diff options
author | Milan Broz <mbroz@redhat.com> | 2009-12-10 18:51:56 -0500 |
---|---|---|
committer | Alasdair G Kergon <agk@redhat.com> | 2009-12-10 18:51:56 -0500 |
commit | 5861f1be00b3b70f8ab5e5a81392a6cf69666cd2 (patch) | |
tree | 6b794de58bd1ad4a1b0919ea641fc5a675a4a26a | |
parent | 6047359277517c4e56d8bfd6ea4966d7a3924151 (diff) |
dm crypt: restructure essiv error path
Use kzfree for salt deallocation because it is derived from the volume
key. Use a common error path in ESSIV constructor.
Required by a later patch which fixes the way key material is wiped
from memory.
Cc: stable@kernel.org
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
-rw-r--r-- | drivers/md/dm-crypt.c | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index bec5ac54e23e..2301d223f2ae 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c | |||
@@ -187,15 +187,15 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc) | |||
187 | static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | 187 | static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, |
188 | const char *opts) | 188 | const char *opts) |
189 | { | 189 | { |
190 | struct crypto_cipher *essiv_tfm; | 190 | struct crypto_cipher *essiv_tfm = NULL; |
191 | struct crypto_hash *hash_tfm; | 191 | struct crypto_hash *hash_tfm = NULL; |
192 | struct hash_desc desc; | 192 | struct hash_desc desc; |
193 | struct scatterlist sg; | 193 | struct scatterlist sg; |
194 | unsigned int saltsize; | 194 | unsigned int saltsize; |
195 | u8 *salt; | 195 | u8 *salt = NULL; |
196 | int err; | 196 | int err; |
197 | 197 | ||
198 | if (opts == NULL) { | 198 | if (!opts) { |
199 | ti->error = "Digest algorithm missing for ESSIV mode"; | 199 | ti->error = "Digest algorithm missing for ESSIV mode"; |
200 | return -EINVAL; | 200 | return -EINVAL; |
201 | } | 201 | } |
@@ -204,15 +204,16 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | |||
204 | hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC); | 204 | hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC); |
205 | if (IS_ERR(hash_tfm)) { | 205 | if (IS_ERR(hash_tfm)) { |
206 | ti->error = "Error initializing ESSIV hash"; | 206 | ti->error = "Error initializing ESSIV hash"; |
207 | return PTR_ERR(hash_tfm); | 207 | err = PTR_ERR(hash_tfm); |
208 | goto bad; | ||
208 | } | 209 | } |
209 | 210 | ||
210 | saltsize = crypto_hash_digestsize(hash_tfm); | 211 | saltsize = crypto_hash_digestsize(hash_tfm); |
211 | salt = kmalloc(saltsize, GFP_KERNEL); | 212 | salt = kzalloc(saltsize, GFP_KERNEL); |
212 | if (salt == NULL) { | 213 | if (!salt) { |
213 | ti->error = "Error kmallocing salt storage in ESSIV"; | 214 | ti->error = "Error kmallocing salt storage in ESSIV"; |
214 | crypto_free_hash(hash_tfm); | 215 | err = -ENOMEM; |
215 | return -ENOMEM; | 216 | goto bad; |
216 | } | 217 | } |
217 | 218 | ||
218 | sg_init_one(&sg, cc->key, cc->key_size); | 219 | sg_init_one(&sg, cc->key, cc->key_size); |
@@ -220,39 +221,44 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, | |||
220 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | 221 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
221 | err = crypto_hash_digest(&desc, &sg, cc->key_size, salt); | 222 | err = crypto_hash_digest(&desc, &sg, cc->key_size, salt); |
222 | crypto_free_hash(hash_tfm); | 223 | crypto_free_hash(hash_tfm); |
224 | hash_tfm = NULL; | ||
223 | 225 | ||
224 | if (err) { | 226 | if (err) { |
225 | ti->error = "Error calculating hash in ESSIV"; | 227 | ti->error = "Error calculating hash in ESSIV"; |
226 | kfree(salt); | 228 | goto bad; |
227 | return err; | ||
228 | } | 229 | } |
229 | 230 | ||
230 | /* Setup the essiv_tfm with the given salt */ | 231 | /* Setup the essiv_tfm with the given salt */ |
231 | essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); | 232 | essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); |
232 | if (IS_ERR(essiv_tfm)) { | 233 | if (IS_ERR(essiv_tfm)) { |
233 | ti->error = "Error allocating crypto tfm for ESSIV"; | 234 | ti->error = "Error allocating crypto tfm for ESSIV"; |
234 | kfree(salt); | 235 | err = PTR_ERR(essiv_tfm); |
235 | return PTR_ERR(essiv_tfm); | 236 | goto bad; |
236 | } | 237 | } |
237 | if (crypto_cipher_blocksize(essiv_tfm) != | 238 | if (crypto_cipher_blocksize(essiv_tfm) != |
238 | crypto_ablkcipher_ivsize(cc->tfm)) { | 239 | crypto_ablkcipher_ivsize(cc->tfm)) { |
239 | ti->error = "Block size of ESSIV cipher does " | 240 | ti->error = "Block size of ESSIV cipher does " |
240 | "not match IV size of block cipher"; | 241 | "not match IV size of block cipher"; |
241 | crypto_free_cipher(essiv_tfm); | 242 | err = -EINVAL; |
242 | kfree(salt); | 243 | goto bad; |
243 | return -EINVAL; | ||
244 | } | 244 | } |
245 | err = crypto_cipher_setkey(essiv_tfm, salt, saltsize); | 245 | err = crypto_cipher_setkey(essiv_tfm, salt, saltsize); |
246 | if (err) { | 246 | if (err) { |
247 | ti->error = "Failed to set key for ESSIV cipher"; | 247 | ti->error = "Failed to set key for ESSIV cipher"; |
248 | crypto_free_cipher(essiv_tfm); | 248 | goto bad; |
249 | kfree(salt); | ||
250 | return err; | ||
251 | } | 249 | } |
252 | kfree(salt); | 250 | kzfree(salt); |
253 | 251 | ||
254 | cc->iv_gen_private.essiv.tfm = essiv_tfm; | 252 | cc->iv_gen_private.essiv.tfm = essiv_tfm; |
255 | return 0; | 253 | return 0; |
254 | |||
255 | bad: | ||
256 | if (essiv_tfm && !IS_ERR(essiv_tfm)) | ||
257 | crypto_free_cipher(essiv_tfm); | ||
258 | if (hash_tfm && !IS_ERR(hash_tfm)) | ||
259 | crypto_free_hash(hash_tfm); | ||
260 | kzfree(salt); | ||
261 | return err; | ||
256 | } | 262 | } |
257 | 263 | ||
258 | static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) | 264 | static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) |