Audit type-specific crypto operationsaudit

1 files changed, 18 insertions, 2 deletions

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 0776fe157b2..1d8fb210449 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -286,6 +286,11 @@ static int skcipher_sendmsg(struct kiocb *unused, struct socket *sock,
 			memcpy(ctx->iv, con.iv->iv, ivsize);
 	}
 
+	err = af_alg_audit_crypto_op(sk, ctx->enc ? "encrypt-input"
+				     : "decrypt-input", -1);
+	if (err)
+		goto unlock;
+
 	while (size) {
 		struct scatterlist *sg;
 		unsigned long len = size;
@@ -376,8 +381,14 @@ static ssize_t skcipher_sendpage(struct socket *sock, struct page *page,
 	struct alg_sock *ask = alg_sk(sk);
 	struct skcipher_ctx *ctx = ask->private;
 	struct skcipher_sg_list *sgl;
-	int err = -EINVAL;
+	int err;
+
+	err = af_alg_audit_crypto_op(sk, ctx->enc ? "encrypt-input"
+				     : "decrypt-input", -1);
+	if (err)
+		return err;
 
+	err = -EINVAL;
 	lock_sock(sk);
 	if (!ctx->more && ctx->used)
 		goto unlock;
@@ -427,10 +438,15 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
 	struct scatterlist *sg;
 	unsigned long iovlen;
 	struct iovec *iov;
-	int err = -EAGAIN;
+	int err;
 	int used;
 	long copied = 0;
 
+	err = af_alg_audit_crypto_op(sk, ctx->enc ? "encrypt-output"
+				     : "decrypt-output", -1);
+	if (err)
+		return err;
+
 	lock_sock(sk);
 	for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
 	     iovlen--, iov++) {