd4_cld_check_v2(struct nfs4_client *clp)
 {
-       struct nfs4_client_reclaim *crp;
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
+#ifdef CONFIG_NFSD_LEGACY_CLIENT_TRACKING
        struct cld_net *cn = nn->cld_net;
-       int status;
-       struct crypto_shash *tfm = cn->cn_tfm;
-       struct xdr_netobj cksum;
+#endif
+       struct nfs4_client_reclaim *crp;
        char *principal = NULL;
 
        /* did we already find that this client is stable? */
@@ -1366,6 +1347,7 @@ nfsd4_cld_check_v2(struct nfs4_client *clp)
        if (cn->cn_has_legacy) {
                struct xdr_netobj name;
                char dname[HEXDIR_LEN];
+               int status;
 
                status = nfs4_make_rec_clidname(dname, &clp->cl_name);
                if (status)
@@ -1388,28 +1370,18 @@ nfsd4_cld_check_v2(struct nfs4_client *clp)
        return -ENOENT;
 found:
        if (crp->cr_princhash.len) {
+               u8 digest[SHA256_DIGEST_SIZE];
+
                if (clp->cl_cred.cr_raw_principal)
                        principal = clp->cl_cred.cr_raw_principal;
                else if (clp->cl_cred.cr_principal)
                        principal = clp->cl_cred.cr_principal;
                if (principal == NULL)
                        return -ENOENT;
-               cksum.len = crypto_shash_digestsize(tfm);
-               cksum.data = kmalloc(cksum.len, GFP_KERNEL);
-               if (cksum.data == NULL)
-                       return -ENOENT;
-               status = crypto_shash_tfm_digest(tfm, principal,
-                                                strlen(principal), cksum.data);
-               if (status) {
-                       kfree(cksum.data);
+               sha256(principal, strlen(principal), digest);
+               if (memcmp(crp->cr_princhash.data, digest,
+                               crp->cr_princhash.len))
                        return -ENOENT;
-               }
-               if (memcmp(crp->cr_princhash.data, cksum.data,
-                               crp->cr_princhash.len)) {
-                       kfree(cksum.data);
-                       return -ENOENT;
-               }
-               kfree(cksum.data);
        }
        crp->cr_clp = clp;
        return 0;
@@ -1589,7 +1561,6 @@ nfsd4_cld_tracking_init(struct net *net)
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);
        bool running;
        int retries = 10;
-       struct crypto_shash *tfm;
 
        status = nfs4_cld_state_init(net);
        if (status)
@@ -1614,12 +1585,6 @@ nfsd4_cld_tracking_init(struct net *net)
                status = -ETIMEDOUT;
                goto err_remove;
        }
-       tfm = crypto_alloc_shash("sha256", 0, 0);
-       if (IS_ERR(tfm)) {
-               status = PTR_ERR(tfm);
-               goto err_remove;
-       }
-       nn->cld_net->cn_tfm = tfm;
 
        status = nfsd4_cld_get_version(nn);
        if (status == -EOPNOTSUPP)