Commit a4d14e91 authored by Eric Biggers's avatar Eric Biggers

fscrypt: improve warnings for missing crypto API support

Users of fscrypt with non-default algorithms will encounter an error
like the following if they fail to include the needed algorithms into
the crypto API when configuring the kernel (as per the documentation):

    Error allocating 'adiantum(xchacha12,aes)' transform: -2

This requires that the user figure out what the "-2" error means.
Make it more friendly by printing a warning like the following instead:

    Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)")

Also upgrade the log level for *other* errors to KERN_ERR.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent 63f668f0
...@@ -237,8 +237,13 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key, ...@@ -237,8 +237,13 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key,
tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0); tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
fscrypt_warn(inode, "Error allocating '%s' transform: %ld", if (PTR_ERR(tfm) == -ENOENT)
mode->cipher_str, PTR_ERR(tfm)); fscrypt_warn(inode,
"Missing crypto API support for %s (API name: \"%s\")",
mode->friendly_name, mode->cipher_str);
else
fscrypt_err(inode, "Error allocating '%s' transform: %ld",
mode->cipher_str, PTR_ERR(tfm));
return tfm; return tfm;
} }
if (unlikely(!mode->logged_impl_name)) { if (unlikely(!mode->logged_impl_name)) {
...@@ -384,9 +389,13 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt) ...@@ -384,9 +389,13 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt)
tfm = crypto_alloc_shash("sha256", 0, 0); tfm = crypto_alloc_shash("sha256", 0, 0);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
fscrypt_warn(NULL, if (PTR_ERR(tfm) == -ENOENT)
"error allocating SHA-256 transform: %ld", fscrypt_warn(NULL,
PTR_ERR(tfm)); "Missing crypto API support for SHA-256");
else
fscrypt_err(NULL,
"Error allocating SHA-256 transform: %ld",
PTR_ERR(tfm));
return PTR_ERR(tfm); return PTR_ERR(tfm);
} }
prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm); prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment