[dm-devel] [PATCH 1/3] dm crypt: wipe keys string immediately after key is set
Milan Broz
mbroz at redhat.com
Thu Feb 3 00:08:14 UTC 2011
If the tfm key was set up correctly, do not keep another
copy of key and immediately replace it with zero string.
Signed-off-by: Milan Broz <mbroz at redhat.com>
---
drivers/md/dm-crypt.c | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 4e054bd..d748433 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1331,20 +1331,26 @@ static int crypt_setkey_allcpus(struct crypt_config *cc)
static int crypt_set_key(struct crypt_config *cc, char *key)
{
+ int r = -EINVAL, key_string_len = strlen(key);
+
/* The key size may not be changed. */
- if (cc->key_size != (strlen(key) >> 1))
- return -EINVAL;
+ if (cc->key_size != (key_string_len >> 1))
+ goto out;
/* Hyphen (which gives a key_size of zero) means there is no key. */
if (!cc->key_size && strcmp(key, "-"))
- return -EINVAL;
+ goto out;
if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)
- return -EINVAL;
+ goto out;
set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
- return crypt_setkey_allcpus(cc);
+ r = crypt_setkey_allcpus(cc);
+out:
+ /* Wipe hexa key string as soon as possible */
+ memset(key, '0', key_string_len);
+ return r;
}
static int crypt_wipe_key(struct crypt_config *cc)
--
1.7.2.3
More information about the dm-devel
mailing list