eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 19:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Properly fail in luksFormat if cipher format is missing required IV.

Browse Source 
For now, crypto API quietly used cipher witout IV if a cipher
algorithm wihtou IV specificaton was used (e.g. aes-xts).

This caused fail later during activation.

This patch allows only two specific backed use without specified IV
(ECB mode and NULL cipher).

Also check cipher string early during parsing of CLI options.
This commit is contained in:
Milan Broz
2018-01-18 21:20:25 +01:00
parent be417d6605
commit aeea93fa95
9 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/setup.c
View File

@@ -660,7 +660,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload)
}
r = crypt_parse_name_and_mode(LUKS2_get_cipher(&hdr2, CRYPT_DEFAULT_SEGMENT),
tmp_cipher, NULL, tmp_cipher_mode);
tmp_cipher, NULL, tmp_cipher_mode, 0);
if (r < 0) {
log_dbg("Cannot parse cipher and mode from loaded device.");
goto out;
@@ -971,7 +971,7 @@ static int _init_by_name_crypt_none(struct crypt_device *cd)
if (r >= 0)
r = crypt_parse_name_and_mode(dmd.u.crypt.cipher,
cd->u.none.cipher, NULL,
cd->u.none.cipher_mode);
cd->u.none.cipher_mode, 0);
if (!r)
cd->u.none.key_size = dmd.u.crypt.vk->keylength;
@@ -1043,7 +1043,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
goto out;
r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher,
&key_nums, cipher_mode);
&key_nums, cipher_mode, 0);
if (r < 0) {
log_dbg("Cannot parse cipher and mode from active device.");
goto out;