dm crypt: fix parsing of extended IV arguments (1856b9f7) · Commits · 戴 / test

The dm-crypt cipher specification in a mapping table is defined as: cipher[:keycount]-chainmode-ivmode[:ivopts] or (new crypt API format): capi:cipher_api_spec-ivmode[:ivopts] For ESSIV, the parameter includes hash specification, for example: aes-cbc-essiv:sha256 The implementation expected that additional IV option to never include another dash '-' character. But, with SHA3, there are names like sha3-256; so the mapping table parser fails: dmsetup create test --table "0 8 crypt aes-cbc-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0" or (new crypt API format) dmsetup create test --table "0 8 crypt capi:cbc(aes)-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0" device-mapper: crypt: Ignoring unexpected additional cipher options device-mapper: table: 253:0: crypt: Error creating IV device-mapper: ioctl: error adding target to table Fix the dm-crypt constructor to ignore additional dash in IV options and also remove a bogus warning (that is ignored anyway). Cc: stable@vger.kernel.org # 4.12+ Signed-off-by:

Milan Broz <gmazyland@gmail.com> Signed-off-by:

Mike Snitzer <snitzer@redhat.com>

drivers/md/dm-crypt.c

+17 −8

Original line number	Original line	Diff line number	Diff line
	@@ -2414,9 +2414,21 @@ static int crypt_ctr_cipher_new(struct dm_target ti, char cipher_in, char *key
	* capi:cipher_api_spec-iv:ivopts		* capi:cipher_api_spec-iv:ivopts
	*/		*/
	tmp = &cipher_in[strlen("capi:")];		tmp = &cipher_in[strlen("capi:")];
	cipher_api = strsep(&tmp, "-");
	*ivmode = strsep(&tmp, ":");		/* Separate IV options if present, it can contain another '-' in hash name */
	*ivopts = tmp;		*ivopts = strrchr(tmp, ':');
			if (*ivopts) {
			**ivopts = '\0';
			(*ivopts)++;
			}
			/* Parse IV mode */
			*ivmode = strrchr(tmp, '-');
			if (*ivmode) {
			**ivmode = '\0';
			(*ivmode)++;
			}
			/* The rest is crypto API spec */
			cipher_api = tmp;

	if (ivmode && !strcmp(ivmode, "lmk"))		if (ivmode && !strcmp(ivmode, "lmk"))
	cc->tfms_count = 64;		cc->tfms_count = 64;
	@@ -2486,11 +2498,8 @@ static int crypt_ctr_cipher_old(struct dm_target ti, char cipher_in, char *key
	goto bad_mem;		goto bad_mem;

	chainmode = strsep(&tmp, "-");		chainmode = strsep(&tmp, "-");
	*ivopts = strsep(&tmp, "-");		*ivmode = strsep(&tmp, ":");
	ivmode = strsep(&ivopts, ":");		*ivopts = tmp;

	if (tmp)
	DMWARN("Ignoring unexpected additional cipher options");

	/*		/*
	* For compatibility with the original dm-crypt mapping format, if		* For compatibility with the original dm-crypt mapping format, if

Admin message