From af8c53a8233fcf2f5e8dcbd02287c3b62b866445 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Wed, 1 Nov 2023 12:53:16 +0100
Subject: [PATCH] Move LUKS2 legacy reencryption flag check.

There's already routine meant for verification if LUKS2
can be reencrypted. So move the appropriate code there instead.
---
 src/utils_reencrypt.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c
index b283402d..9b044118 100644
--- a/src/utils_reencrypt.c
+++ b/src/utils_reencrypt.c
@@ -349,11 +349,6 @@ static int luks2_reencrypt_in_progress(struct crypt_device *cd)
 	if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags))
 		return -EINVAL;
 
-	if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
-		log_err(_("Legacy LUKS2 reencryption is no longer supported."));
-		return -EINVAL;
-	}
-
 	return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
 }
 
@@ -411,8 +406,17 @@ static enum device_status_info load_luks(struct crypt_device **r_cd,
 
 static bool luks2_reencrypt_eligible(struct crypt_device *cd)
 {
+	uint32_t flags;
 	struct crypt_params_integrity ip = { 0 };
 
+	if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags))
+		return false;
+
+	if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
+		log_err(_("Legacy LUKS2 reencryption is no longer supported."));
+		return false;
+	}
+
 	/* raw integrity info is available since 2.0 */
 	if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) {
 		log_err(_("Reencryption of device with integrity profile is not supported."));