mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-10 10:39:26 +00:00
dm crypt: fix parsing of extended IV arguments
commit 1856b9f7bc
upstream.
The dm-crypt cipher specification in a mapping table is defined as:
cipher[:keycount]-chainmode-ivmode[:ivopts]
or (new crypt API format):
capi:cipher_api_spec-ivmode[:ivopts]
For ESSIV, the parameter includes hash specification, for example:
aes-cbc-essiv:sha256
The implementation expected that additional IV option to never include
another dash '-' character.
But, with SHA3, there are names like sha3-256; so the mapping table
parser fails:
dmsetup create test --table "0 8 crypt aes-cbc-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"
or (new crypt API format)
dmsetup create test --table "0 8 crypt capi:cbc(aes)-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"
device-mapper: crypt: Ignoring unexpected additional cipher options
device-mapper: table: 253:0: crypt: Error creating IV
device-mapper: ioctl: error adding target to table
Fix the dm-crypt constructor to ignore additional dash in IV options and
also remove a bogus warning (that is ignored anyway).
Cc: stable@vger.kernel.org # 4.12+
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
5b779f8417
commit
b911f1dcb6
1 changed files with 17 additions and 8 deletions
|
@ -2405,9 +2405,21 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
|
|||
* capi:cipher_api_spec-iv:ivopts
|
||||
*/
|
||||
tmp = &cipher_in[strlen("capi:")];
|
||||
cipher_api = strsep(&tmp, "-");
|
||||
*ivmode = strsep(&tmp, ":");
|
||||
*ivopts = tmp;
|
||||
|
||||
/* Separate IV options if present, it can contain another '-' in hash name */
|
||||
*ivopts = strrchr(tmp, ':');
|
||||
if (*ivopts) {
|
||||
**ivopts = '\0';
|
||||
(*ivopts)++;
|
||||
}
|
||||
/* Parse IV mode */
|
||||
*ivmode = strrchr(tmp, '-');
|
||||
if (*ivmode) {
|
||||
**ivmode = '\0';
|
||||
(*ivmode)++;
|
||||
}
|
||||
/* The rest is crypto API spec */
|
||||
cipher_api = tmp;
|
||||
|
||||
if (*ivmode && !strcmp(*ivmode, "lmk"))
|
||||
cc->tfms_count = 64;
|
||||
|
@ -2477,11 +2489,8 @@ static int crypt_ctr_cipher_old(struct dm_target *ti, char *cipher_in, char *key
|
|||
goto bad_mem;
|
||||
|
||||
chainmode = strsep(&tmp, "-");
|
||||
*ivopts = strsep(&tmp, "-");
|
||||
*ivmode = strsep(&*ivopts, ":");
|
||||
|
||||
if (tmp)
|
||||
DMWARN("Ignoring unexpected additional cipher options");
|
||||
*ivmode = strsep(&tmp, ":");
|
||||
*ivopts = tmp;
|
||||
|
||||
/*
|
||||
* For compatibility with the original dm-crypt mapping format, if
|
||||
|
|
Loading…
Reference in a new issue