[PATCH v1 4/4] ipv6: sr: continue initialization at ENOENT HMAC instantiation failures

[Nicolai Stange]

As it currently stands, the IPv6 SR HMAC __init, and thus the IPv6
subsystem's __init, would fail to come up if any of the HMAC algo
instantiations failed.

This used to be fine, as they usually don't. However, that situation will
change, because NIST announced to sunset SHA1 by 2030, and then at latest
instantiations thereof through the cryptomgr will have to made to fail with
-ENOENT when booted in FIPS mode. Note that the sunset date has
implications on certificates' lifetimes for those issued today already, so
distributions might be eager to disable SHA1 in FIPS mode downstream
starting now.

Make seg6_hmac_init_algos() to ignore ENOENT HMAC algo instantiation
errors. Note that in this case, a failed algo will have its ->tfms == NULL,
and __hmac_get_algo() would filter such ones already.

Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
---
 net/ipv6/seg6_hmac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 85e90d8d8050..4a63ee4dbf7e 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -433,7 +433,7 @@ static int seg6_hmac_init_algos(void)
 	alg_count = ARRAY_SIZE(hmac_algos);
 	for (i = 0; i < alg_count; i++) {
 		ret = seg6_hmac_init_algo(&hmac_algos[i]);
-		if (ret)
+		if (ret && ret != -ENOENT)
 			goto error_out;
 	}
 
-- 
2.47.1