summaryrefslogtreecommitdiff
path: root/drivers/md
diff options
context:
space:
mode:
authorMilan Broz <gmazyland@gmail.com>2018-02-13 14:50:50 +0100
committerMike Snitzer <snitzer@redhat.com>2018-04-03 15:04:16 -0400
commite16b4f99f0f79682a7efe191a8ce694d87ca9fc8 (patch)
tree8176b07c744f1d532d629cb9a5b20159f16357cd /drivers/md
parent2d77dafe23b6c0cc9e501bda0e3f138b96ecd811 (diff)
dm integrity: fail early if required HMAC key is not available
Since crypto API commit 9fa68f62004 ("crypto: hash - prevent using keyed hashes without setting key") dm-integrity cannot use keyed algorithms without the key being set. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting the key requirement in integrity table constructor. Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'drivers/md')
-rw-r--r--drivers/md/dm-integrity.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 46d7c8749222..6c81b11d0521 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error,
*error = error_key;
return r;
}
+ } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) {
+ *error = error_key;
+ return -ENOKEY;
}
}