aboutsummaryrefslogtreecommitdiff
path: root/module/zfs/dsl_crypt.c
diff options
context:
space:
mode:
authorTom Caputi <tcaputi@datto.com>2018-11-07 23:40:24 +0000
committerBrian Behlendorf <behlendorf1@llnl.gov>2018-11-07 23:40:24 +0000
commitf44ad9297da6e638482232636e9d63302b96f7e9 (patch)
tree2f1c1417ec38b3b54a0f977fd864c9005ad57c67 /module/zfs/dsl_crypt.c
parentac53e50f799b39d9cd04e5ecc0a6552c9490c84a (diff)
downloadsrc-f44ad9297da6e638482232636e9d63302b96f7e9.tar.gz
src-f44ad9297da6e638482232636e9d63302b96f7e9.zip
Diffstat (limited to 'module/zfs/dsl_crypt.c')
-rw-r--r--module/zfs/dsl_crypt.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/module/zfs/dsl_crypt.c b/module/zfs/dsl_crypt.c
index d2545c6fa41b..da2a126f2ebc 100644
--- a/module/zfs/dsl_crypt.c
+++ b/module/zfs/dsl_crypt.c
@@ -758,7 +758,7 @@ spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp,
dsl_crypto_key_t *dck = NULL;
dsl_wrapping_key_t *wkey = dcp->cp_wkey;
dsl_pool_t *dp = NULL;
- uint64_t keyformat, salt, iters;
+ uint64_t rddobj, keyformat, salt, iters;
/*
* We don't validate the wrapping key's keyformat, salt, or iters
@@ -775,7 +775,7 @@ spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp,
goto error;
if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_ENCRYPTION)) {
- ret = (SET_ERROR(ENOTSUP));
+ ret = SET_ERROR(ENOTSUP);
goto error;
}
@@ -786,6 +786,13 @@ spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp,
goto error;
}
+ /* confirm that dd is the encryption root */
+ ret = dsl_dir_get_encryption_root_ddobj(dd, &rddobj);
+ if (ret != 0 || rddobj != dd->dd_object) {
+ ret = SET_ERROR(EINVAL);
+ goto error;
+ }
+
/* initialize the wkey's ddobj */
wkey->wk_ddobj = dd->dd_object;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 21:36:19 +0000