Override password quality check if used cipher is cipher_null.

src/cryptsetup.c

@@ -708,6 +708,10 @@ static int action_luksFormat(void)
 		goto out;
 	}
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(cipher))
+		opt_force_password = 1;
+
 	if ((r = crypt_init(&cd, header_device))) {
 		if (opt_header_device)
 			log_err(_("Cannot use %s as on-disk header.\n"), header_device);
@@ -964,6 +968,10 @@ static int action_luksAddKey(void)
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
 		goto out;
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(crypt_get_cipher(cd)))
+		opt_force_password = 1;
+
 	keysize = crypt_get_volume_key_size(cd);
 	/* FIXME: lib cannot properly set verification for new/old passphrase */
 	crypt_set_password_verify(cd, _verify_passphrase(0));
@@ -1045,6 +1053,10 @@ static int action_luksChangeKey(void)
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
 		goto out;
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(crypt_get_cipher(cd)))
+		opt_force_password = 1;
+
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
 

src/cryptsetup.h

@@ -83,6 +83,7 @@ int tools_get_key(const char *prompt,
 		  struct crypt_device *cd);
 int tools_is_stdin(const char *key_file);
 int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
+int tools_is_cipher_null(const char *cipher);
 
 /* Log */
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)

src/utils_password.c

@@ -65,6 +65,14 @@ static int tools_check_pwquality(const char *password)
 }
 #endif /* ENABLE_PWQUALITY */
 
+int tools_is_cipher_null(const char *cipher)
+{
+	if (!cipher)
+		return 0;
+
+	return !strcmp(cipher, "cipher_null") ? 1 : 0;
+}
+
 /*
  * Keyfile - is standard input treated as a binary file (no EOL handling).
  */