diff options
| author | Harald van Dijk <harald@gigawatt.nl> | 2021-10-20 00:32:28 +0100 |
|---|---|---|
| committer | Brian Behlendorf <behlendorf1@llnl.gov> | 2021-11-30 11:54:06 -0800 |
| commit | 85638aa87003ed9bbb35cead91d99bf409e571e4 (patch) | |
| tree | 1eac8aeaf52ec14d61ac3b3677115bf34289090f | |
| parent | 4234812d1a202e3463400f495e84f63d806ec953 (diff) | |
get_key_material: skip passphrase validation when loading keys
The restriction that an encryption key must be at least
MIN_PASSPHRASE_LEN characters long make sense when changing the
encryption key, but not when loading: as this restriction is not
enforced in the libraries, it is possible to bypass zfs change-key's
restrictions and end up with a key that becomes impossible to load with
zfs load-key, for example through pam_zfs_key.
Reviewed-by: Felix Dörre <felix@dogcraft.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Harald van Dijk <harald@gigawatt.nl>
Closes #12765
| -rw-r--r-- | lib/libzfs/libzfs_crypto.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c index 644dd2685..3f5648eba 100644 --- a/lib/libzfs/libzfs_crypto.c +++ b/lib/libzfs/libzfs_crypto.c @@ -200,7 +200,7 @@ get_format_prompt_string(zfs_keyformat_t format) /* do basic validation of the key material */ static int validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat, - const char *key, size_t keylen) + const char *key, size_t keylen, boolean_t do_verify) { switch (keyformat) { case ZFS_KEYFORMAT_RAW: @@ -245,7 +245,10 @@ validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat, } break; case ZFS_KEYFORMAT_PASSPHRASE: - /* verify the length is within bounds */ + /* verify the length is within bounds when setting a new key, + * but not when loading an existing key */ + if (!do_verify) + break; if (keylen > MAX_PASSPHRASE_LEN) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Passphrase too long (max %u)."), @@ -380,7 +383,8 @@ get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname, if (!confirm_key) goto out; - if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) { + if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) != + 0) { free(buf); return (ret); } @@ -740,7 +744,8 @@ get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey, goto error; } - if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0) + if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen, + do_verify)) != 0) goto error; *km_out = km; |