dm crypt: rewrite (wipe) key in crypto layer using random data

commit c82feeec9a014b72c4ffea36648cfb6f81cc1b73 upstream.

The message "key wipe" used to wipe real key stored in crypto layer by
rewriting it with zeroes.  Since commit 28856a9 ("crypto: xts -
consolidate sanity check for keys") this no longer works in FIPS mode
for XTS.

While running in FIPS mode the crypto key part has to differ from the
tweak key.

Fixes: 28856a9 ("crypto: xts - consolidate sanity check for keys")
Signed-off-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 8a9f742d8ed72c810d49115ff802706d2b9d7e7f..f6b9f2ce24ed080636e9b2a66814d7b49e3e6671 100644 (file)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1649,12 +1649,16 @@ out:
 
 static int crypt_wipe_key(struct crypt_config *cc)
 {
+       int r;
+
        clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
-       memset(&cc->key, 0, cc->key_size * sizeof(u8));
+       get_random_bytes(&cc->key, cc->key_size);
        kzfree(cc->key_string);
        cc->key_string = NULL;
+       r = crypt_setkey(cc);
+       memset(&cc->key, 0, cc->key_size * sizeof(u8));
 
-       return crypt_setkey(cc);
+       return r;
 }
 
 static void crypt_dtr(struct dm_target *ti)