fscrypt: improve warnings for missing crypto API support
Users of fscrypt with non-default algorithms will encounter an error like the following if they fail to include the needed algorithms into the crypto API when configuring the kernel (as per the documentation): Error allocating 'adiantum(xchacha12,aes)' transform: -2 This requires that the user figure out what the "-2" error means. Make it more friendly by printing a warning like the following instead: Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") Also upgrade the log level for *other* errors to KERN_ERR. Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Родитель
63f668f0de
Коммит
a4d14e915b
|
@ -237,8 +237,13 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key,
|
|||
|
||||
tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0);
|
||||
if (IS_ERR(tfm)) {
|
||||
fscrypt_warn(inode, "Error allocating '%s' transform: %ld",
|
||||
mode->cipher_str, PTR_ERR(tfm));
|
||||
if (PTR_ERR(tfm) == -ENOENT)
|
||||
fscrypt_warn(inode,
|
||||
"Missing crypto API support for %s (API name: \"%s\")",
|
||||
mode->friendly_name, mode->cipher_str);
|
||||
else
|
||||
fscrypt_err(inode, "Error allocating '%s' transform: %ld",
|
||||
mode->cipher_str, PTR_ERR(tfm));
|
||||
return tfm;
|
||||
}
|
||||
if (unlikely(!mode->logged_impl_name)) {
|
||||
|
@ -384,9 +389,13 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt)
|
|||
|
||||
tfm = crypto_alloc_shash("sha256", 0, 0);
|
||||
if (IS_ERR(tfm)) {
|
||||
fscrypt_warn(NULL,
|
||||
"error allocating SHA-256 transform: %ld",
|
||||
PTR_ERR(tfm));
|
||||
if (PTR_ERR(tfm) == -ENOENT)
|
||||
fscrypt_warn(NULL,
|
||||
"Missing crypto API support for SHA-256");
|
||||
else
|
||||
fscrypt_err(NULL,
|
||||
"Error allocating SHA-256 transform: %ld",
|
||||
PTR_ERR(tfm));
|
||||
return PTR_ERR(tfm);
|
||||
}
|
||||
prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm);
|
||||
|
|
Загрузка…
Ссылка в новой задаче