dm integrity: fail early if required HMAC key is not available

Since crypto API commit 9fa68f62004 ("crypto: hash - prevent using keyed
hashes without setting key") dm-integrity cannot use keyed algorithms
without the key being set.

The dm-integrity recognizes this too late (during use of HMAC), so it
allows creation and formatting of superblock, but the device is in fact
unusable.

Fix it by detecting the key requirement in integrity table constructor.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 46d7c8749222d3e0a8ad43acac6dd62ed5e8b824..6c81b11d05211d2103ecf44c7d8c336ab1f9ecbd 100644 (file)
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error,
                                *error = error_key;
                                return r;
                        }
+               } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) {
+                       *error = error_key;
+                       return -ENOKEY;
                }
        }