]> www.infradead.org Git - nvme.git/commitdiff
net: af_key: check encryption module availability consistency
authorThomas Bartschies <thomas.bartschies@cvk.de>
Wed, 18 May 2022 06:32:18 +0000 (08:32 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Wed, 18 May 2022 07:42:16 +0000 (09:42 +0200)
Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
produces invalid pfkey acquire messages, when these encryption modules are disabled. This
happens because the availability of the algos wasn't checked in all necessary functions.
This patch adds these checks.

Signed-off-by: Thomas Bartschies <thomas.bartschies@cvk.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/key/af_key.c

index 92e9d75dba2f4f85936c11b2f11d42276c0ff147..339d95df19d324349f7f2791dd431631ad3493a5 100644 (file)
@@ -2900,7 +2900,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t)
                        break;
                if (!aalg->pfkey_supported)
                        continue;
-               if (aalg_tmpl_set(t, aalg))
+               if (aalg_tmpl_set(t, aalg) && aalg->available)
                        sz += sizeof(struct sadb_comb);
        }
        return sz + sizeof(struct sadb_prop);
@@ -2918,7 +2918,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
                if (!ealg->pfkey_supported)
                        continue;
 
-               if (!(ealg_tmpl_set(t, ealg)))
+               if (!(ealg_tmpl_set(t, ealg) && ealg->available))
                        continue;
 
                for (k = 1; ; k++) {
@@ -2929,7 +2929,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
                        if (!aalg->pfkey_supported)
                                continue;
 
-                       if (aalg_tmpl_set(t, aalg))
+                       if (aalg_tmpl_set(t, aalg) && aalg->available)
                                sz += sizeof(struct sadb_comb);
                }
        }