dm crypt: restructure essiv error path
authorMilan Broz <mbroz@redhat.com>
Thu, 10 Dec 2009 23:51:56 +0000 (23:51 +0000)
committerAlasdair G Kergon <agk@redhat.com>
Thu, 10 Dec 2009 23:51:56 +0000 (23:51 +0000)
Use kzfree for salt deallocation because it is derived from the volume
key.  Use a common error path in ESSIV constructor.

Required by a later patch which fixes the way key material is wiped
from memory.

Cc: stable@kernel.org
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
drivers/md/dm-crypt.c

index bec5ac54e23e642aae83ceaf52e5b1cf32ea3ad8..2301d223f2ae63edd6cc5169086fc1ee7f2b6dcd 100644 (file)
@@ -187,15 +187,15 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc)
 static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
                              const char *opts)
 {
-       struct crypto_cipher *essiv_tfm;
-       struct crypto_hash *hash_tfm;
+       struct crypto_cipher *essiv_tfm = NULL;
+       struct crypto_hash *hash_tfm = NULL;
        struct hash_desc desc;
        struct scatterlist sg;
        unsigned int saltsize;
-       u8 *salt;
+       u8 *salt = NULL;
        int err;
 
-       if (opts == NULL) {
+       if (!opts) {
                ti->error = "Digest algorithm missing for ESSIV mode";
                return -EINVAL;
        }
@@ -204,15 +204,16 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
        hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(hash_tfm)) {
                ti->error = "Error initializing ESSIV hash";
-               return PTR_ERR(hash_tfm);
+               err = PTR_ERR(hash_tfm);
+               goto bad;
        }
 
        saltsize = crypto_hash_digestsize(hash_tfm);
-       salt = kmalloc(saltsize, GFP_KERNEL);
-       if (salt == NULL) {
+       salt = kzalloc(saltsize, GFP_KERNEL);
+       if (!salt) {
                ti->error = "Error kmallocing salt storage in ESSIV";
-               crypto_free_hash(hash_tfm);
-               return -ENOMEM;
+               err = -ENOMEM;
+               goto bad;
        }
 
        sg_init_one(&sg, cc->key, cc->key_size);
@@ -220,39 +221,44 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
        desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
        err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
        crypto_free_hash(hash_tfm);
+       hash_tfm = NULL;
 
        if (err) {
                ti->error = "Error calculating hash in ESSIV";
-               kfree(salt);
-               return err;
+               goto bad;
        }
 
        /* Setup the essiv_tfm with the given salt */
        essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(essiv_tfm)) {
                ti->error = "Error allocating crypto tfm for ESSIV";
-               kfree(salt);
-               return PTR_ERR(essiv_tfm);
+               err = PTR_ERR(essiv_tfm);
+               goto bad;
        }
        if (crypto_cipher_blocksize(essiv_tfm) !=
            crypto_ablkcipher_ivsize(cc->tfm)) {
                ti->error = "Block size of ESSIV cipher does "
                            "not match IV size of block cipher";
-               crypto_free_cipher(essiv_tfm);
-               kfree(salt);
-               return -EINVAL;
+               err = -EINVAL;
+               goto bad;
        }
        err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
        if (err) {
                ti->error = "Failed to set key for ESSIV cipher";
-               crypto_free_cipher(essiv_tfm);
-               kfree(salt);
-               return err;
+               goto bad;
        }
-       kfree(salt);
+       kzfree(salt);
 
        cc->iv_gen_private.essiv.tfm = essiv_tfm;
        return 0;
+
+bad:
+       if (essiv_tfm && !IS_ERR(essiv_tfm))
+               crypto_free_cipher(essiv_tfm);
+       if (hash_tfm && !IS_ERR(hash_tfm))
+               crypto_free_hash(hash_tfm);
+       kzfree(salt);
+       return err;
 }
 
 static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector)