The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From c82feeec9a014b72c4ffea36648cfb6f81cc1b73 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@xxxxxxxxxx>
Date: Mon, 24 Apr 2017 14:21:53 +0200
Subject: [PATCH] dm crypt: rewrite (wipe) key in crypto layer using random
data
The message "key wipe" used to wipe real key stored in crypto layer by
rewriting it with zeroes. Since commit 28856a9 ("crypto: xts -
consolidate sanity check for keys") this no longer works in FIPS mode
for XTS.
While running in FIPS mode the crypto key part has to differ from the
tweak key.
Fixes: 28856a9 ("crypto: xts - consolidate sanity check for keys")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Ondrej Kozina <okozina@xxxxxxxxxx>
Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx>
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 8bff6f7a4c6c..bb2e747907b0 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2152,12 +2152,16 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
static int crypt_wipe_key(struct crypt_config *cc)
{
+ int r;
+
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
- memset(&cc->key, 0, cc->key_size * sizeof(u8));
+ get_random_bytes(&cc->key, cc->key_size);
kzfree(cc->key_string);
cc->key_string = NULL;
+ r = crypt_setkey(cc);
+ memset(&cc->key, 0, cc->key_size * sizeof(u8));
- return crypt_setkey(cc);
+ return r;
}
static void crypt_dtr(struct dm_target *ti)