eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Explicitly disallow capi format for LUKS2 keyslot encryption

Browse Source 
NO functional change as it fails in IV check anyway, but the
code should not reach this funtion at all.
This commit is contained in:
Milan Broz
2025-05-29 10:32:35 +02:00
parent c3414b8221
commit 5b3ff3c0a7
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/luks2/luks2_keyslot.c
View File

@@ -168,6 +168,13 @@ int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *ciphe
if (!cipher_spec || crypt_is_cipher_null(cipher_spec)) if (!cipher_spec || crypt_is_cipher_null(cipher_spec))
return 1; return 1;
/*
* Do not allow capi format for keyslots
* Note: It always failed in ivsize check later anyway.
*/
if (!strncmp(cipher_spec, "capi:", 5))
return 1;
if (crypt_parse_name_and_mode(cipher_spec, cipher, NULL, cipher_mode) < 0) if (crypt_parse_name_and_mode(cipher_spec, cipher, NULL, cipher_mode) < 0)
return 1; return 1;