Skip to content

Commit

Permalink
net: af_key: check encryption module availability consistency
Browse files Browse the repository at this point in the history
[ Upstream commit 015c44d7bff3f44d569716117becd570c179ca32 ]

Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
produces invalid pfkey acquire messages, when these encryption modules are disabled. This
happens because the availability of the algos wasn't checked in all necessary functions.
This patch adds these checks.

Signed-off-by: Thomas Bartschies <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
  • Loading branch information
Thomas Bartschies authored and gregkh committed Jun 6, 2022
1 parent b322e83 commit 539d5de
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions net/key/af_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -2910,7 +2910,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t)
break;
if (!aalg->pfkey_supported)
continue;
if (aalg_tmpl_set(t, aalg))
if (aalg_tmpl_set(t, aalg) && aalg->available)
sz += sizeof(struct sadb_comb);
}
return sz + sizeof(struct sadb_prop);
Expand All @@ -2928,7 +2928,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!ealg->pfkey_supported)
continue;

if (!(ealg_tmpl_set(t, ealg)))
if (!(ealg_tmpl_set(t, ealg) && ealg->available))
continue;

for (k = 1; ; k++) {
Expand All @@ -2939,7 +2939,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!aalg->pfkey_supported)
continue;

if (aalg_tmpl_set(t, aalg))
if (aalg_tmpl_set(t, aalg) && aalg->available)
sz += sizeof(struct sadb_comb);
}
}
Expand Down

0 comments on commit 539d5de

Please sign in to comment.