xfrm: ah: add extack to ah_init_state, ah6_init_state

author Sabrina Dubroca <sd@queasysnail.net>

Tue, 27 Sep 2022 15:45:30 +0000 (17:45 +0200)

committer Steffen Klassert <steffen.klassert@secunet.com>

Thu, 29 Sep 2022 05:17:59 +0000 (07:17 +0200)
author Sabrina Dubroca <sd@queasysnail.net>
Tue, 27 Sep 2022 15:45:30 +0000 (17:45 +0200)
committer Steffen Klassert <steffen.klassert@secunet.com>
Thu, 29 Sep 2022 05:17:59 +0000 (07:17 +0200)
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c

index babefff15de3bb0cc17b0b1ce4f3b5f5e5e038f1..ee4e578c7f20191768c0042df696b2631c080cbb 100644 (file)
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -477,24 +477,32 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
         struct xfrm_algo_desc *aalg_desc;
         struct crypto_ahash *ahash;
  
-       if (!x->aalg)
+       if (!x->aalg) {
+               NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");
                 goto error;
+       }
  
-       if (x->encap)
+       if (x->encap) {
+               NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");
                 goto error;
+       }
  
         ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
         if (!ahp)
                 return -ENOMEM;
  
         ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);
-       if (IS_ERR(ahash))
+       if (IS_ERR(ahash)) {
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
+       }
  
         ahp->ahash = ahash;
         if (crypto_ahash_setkey(ahash, x->aalg->alg_key,
-                               (x->aalg->alg_key_len + 7) / 8))
+                               (x->aalg->alg_key_len + 7) / 8)) {
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
+       }
  
         /*
          * Lookup the algorithm description maintained by xfrm_algo,
@@ -507,10 +515,7 @@ static int ah_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
  
         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
             crypto_ahash_digestsize(ahash)) {
-               pr_info("%s: %s digestsize %u != %u\n",
-                       __func__, x->aalg->alg_name,
-                       crypto_ahash_digestsize(ahash),
-                       aalg_desc->uinfo.auth.icv_fullbits / 8);
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
         }
  
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c

index f5bc0d4b37ad50f75ed511ab94286973d08f747f..5228d27162893e4f2eecac9303533f4e85596cf1 100644 (file)
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -672,24 +672,32 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
         struct xfrm_algo_desc *aalg_desc;
         struct crypto_ahash *ahash;
  
-       if (!x->aalg)
+       if (!x->aalg) {
+               NL_SET_ERR_MSG(extack, "AH requires a state with an AUTH algorithm");
                 goto error;
+       }
  
-       if (x->encap)
+       if (x->encap) {
+               NL_SET_ERR_MSG(extack, "AH is not compatible with encapsulation");
                 goto error;
+       }
  
         ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
         if (!ahp)
                 return -ENOMEM;
  
         ahash = crypto_alloc_ahash(x->aalg->alg_name, 0, 0);
-       if (IS_ERR(ahash))
+       if (IS_ERR(ahash)) {
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
+       }
  
         ahp->ahash = ahash;
         if (crypto_ahash_setkey(ahash, x->aalg->alg_key,
-                              (x->aalg->alg_key_len + 7) / 8))
+                              (x->aalg->alg_key_len + 7) / 8)) {
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
+       }
  
         /*
          * Lookup the algorithm description maintained by xfrm_algo,
@@ -702,9 +710,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
  
         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
             crypto_ahash_digestsize(ahash)) {
-               pr_info("AH: %s digestsize %u != %u\n",
-                       x->aalg->alg_name, crypto_ahash_digestsize(ahash),
-                       aalg_desc->uinfo.auth.icv_fullbits/8);
+               NL_SET_ERR_MSG(extack, "Kernel was unable to initialize cryptographic operations");
                 goto error;
         }
  
@@ -721,6 +727,7 @@ static int ah6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
                 x->props.header_len += sizeof(struct ipv6hdr);
                 break;
         default:
+               NL_SET_ERR_MSG(extack, "Invalid mode requested for AH, must be one of TRANSPORT, TUNNEL, BEET");
                 goto error;
         }
         x->data = ahp;
author	Sabrina Dubroca <sd@queasysnail.net>
	Tue, 27 Sep 2022 15:45:30 +0000 (17:45 +0200)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Thu, 29 Sep 2022 05:17:59 +0000 (07:17 +0200)
net/ipv4/ah4.c		patch \| blob \| history
net/ipv6/ah6.c		patch \| blob \| history