eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix activation of LUKS2 with capi format cipher and kernel crypt name.

Browse Source 
While activation of internal cipher algorithms (like aes-generic)
is disallowed, some old LUKS2 images can still use it.

Check the cipher in activate call, but allow to load LUKS2 metadata.
This can allow to add repair code easily and also allow luksDump.

Also fix segfault in reencrypt code for such a header.

Fixes: #820
This commit is contained in:
Milan Broz
2023-06-25 23:32:13 +02:00
parent 1f01eea60e
commit b8711faf92
5 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/luks2/luks2_json_metadata.c
View File

@@ -2605,6 +2605,11 @@ int LUKS2_activate(struct crypt_device *cd,
if ((r = LUKS2_unmet_requirements(cd, hdr, 0, 0)))
return r;
/* Check that cipher is in compatible format */
if (!crypt_get_cipher(cd)) {
log_err(cd, _("No known cipher specification pattern detected in LUKS2 header."));
return -EINVAL;
}
r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd),
crypt_get_data_offset(cd), crypt_get_integrity(cd) ?: "none",