From fee1d659cf7c8ec1df34041cde77e6a221736936 Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Thu, 5 Apr 2018 18:02:24 +0200 Subject: [PATCH] Fix wrong digest assignment to new LUKS2 (volume key) keyslot. All new LUKS2 keyslots added by passphrase or by volume key were assigned to digest 0 despite the fact segment was assigned to different digest. --- lib/luks2/luks2_digest.c | 4 ++-- lib/setup.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c index 5ecaf7dd..cfd333a3 100644 --- a/lib/luks2/luks2_digest.c +++ b/lib/luks2/luks2_digest.c @@ -135,7 +135,7 @@ int LUKS2_digest_verify(struct crypt_device *cd, return r; } - return 0; + return digest; } int LUKS2_digest_dump(struct crypt_device *cd, int digest) @@ -172,7 +172,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd, return r; } - return 0; + return digest; } int LUKS2_digest_by_segment(struct crypt_device *cd, diff --git a/lib/setup.c b/lib/setup.c index 9fb5ad26..b4813712 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -3164,6 +3164,8 @@ int crypt_activate_by_volume_key(struct crypt_device *cd, r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); if (r == -EPERM || r == -ENOENT) log_err(cd, _("Volume key does not match the volume.\n")); + if (r > 0) + r = 0; if (!r && (name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && crypt_use_keyring_for_vk(cd)) {