Skip to content

Commit

Permalink
dm integrity: fail early if required HMAC key is not available
Browse files Browse the repository at this point in the history 
Since crypto API commit 9fa68f6 ("crypto: hash - prevent using keyed
hashes without setting key") dm-integrity cannot use keyed algorithms
without the key being set.

The dm-integrity recognizes this too late (during use of HMAC), so it
allows creation and formatting of superblock, but the device is in fact
unusable.

Fix it by detecting the key requirement in integrity table constructor.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
  • Loading branch information
Milan Broz authored and Mike Snitzer committed Apr 3, 2018
1 parent 2d77daf commit e16b4f9
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions drivers/md/dm-integrity.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error,
*error = error_key;
return r;
}
} else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) {
*error = error_key;
return -ENOKEY;
}
}

Expand Down

0 comments on commit e16b4f9

Please sign in to comment.