net: af_key: check encryption module availability consistency [ Upstream commit 015c44d7bff3f44d569716117becd570c179ca32 ] Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel produces invalid pfkey acquire messages, when these encryption modules are disabled. This happens because the availability of the algos wasn't checked in all necessary functions. This patch adds these checks. Signed-off-by: Thomas Bartschies <thomas.bartschies@cvk.de> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

commit: 8c73e7c18e093c63bc0dbca2cca81e832f3b9fbc [log] [tgz]
author: Thomas Bartschies <thomas.bartschies@cvk.de> Wed May 18 08:32:18 2022 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Mon Jun 06 08:19:45 2022 +0200
tree: b4c3dab135eecc7bec709bb1e77125b2ec7feb21
parent: 95302ce6d8a08e88b7562238a8018820631325b6 [diff]
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 776f94e..d5dc614 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c

@@ -2935,7 +2935,7 @@
 			break;
 		if (!aalg->pfkey_supported)
 			continue;
-		if (aalg_tmpl_set(t, aalg))
+		if (aalg_tmpl_set(t, aalg) && aalg->available)
 			sz += sizeof(struct sadb_comb);
 	}
 	return sz + sizeof(struct sadb_prop);
@@ -2953,7 +2953,7 @@
 		if (!ealg->pfkey_supported)
 			continue;
 
-		if (!(ealg_tmpl_set(t, ealg)))
+		if (!(ealg_tmpl_set(t, ealg) && ealg->available))
 			continue;
 
 		for (k = 1; ; k++) {
@@ -2964,7 +2964,7 @@
 			if (!aalg->pfkey_supported)
 				continue;
 
-			if (aalg_tmpl_set(t, aalg))
+			if (aalg_tmpl_set(t, aalg) && aalg->available)
 				sz += sizeof(struct sadb_comb);
 		}
 	}
commit	8c73e7c18e093c63bc0dbca2cca81e832f3b9fbc	[log] [tgz]
author	Thomas Bartschies <thomas.bartschies@cvk.de>	Wed May 18 08:32:18 2022 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Mon Jun 06 08:19:45 2022 +0200
tree	b4c3dab135eecc7bec709bb1e77125b2ec7feb21
parent	95302ce6d8a08e88b7562238a8018820631325b6 [diff]