diff --git a/ChangeLog b/ChangeLog index ca96a3de..bb043275 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2010-02-25 Milan Broz * Do not verify unlocking passphrase in luksAddKey command. + * Properly initialise crypto backend in header backup/restore commands. 2010-01-17 Milan Broz * If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c). diff --git a/lib/gcrypt.c b/lib/gcrypt.c index 269dc523..cfbcdc7b 100644 --- a/lib/gcrypt.c +++ b/lib/gcrypt.c @@ -23,8 +23,10 @@ int init_crypto(void) * and it locks its memory space anyway. */ #if 0 + log_dbg("Initializing crypto backend (secure memory disabled)."); gcry_control (GCRYCTL_DISABLE_SECMEM); #else + log_dbg("Initializing crypto backend (using secure memory)."); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); gcry_control (GCRYCTL_RESUME_SECMEM_WARN); diff --git a/lib/setup.c b/lib/setup.c index ea5359a7..6576032a 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -1213,6 +1213,12 @@ int crypt_header_backup(struct crypt_device *cd, if ((requested_type && !isLUKS(requested_type)) || !backup_file) return -EINVAL; + /* Some hash functions need initialized gcrypt library */ + if (init_crypto()) { + log_err(cd, _("Cannot initialize crypto backend.\n")); + return -ENOSYS; + } + log_dbg("Requested header backup of device %s (%s) to " "file %s.", cd->device, requested_type, backup_file); @@ -1226,6 +1232,12 @@ int crypt_header_restore(struct crypt_device *cd, if (requested_type && !isLUKS(requested_type)) return -EINVAL; + /* Some hash functions need initialized gcrypt library */ + if (init_crypto()) { + log_err(cd, _("Cannot initialize crypto backend.\n")); + return -ENOSYS; + } + log_dbg("Requested header restore to device %s (%s) from " "file %s.", cd->device, requested_type, backup_file);