With crypto API
commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24
crypto: hash - prevent using keyed hashes without setting key
dm-integrity cannot use keyed algorithms without setting key.
The dm-integrity recognizes this too late (during use of HMAC),
so it allows creation and formatting of superblock, but the device
is in fact unusable.
Fix it by detecting key requirement in integrity table constructor.
Signed-off-by: Milan Broz <gmazyland@xxxxxxxxx>
---
drivers/md/dm-integrity.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 46d7c8749222..6c81b11d0521 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error,
*error = error_key;
return r;
}
+ } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) {
+ *error = error_key;
+ return -ENOKEY;
}
}
--
2.16.1
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
