mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-06 05:13:18 +00:00
xfrm: ah: add extack to ah_init_state, ah6_init_state
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
e1e10b44cf
commit
ef87a4f84b
@ -477,24 +477,32 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
struct xfrm_algo_desc *aalg_desc;
|
||||
struct crypto_ahash *ahash;
|
||||
|
||||
if (!x->aalg)
|
||||
if (!x->aalg) {
|
||||
NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (x->encap)
|
||||
if (x->encap) {
|
||||
NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");
|
||||
goto error;
|
||||
}
|
||||
|
||||
ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
|
||||
if (!ahp)
|
||||
return -ENOMEM;
|
||||
|
||||
ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);
|
||||
if (IS_ERR(ahash))
|
||||
if (IS_ERR(ahash)) {
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
ahp->ahash = ahash;
|
||||
if (crypto_ahash_setkey(ahash, x->aalg->alg_key,
|
||||
(x->aalg->alg_key_len + 7) / 8))
|
||||
(x->aalg->alg_key_len + 7) / 8)) {
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
/*
|
||||
* Lookup the algorithm description maintained by xfrm_algo,
|
||||
@ -507,10 +515,7 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
|
||||
if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
|
||||
crypto_ahash_digestsize(ahash)) {
|
||||
pr_info("%s: %s digestsize %u != %u\n",
|
||||
__func__, x->aalg->alg_name,
|
||||
crypto_ahash_digestsize(ahash),
|
||||
aalg_desc->uinfo.auth.icv_fullbits / 8);
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
@ -672,24 +672,32 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
struct xfrm_algo_desc *aalg_desc;
|
||||
struct crypto_ahash *ahash;
|
||||
|
||||
if (!x->aalg)
|
||||
if (!x->aalg) {
|
||||
NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (x->encap)
|
||||
if (x->encap) {
|
||||
NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");
|
||||
goto error;
|
||||
}
|
||||
|
||||
ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
|
||||
if (!ahp)
|
||||
return -ENOMEM;
|
||||
|
||||
ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);
|
||||
if (IS_ERR(ahash))
|
||||
if (IS_ERR(ahash)) {
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
ahp->ahash = ahash;
|
||||
if (crypto_ahash_setkey(ahash, x->aalg->alg_key,
|
||||
(x->aalg->alg_key_len + 7) / 8))
|
||||
(x->aalg->alg_key_len + 7) / 8)) {
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
/*
|
||||
* Lookup the algorithm description maintained by xfrm_algo,
|
||||
@ -702,9 +710,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
|
||||
if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
|
||||
crypto_ahash_digestsize(ahash)) {
|
||||
pr_info("AH: %s digestsize %u != %u\n",
|
||||
x->aalg->alg_name, crypto_ahash_digestsize(ahash),
|
||||
aalg_desc->uinfo.auth.icv_fullbits/8);
|
||||
NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
|
||||
goto error;
|
||||
}
|
||||
|
||||
@ -721,6 +727,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
x->props.header_len += sizeof(struct ipv6hdr);
|
||||
break;
|
||||
default:
|
||||
NL_SET_ERR_MSG(extack, "Invalid mode requested for AH, must be one of TRANSPORT, TUNNEL, BEET");
|
||||
goto error;
|
||||
}
|
||||
x->data = ahp;
|
||||
|
Loading…
Reference in New Issue
Block a user