diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:35:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:35:41 +0000 |
commit | f7458043ae6a2d2d54b911fac52e50341646bef2 (patch) | |
tree | 6c58e084cd8728490fd5bb8eead07db0be0038f4 /lib/luks2/luks2_keyslot_luks2.c | |
parent | Adding upstream version 2:2.6.1. (diff) | |
download | cryptsetup-f7458043ae6a2d2d54b911fac52e50341646bef2.tar.xz cryptsetup-f7458043ae6a2d2d54b911fac52e50341646bef2.zip |
Adding upstream version 2:2.7.0.upstream/2%2.7.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/luks2/luks2_keyslot_luks2.c')
-rw-r--r-- | lib/luks2/luks2_keyslot_luks2.c | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c index 491dcad..2c1f400 100644 --- a/lib/luks2/luks2_keyslot_luks2.c +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -307,7 +307,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, char *volume_key, size_t volume_key_len) { struct volume_key *derived_key = NULL; - struct crypt_pbkdf_type pbkdf; + struct crypt_pbkdf_type pbkdf, *cd_pbkdf; char *AfKey = NULL; size_t AFEKSize; const char *af_hash = NULL; @@ -361,6 +361,16 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, } /* + * Print warning when keyslot requires more memory than available + * (if maximum memory was adjusted - no swap, not enough memory), + * but be silent if user set keyslot memory cost above default limit intentionally. + */ + cd_pbkdf = crypt_get_pbkdf(cd); + if (cd_pbkdf->max_memory_kb && pbkdf.max_memory_kb > cd_pbkdf->max_memory_kb && + pbkdf.max_memory_kb <= DEFAULT_LUKS2_MEMORY_KB) + log_std(cd, _("Warning: keyslot operation could fail as it requires more than available memory.\n")); + + /* * If requested, serialize unlocking for memory-hard KDF. Usually NOOP. */ if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB) @@ -512,23 +522,42 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, } jobj_keyslot = json_object_new_object(); + if (!jobj_keyslot) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2")); json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len)); /* AF object */ jobj_af = json_object_new_object(); + if (!jobj_af) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes)); json_object_object_add(jobj_keyslot, "af", jobj_af); /* Area object */ jobj_area = json_object_new_object(); + if (!jobj_area) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_area, "type", json_object_new_string("raw")); json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); json_object_object_add(jobj_keyslot, "area", jobj_area); - json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + if (r) { + json_object_put(jobj_keyslot); + return r; + } r = luks2_keyslot_update_json(cd, jobj_keyslot, params); @@ -541,6 +570,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, json_object_object_del_by_uint(jobj_keyslots, keyslot); return r; +err: + json_object_put(jobj_keyslot); + return r; } static int luks2_keyslot_open(struct crypt_device *cd, |