diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:20 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:20 +0000 |
| commit | 82ff52e0800702dee9402f8efe13dbc02e5883d2 (patch) | |
| tree | 2f1704ba1a30bffc1f66bf5fb51c48431c24f6fa /debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch | |
| parent | Adding upstream version 2:2.1.0. (diff) | |
| download | cryptsetup-debian.tar.xz cryptsetup-debian.zip | |
Adding debian version 2:2.1.0-5+deb10u2.debian/2%2.1.0-5+deb10u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch')
| -rw-r--r-- | debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch b/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch new file mode 100644 index 0000000..0a16127 --- /dev/null +++ b/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch @@ -0,0 +1,56 @@ +From c03e3fe88a9761f34b22d2b4d4654353783e2d4f Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina <okozina@redhat.com> +Date: Tue, 26 Feb 2019 11:49:58 +0100 +Subject: Fix getting default LUKS2 keyslot encryption parameters. + +When information about original keyslot size is missing (no active +keyslot assigned to default segment) we have to fallback to +default luks2 encryption parameters even though we know default +segment cipher and mode. + +Fixes: #442. +--- + lib/setup.c | 3 ++- + tests/api-test-2.c | 19 +++++++++++++++++++ + 2 files changed, 21 insertions(+), 1 deletion(-) + +--- a/lib/setup.c ++++ b/lib/setup.c +@@ -4632,7 +4632,8 @@ const char *crypt_keyslot_get_encryption + cipher = LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (!LUKS2_keyslot_cipher_incompatible(cd, cipher)) { + *key_size = crypt_get_volume_key_size(cd); +- return cipher; ++ if (*key_size) ++ return cipher; + } + + /* Fallback to default LUKS2 keyslot encryption */ +--- a/tests/api-test-2.c ++++ b/tests/api-test-2.c +@@ -914,6 +914,25 @@ static void AddDeviceLuks2(void) + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0"); + crypt_free(cd); + ++ /* ++ * Check regression in getting keyslot encryption parameters when ++ * volume key size is unknown (no active keyslots). ++ */ ++ if (!_fips_mode) { ++ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); ++ crypt_set_iteration_time(cd, 1); ++ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); ++ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); ++ /* drop context copy of volume key */ ++ crypt_free(cd); ++ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); ++ OK_(crypt_load(cd, CRYPT_LUKS, NULL)); ++ EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); ++ OK_(crypt_keyslot_destroy(cd, 0)); ++ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); ++ crypt_free(cd); ++ } ++ + _cleanup_dmdevices(); + } + |