eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check for unbound keyslot in convert.

Browse Source 
The type cannot be converted to LUKS1 if there is an unbound keyslot.

It is already covered by digest count check, but in some specific
use cases the explicit check can catch a new problem.
This commit is contained in:
Milan Broz
2025-05-15 14:56:15 +02:00
parent 50b762ab94
commit 465043300d
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/luks2/luks2_luks1_convert.c
View File

@@ -767,6 +767,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
int i, r, last_active = 0;
uint64_t offset, area_length;
char *buf, luksMagic[] = LUKS_MAGIC;
crypt_keyslot_info ki;
jobj_digest = LUKS2_get_digest_jobj(hdr2, 0);
if (!jobj_digest)
@@ -824,14 +825,21 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
key_size = r;
for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INACTIVE)
ki = LUKS2_keyslot_info(hdr2, i);
if (ki == CRYPT_SLOT_INACTIVE)
continue;
if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) {
if (ki == CRYPT_SLOT_INVALID) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i);
return -EINVAL;
}
if (ki == CRYPT_SLOT_UNBOUND) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is unbound."), i);
return -EINVAL;
}
if (i >= LUKS_NUMKEYS) {
log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i);
return -EINVAL;