Check cipher before writing metadata (LUKS2).

Some ciphers and key sizes created on-disk metadata that cannot be used. Use the same test for length-preserving cipher as LUKS1. Also check if key for integrity algorithm is not too small. Fixes #373.
2025-12-14 12:20:00 +01:00 · 2018-04-06 12:57:58 +02:00
parent f7ad64a3d3
commit 187170ec51
9 changed files with 45 additions and 18 deletions
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1008,7 +1008,9 @@ static int action_luksFormat(void)
 	if (luks_version != 2 && opt_integrity) {
 		log_err(_("Integrity option can be used only for LUKS2 format.\n"));
 		goto out;
-	} if (opt_integrity) {
+	}
+
+	if (opt_integrity) {
 		r = crypt_parse_integrity_mode(opt_integrity, integrity, &integrity_keysize);
 		if (r < 0) {
 			log_err(_("No known integrity specification pattern detected.\n"));