mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
438cf1d1b3
The common way to specify cipher mode in cryptsetup is to use cipher-mode-iv notation (like aes-xts-plain64). With introduction of authenticated ciphers we also allow "capi:<spec>" notation that is directly used by dm-crypt (e.g. capi:xts(aes)-plain64). CAPI specification was never intended to be used with internal kernel crypto api names (with dash in algorithm name), actually the whole parsing routine wrongly parses mode here now. The code not checks if parsing wrongly separated the full cipher string and effectively allowing only proper cipher names (example of no longer supported string is capi:xts(ecb(aes-generic))-plain64). Thanks to Jan Wichelmann, Luca Wilke and Thomas Eisenbarth from University of Lübeck for noticing the problems with this code. Fixes: #809
9.0 KiB
9.0 KiB