dm integrity: fail early if required HMAC key is not available

Since crypto API commit 9fa68f62 ("crypto: hash - prevent using keyed hashes without setting key") dm-integrity cannot use keyed algorithms without the key being set. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting the key requirement in integrity table constructor. Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>

dm integrity: fail early if required HMAC key is not available
Since crypto API commit 9fa68f62 ("crypto: hash - prevent using keyed hashes without setting key") dm-integrity cannot use keyed algorithms without the key being set. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting the key requirement in integrity table constructor. Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
e16b4f99 · Milan Broz · Mike Snitzer · 2d77dafe · e16b4f99
Commit e16b4f99 authored Feb 13, 2018 by Milan Broz Committed by Mike Snitzer Apr 03, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

drivers/md/dm-integrity.c drivers/md/dm-integrity.c +3 -0

No files found.
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error,
 				*error = error_key;
 				return r;
 			}
+		} else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) {
+			*error = error_key;
+			return -ENOKEY;
 		}
 	}