aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Broz <mbroz@redhat.com>2009-12-10 18:51:56 -0500
committerAlasdair G Kergon <agk@redhat.com>2009-12-10 18:51:56 -0500
commit5861f1be00b3b70f8ab5e5a81392a6cf69666cd2 (patch)
tree6b794de58bd1ad4a1b0919ea641fc5a675a4a26a
parent6047359277517c4e56d8bfd6ea4966d7a3924151 (diff)
dm crypt: restructure essiv error path
Use kzfree for salt deallocation because it is derived from the volume key. Use a common error path in ESSIV constructor. Required by a later patch which fixes the way key material is wiped from memory. Cc: stable@kernel.org Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
-rw-r--r--drivers/md/dm-crypt.c46
1 files changed, 26 insertions, 20 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index bec5ac54e23e..2301d223f2ae 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -187,15 +187,15 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc)
187static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, 187static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
188 const char *opts) 188 const char *opts)
189{ 189{
190 struct crypto_cipher *essiv_tfm; 190 struct crypto_cipher *essiv_tfm = NULL;
191 struct crypto_hash *hash_tfm; 191 struct crypto_hash *hash_tfm = NULL;
192 struct hash_desc desc; 192 struct hash_desc desc;
193 struct scatterlist sg; 193 struct scatterlist sg;
194 unsigned int saltsize; 194 unsigned int saltsize;
195 u8 *salt; 195 u8 *salt = NULL;
196 int err; 196 int err;
197 197
198 if (opts == NULL) { 198 if (!opts) {
199 ti->error = "Digest algorithm missing for ESSIV mode"; 199 ti->error = "Digest algorithm missing for ESSIV mode";
200 return -EINVAL; 200 return -EINVAL;
201 } 201 }
@@ -204,15 +204,16 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
204 hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC); 204 hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
205 if (IS_ERR(hash_tfm)) { 205 if (IS_ERR(hash_tfm)) {
206 ti->error = "Error initializing ESSIV hash"; 206 ti->error = "Error initializing ESSIV hash";
207 return PTR_ERR(hash_tfm); 207 err = PTR_ERR(hash_tfm);
208 goto bad;
208 } 209 }
209 210
210 saltsize = crypto_hash_digestsize(hash_tfm); 211 saltsize = crypto_hash_digestsize(hash_tfm);
211 salt = kmalloc(saltsize, GFP_KERNEL); 212 salt = kzalloc(saltsize, GFP_KERNEL);
212 if (salt == NULL) { 213 if (!salt) {
213 ti->error = "Error kmallocing salt storage in ESSIV"; 214 ti->error = "Error kmallocing salt storage in ESSIV";
214 crypto_free_hash(hash_tfm); 215 err = -ENOMEM;
215 return -ENOMEM; 216 goto bad;
216 } 217 }
217 218
218 sg_init_one(&sg, cc->key, cc->key_size); 219 sg_init_one(&sg, cc->key, cc->key_size);
@@ -220,39 +221,44 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
220 desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; 221 desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
221 err = crypto_hash_digest(&desc, &sg, cc->key_size, salt); 222 err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
222 crypto_free_hash(hash_tfm); 223 crypto_free_hash(hash_tfm);
224 hash_tfm = NULL;
223 225
224 if (err) { 226 if (err) {
225 ti->error = "Error calculating hash in ESSIV"; 227 ti->error = "Error calculating hash in ESSIV";
226 kfree(salt); 228 goto bad;
227 return err;
228 } 229 }
229 230
230 /* Setup the essiv_tfm with the given salt */ 231 /* Setup the essiv_tfm with the given salt */
231 essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); 232 essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
232 if (IS_ERR(essiv_tfm)) { 233 if (IS_ERR(essiv_tfm)) {
233 ti->error = "Error allocating crypto tfm for ESSIV"; 234 ti->error = "Error allocating crypto tfm for ESSIV";
234 kfree(salt); 235 err = PTR_ERR(essiv_tfm);
235 return PTR_ERR(essiv_tfm); 236 goto bad;
236 } 237 }
237 if (crypto_cipher_blocksize(essiv_tfm) != 238 if (crypto_cipher_blocksize(essiv_tfm) !=
238 crypto_ablkcipher_ivsize(cc->tfm)) { 239 crypto_ablkcipher_ivsize(cc->tfm)) {
239 ti->error = "Block size of ESSIV cipher does " 240 ti->error = "Block size of ESSIV cipher does "
240 "not match IV size of block cipher"; 241 "not match IV size of block cipher";
241 crypto_free_cipher(essiv_tfm); 242 err = -EINVAL;
242 kfree(salt); 243 goto bad;
243 return -EINVAL;
244 } 244 }
245 err = crypto_cipher_setkey(essiv_tfm, salt, saltsize); 245 err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
246 if (err) { 246 if (err) {
247 ti->error = "Failed to set key for ESSIV cipher"; 247 ti->error = "Failed to set key for ESSIV cipher";
248 crypto_free_cipher(essiv_tfm); 248 goto bad;
249 kfree(salt);
250 return err;
251 } 249 }
252 kfree(salt); 250 kzfree(salt);
253 251
254 cc->iv_gen_private.essiv.tfm = essiv_tfm; 252 cc->iv_gen_private.essiv.tfm = essiv_tfm;
255 return 0; 253 return 0;
254
255bad:
256 if (essiv_tfm && !IS_ERR(essiv_tfm))
257 crypto_free_cipher(essiv_tfm);
258 if (hash_tfm && !IS_ERR(hash_tfm))
259 crypto_free_hash(hash_tfm);
260 kzfree(salt);
261 return err;
256} 262}
257 263
258static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector) 264static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector)