eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace bogus cipher_null keyslots before reencryption.

Browse Source 
By mistake LUKS2 allowed keyslots 'not-so-encrypted' by
cipher_null (only explicitly requested by --cipher or
--keyslot-cipher parameters). If we encounter
such old key during reencryption let's replace the cipher
for new keyslot with default LUKS2 keyslot cipher.
This commit is contained in:
Ondrej Kozina
2021-02-11 12:17:02 +01:00
committed by Milan Broz
parent 1e68d73bc3
commit 196477d194
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/cryptsetup.c
View File

@@ -1097,6 +1097,12 @@ static int set_keyslot_params(struct crypt_device *cd, int keyslot)
if (!cipher)
return -EINVAL;
if (crypt_is_cipher_null(cipher)) {
log_dbg("Keyslot %d uses cipher_null. Replacing with default encryption in new keyslot.", keyslot);
cipher = DEFAULT_LUKS2_KEYSLOT_CIPHER;
key_size = DEFAULT_LUKS2_KEYSLOT_KEYBITS / 8;
}
if (crypt_keyslot_set_encryption(cd, cipher, key_size))
return -EINVAL;