dm crypt: rewrite (wipe) key in crypto layer using random data

The message "key wipe" used to wipe real key stored in crypto layer by
rewriting it with zeroes.  Since commit 28856a9 ("crypto: xts -
consolidate sanity check for keys") this no longer works in FIPS mode
for XTS.

While running in FIPS mode the crypto key part has to differ from the
tweak key.

Fixes: 28856a9 ("crypto: xts - consolidate sanity check for keys")
Cc: stable@vger.kernel.org
Signed-off-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 8bff6f7a4c6cb32291d0e541c6a639239f12c837..bb2e747907b089acb4c1e50d843615b56eab7d6f 100644 (file)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2152,12 +2152,16 @@ out:
 
 static int crypt_wipe_key(struct crypt_config *cc)
 {
+       int r;
+
        clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
-       memset(&cc->key, 0, cc->key_size * sizeof(u8));
+       get_random_bytes(&cc->key, cc->key_size);
        kzfree(cc->key_string);
        cc->key_string = NULL;
+       r = crypt_setkey(cc);
+       memset(&cc->key, 0, cc->key_size * sizeof(u8));
 
-       return crypt_setkey(cc);
+       return r;
 }
 
 static void crypt_dtr(struct dm_target *ti)