dm crypt: wipe private IV struct after key invalid flag is set

If a private IV wipe function fails, the code does not set the key
invalid flag.  To fix this, move code to after the flag is set to
prevent the device from resuming in an inconsistent state.

Also, this allows using of a randomized key in private wipe function
(to be used in a following commit).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 2587e94b05114757df520bc1b630f2fa78a1c085..cd349e9256495dfa5d6a1bd301b91e1cc630e835 100644 (file)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2158,6 +2158,14 @@ static int crypt_wipe_key(struct crypt_config *cc)
 
        clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
        get_random_bytes(&cc->key, cc->key_size);
+
+       /* Wipe IV private keys */
+       if (cc->iv_gen_ops && cc->iv_gen_ops->wipe) {
+               r = cc->iv_gen_ops->wipe(cc);
+               if (r)
+                       return r;
+       }
+
        kzfree(cc->key_string);
        cc->key_string = NULL;
        r = crypt_setkey(cc);
@@ -3050,14 +3058,8 @@ static int crypt_message(struct dm_target *ti, unsigned argc, char **argv,
                                memset(cc->key, 0, cc->key_size * sizeof(u8));
                        return ret;
                }
-               if (argc == 2 && !strcasecmp(argv[1], "wipe")) {
-                       if (cc->iv_gen_ops && cc->iv_gen_ops->wipe) {
-                               ret = cc->iv_gen_ops->wipe(cc);
-                               if (ret)
-                                       return ret;
-                       }
+               if (argc == 2 && !strcasecmp(argv[1], "wipe"))
                        return crypt_wipe_key(cc);
-               }
        }
 
 error: