Commit de8be5ac authored by Milan Broz's avatar Milan Broz Committed by Alasdair G Kergon
Browse files

dm crypt: wipe keys string immediately after key is set 



Always wipe the original copy of the key after processing it
in crypt_set_key().

Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
Acked-by: default avatarMike Snitzer <snitzer@redhat.com>
Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
parent 3407ef52

drivers/md/dm-crypt.c

+14 −5
Original line number Diff line number Diff line
@@ -1331,20 +1331,29 @@ static int crypt_setkey_allcpus(struct crypt_config *cc) 


static int crypt_set_key(struct crypt_config *cc, char *key)

{

	int r = -EINVAL;

	int key_string_len = strlen(key);



	/* The key size may not be changed. */

	if (cc->key_size != (strlen(key) >> 1))

		return -EINVAL;

	if (cc->key_size != (key_string_len >> 1))

		goto out;



	/* Hyphen (which gives a key_size of zero) means there is no key. */

	if (!cc->key_size && strcmp(key, "-"))

		return -EINVAL;

		goto out;



	if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)

		return -EINVAL;

		goto out;



	set_bit(DM_CRYPT_KEY_VALID, &cc->flags);



	return crypt_setkey_allcpus(cc);

	r = crypt_setkey_allcpus(cc);



out:

	/* Hex key string not needed after here, so wipe it. */

	memset(key, '0', key_string_len);



	return r;

}



static int crypt_wipe_key(struct crypt_config *cc)

CRA Git | Maintained and supported by SUSTech CRA and CCSE