diff options
author | Eric Biggers <ebiggers@google.com> | 2019-07-24 20:07:59 +0200 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2019-08-13 04:04:44 +0200 |
commit | a4d14e915bcb86e13b45231cd4fe2ce19bd9ba86 (patch) | |
tree | b514a293ce16edc1ba1a28e660ca5e545111e332 /fs/crypto | |
parent | fscrypt: improve warning messages for unsupported encryption contexts (diff) | |
download | linux-a4d14e915bcb86e13b45231cd4fe2ce19bd9ba86.tar.xz linux-a4d14e915bcb86e13b45231cd4fe2ce19bd9ba86.zip |
fscrypt: improve warnings for missing crypto API support
Users of fscrypt with non-default algorithms will encounter an error
like the following if they fail to include the needed algorithms into
the crypto API when configuring the kernel (as per the documentation):
Error allocating 'adiantum(xchacha12,aes)' transform: -2
This requires that the user figure out what the "-2" error means.
Make it more friendly by printing a warning like the following instead:
Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)")
Also upgrade the log level for *other* errors to KERN_ERR.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto')
-rw-r--r-- | fs/crypto/keyinfo.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index e5ab18d98f32..b75678587c3a 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -237,8 +237,13 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key, tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0); if (IS_ERR(tfm)) { - fscrypt_warn(inode, "Error allocating '%s' transform: %ld", - mode->cipher_str, PTR_ERR(tfm)); + if (PTR_ERR(tfm) == -ENOENT) + fscrypt_warn(inode, + "Missing crypto API support for %s (API name: \"%s\")", + mode->friendly_name, mode->cipher_str); + else + fscrypt_err(inode, "Error allocating '%s' transform: %ld", + mode->cipher_str, PTR_ERR(tfm)); return tfm; } if (unlikely(!mode->logged_impl_name)) { @@ -384,9 +389,13 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt) tfm = crypto_alloc_shash("sha256", 0, 0); if (IS_ERR(tfm)) { - fscrypt_warn(NULL, - "error allocating SHA-256 transform: %ld", - PTR_ERR(tfm)); + if (PTR_ERR(tfm) == -ENOENT) + fscrypt_warn(NULL, + "Missing crypto API support for SHA-256"); + else + fscrypt_err(NULL, + "Error allocating SHA-256 transform: %ld", + PTR_ERR(tfm)); return PTR_ERR(tfm); } prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm); |