Commit dc94902b authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Mike Snitzer
Browse files

dm crypt: wipe kernel key copy after IV initialization 



Loading key via kernel keyring service erases the internal
key copy immediately after we pass it in crypto layer. This is
wrong because IV is initialized later and we use wrong key
for the initialization (instead of real key there's just zeroed
block).

The bug may cause data corruption if key is loaded via kernel keyring
service first and later same crypt device is reactivated using exactly
same key in hexbyte representation, or vice versa. The bug (and fix)
affects only ciphers using following IVs: essiv, lmk and tcw.

Fixes: c538f6ec ("dm crypt: add ability to use keys from the kernel key retention service")
Cc: stable@vger.kernel.org # 4.10+
Signed-off-by: default avatarOndrej Kozina <okozina@redhat.com>
Reviewed-by: default avatarMilan Broz <gmazyland@gmail.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent 717f4b1c

drivers/md/dm-crypt.c

+8 −4
Original line number Original line Diff line number Diff line
@@ -2058,9 +2058,6 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string 




	ret = crypt_setkey(cc);

	ret = crypt_setkey(cc);





	/* wipe the kernel key payload copy in each case */

	memset(cc->key, 0, cc->key_size * sizeof(u8));



	if (!ret) {

	if (!ret) {

		set_bit(DM_CRYPT_KEY_VALID, &cc->flags);

		set_bit(DM_CRYPT_KEY_VALID, &cc->flags);

		kzfree(cc->key_string);

		kzfree(cc->key_string);
@@ -2528,6 +2525,10 @@ static int crypt_ctr_cipher(struct dm_target *ti, char *cipher_in, char *key) 
		}

		}

	}

	}





	/* wipe the kernel key payload copy */

	if (cc->key_string)

		memset(cc->key, 0, cc->key_size * sizeof(u8));



	return ret;

	return ret;

}

}
@@ -2966,6 +2967,9 @@ static int crypt_message(struct dm_target *ti, unsigned argc, char **argv) 
				return ret;

				return ret;

			if (cc->iv_gen_ops && cc->iv_gen_ops->init)

			if (cc->iv_gen_ops && cc->iv_gen_ops->init)

				ret = cc->iv_gen_ops->init(cc);

				ret = cc->iv_gen_ops->init(cc);

			/* wipe the kernel key payload copy */

			if (cc->key_string)

				memset(cc->key, 0, cc->key_size * sizeof(u8));

			return ret;

			return ret;

		}

		}

		if (argc == 2 && !strcasecmp(argv[1], "wipe")) {

		if (argc == 2 && !strcasecmp(argv[1], "wipe")) {
@@ -3012,7 +3016,7 @@ static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits) 




static struct target_type crypt_target = {

static struct target_type crypt_target = {

	.name   = "crypt",

	.name   = "crypt",

	.version = {1, 18, 0},

	.version = {1, 18, 1},

	.module = THIS_MODULE,

	.module = THIS_MODULE,

	.ctr    = crypt_ctr,

	.ctr    = crypt_ctr,

	.dtr    = crypt_dtr,

	.dtr    = crypt_dtr,

CRA Git | Maintained and supported by SUSTech CRA and CCSE