eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow null cipher for LUKS2 keyslot even in conversion.

Browse Source
This commit is contained in:
Milan Broz
2025-05-29 15:39:28 +02:00
parent 8d7ee84006
commit b81c84bd8f
4 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/luks2/luks2_keyslot.c
View File

@@ -175,6 +175,9 @@ int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *ciphe
if (!strncmp(cipher_spec, "capi:", 5))
return 1;
if (crypt_is_cipher_null(cipher_spec))
return 1;
if (crypt_parse_name_and_mode(cipher_spec, cipher, NULL, cipher_mode) < 0)
return 1;

2
lib/luks2/luks2_luks1_convert.c
View File

@@ -596,7 +596,7 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
if (r < 0 || (size_t)r >= sizeof(cipher_spec))
return -EINVAL;
if (LUKS2_keyslot_cipher_incompatible(cd, cipher_spec)) {
log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2."),
log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2 keyslot."),
hdr1->cipherName, hdr1->cipherMode);
return -EINVAL;
}