eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-22 08:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Properly fail in luksFormat if cipher format is missing required IV.

Browse Source 
For now, crypto API quietly used cipher witout IV if a cipher
algorithm wihtou IV specificaton was used (e.g. aes-xts).

This caused fail later during activation.

This patch allows only two specific backed use without specified IV
(ECB mode and NULL cipher).

Also check cipher string early during parsing of CLI options.
This commit is contained in:
Milan Broz
2018-01-18 21:20:25 +01:00
parent be417d6605
commit aeea93fa95
9 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/cryptsetup_reencrypt.c
View File

@@ -579,9 +579,9 @@ static int backup_luks_headers(struct reenc_ctx *rc)
params2.sector_size = crypt_get_sector_size(cd);
if (opt_cipher) {
r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode, 1);
if (r < 0) {
log_err(_("No known cipher specification pattern detected.\n"));
log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
goto out;
}
}
@@ -647,9 +647,9 @@ static int backup_fake_header(struct reenc_ctx *rc)
opt_key_size = DEFAULT_LUKS1_KEYBITS;
if (opt_cipher) {
r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode, 1);
if (r < 0) {
log_err(_("No known cipher specification pattern detected.\n"));
log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
goto out;
}
}