Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 60f50d13 authored by Eric Biggers's avatar Eric Biggers Committed by Jaegeuk Kim
Browse files

fscrypt: improve warnings for missing crypto API support 



Users of fscrypt with non-default algorithms will encounter an error
like the following if they fail to include the needed algorithms into
the crypto API when configuring the kernel (as per the documentation):

    Error allocating 'adiantum(xchacha12,aes)' transform: -2

This requires that the user figure out what the "-2" error means.
Make it more friendly by printing a warning like the following instead:

    Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)")

Also upgrade the log level for *other* errors to KERN_ERR.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent 830d573a

fs/crypto/keyinfo.c

+14 −5
Original line number Diff line number Diff line
@@ -237,7 +237,12 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key, 


	tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0);

	if (IS_ERR(tfm)) {

		fscrypt_warn(inode, "Error allocating '%s' transform: %ld",

		if (PTR_ERR(tfm) == -ENOENT)

			fscrypt_warn(inode,

				     "Missing crypto API support for %s (API name: \"%s\")",

				     mode->friendly_name, mode->cipher_str);

		else

			fscrypt_err(inode, "Error allocating '%s' transform: %ld",

				    mode->cipher_str, PTR_ERR(tfm));

		return tfm;

	}
@@ -384,8 +389,12 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt) 


		tfm = crypto_alloc_shash("sha256", 0, 0);

		if (IS_ERR(tfm)) {

			if (PTR_ERR(tfm) == -ENOENT)

				fscrypt_warn(NULL,

				     "error allocating SHA-256 transform: %ld",

					     "Missing crypto API support for SHA-256");

			else

				fscrypt_err(NULL,

					    "Error allocating SHA-256 transform: %ld",

					    PTR_ERR(tfm));

			return PTR_ERR(tfm);

		}