With crypto API
  commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24
  crypto: hash - prevent using keyed hashes without setting key

dm-integrity cannot use keyed algorithms without setting key.

The dm-integrity recognizes this too late (during use of HMAC),
so it allows creation and formatting of superblock, but the device
is in fact unusable.

Fix it by detecting key requirement in integrity table constructor.

Signed-off-by: Milan Broz <gmazyl...@gmail.com>
---
 drivers/md/dm-integrity.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 46d7c8749222..6c81b11d0521 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct 
alg_spec *a, char **error,
                                *error = error_key;
                                return r;
                        }
+               } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) 
{
+                       *error = error_key;
+                       return -ENOKEY;
                }
        }
 
-- 
2.16.1

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Reply via email to