Commit ef87a4f8 authored by Sabrina Dubroca's avatar Sabrina Dubroca Committed by Steffen Klassert
Browse files

xfrm: ah: add extack to ah_init_state, ah6_init_state 



Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent e1e10b44

net/ipv4/ah4.c

+13 −8
Original line number Diff line number Diff line
@@ -477,24 +477,32 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 
	struct xfrm_algo_desc *aalg_desc;

	struct crypto_ahash *ahash;



	if (!x->aalg)

	if (!x->aalg) {

		NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");

		goto error;

	}



	if (x->encap)

	if (x->encap) {

		NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");

		goto error;

	}



	ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);

	if (!ahp)

		return -ENOMEM;



	ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);

	if (IS_ERR(ahash))

	if (IS_ERR(ahash)) {

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}



	ahp->ahash = ahash;

	if (crypto_ahash_setkey(ahash, x->aalg->alg_key,

				(x->aalg->alg_key_len + 7) / 8))

				(x->aalg->alg_key_len + 7) / 8)) {

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}



	/*

	 * Lookup the algorithm description maintained by xfrm_algo,
@@ -507,10 +515,7 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 


	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=

	    crypto_ahash_digestsize(ahash)) {

		pr_info("%s: %s digestsize %u != %u\n",

			__func__, x->aalg->alg_name,

			crypto_ahash_digestsize(ahash),

			aalg_desc->uinfo.auth.icv_fullbits / 8);

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}

net/ipv6/ah6.c

+14 −7
Original line number Diff line number Diff line
@@ -672,24 +672,32 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 
	struct xfrm_algo_desc *aalg_desc;

	struct crypto_ahash *ahash;



	if (!x->aalg)

	if (!x->aalg) {

		NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");

		goto error;

	}



	if (x->encap)

	if (x->encap) {

		NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");

		goto error;

	}



	ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);

	if (!ahp)

		return -ENOMEM;



	ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);

	if (IS_ERR(ahash))

	if (IS_ERR(ahash)) {

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}



	ahp->ahash = ahash;

	if (crypto_ahash_setkey(ahash, x->aalg->alg_key,

			       (x->aalg->alg_key_len + 7) / 8))

			       (x->aalg->alg_key_len + 7) / 8)) {

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}



	/*

	 * Lookup the algorithm description maintained by xfrm_algo,
@@ -702,9 +710,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 


	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=

	    crypto_ahash_digestsize(ahash)) {

		pr_info("AH: %s digestsize %u != %u\n",

			x->aalg->alg_name, crypto_ahash_digestsize(ahash),

			aalg_desc->uinfo.auth.icv_fullbits/8);

		NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");

		goto error;

	}
@@ -721,6 +727,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 
		x->props.header_len += sizeof(struct ipv6hdr);

		break;

	default:

		NL_SET_ERR_MSG(extack, "Invalid mode requested for AH, must be one of TRANSPORT, TUNNEL, BEET");

		goto error;

	}

	x->data = ahp;