• Milan Broz's avatar
    dm crypt: fix parsing of extended IV arguments · 1856b9f7
    Milan Broz authored
    The dm-crypt cipher specification in a mapping table is defined as:
      cipher[:keycount]-chainmode-ivmode[:ivopts]
    or (new crypt API format):
      capi:cipher_api_spec-ivmode[:ivopts]
    
    For ESSIV, the parameter includes hash specification, for example:
    aes-cbc-essiv:sha256
    
    The implementation expected that additional IV option to never include
    another dash '-' character.
    
    But, with SHA3, there are names like sha3-256; so the mapping table
    parser fails:
    
    dmsetup create test --table "0 8 crypt aes-cbc-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"
      or (new crypt API format)
    dmsetup create test --table "0 8 crypt capi:cbc(aes)-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"
    
      device-mapper: crypt: Ignoring unexpected additional cipher options
      device-mapper: table: 253:0: crypt: Error creating IV
      device-mapper: ioctl: error adding target to table
    
    Fix the dm-crypt constructor to ignore additional dash in IV options and
    also remove a bogus warning (that is ignored anyway).
    
    Cc: stable@vger.kernel.org # 4.12+
    Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    1856b9f7
dm-crypt.c 79.3 KB