[systemd-devel] [systemd-commits] src/cryptsetup
Quentin Lefebvre
qlefebvre_pro at yahoo.com
Mon Nov 24 09:44:25 PST 2014
Hi,
I tested your patch and actually it doesn't solve the bug.
For example, if "hash=sha512" is provided in /etc/crypttab, the first >
if (!streq(arg_hash, "plain"))
is true, and the
> + } else if (!key_file)
is not reached.
So I suggest rewriting the patch, or applying my original patch, that is
maybe less elegant, but has both advantages to work and be easily readable.
Best regards,
Quentin
On 24/11/2014 15:14, Zbigniew Jędrzejewski-Szmek wrote :
> src/cryptsetup/cryptsetup.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> New commits:
> commit 8a52210c9392887a31fdb2845f65b4c5869e8e66
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date: Mon Nov 24 09:11:12 2014 -0500
>
> cryptsetup: default to no hash when keyfile is specified
>
> For plain dm-crypt devices, the behavior of cryptsetup package is to
> ignore the hash algorithm when a key file is provided. It seems wrong
> to ignore a hash when it is explicitly specified, but we should default
> to no hash if the keyfile is specified.
>
> https://bugs.freedesktop.org/show_bug.cgi?id=52630
>
> diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
> index 94570eb..b9e67fa 100644
> --- a/src/cryptsetup/cryptsetup.c
> +++ b/src/cryptsetup/cryptsetup.c
> @@ -400,7 +400,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
> /* plain isn't a real hash type. it just means "use no hash" */
> if (!streq(arg_hash, "plain"))
> params.hash = arg_hash;
> - } else
> + } else if (!key_file)
> + /* for CRYPT_PLAIN, the behaviour of cryptsetup
> + * package is to not hash when a key file is provided */
> params.hash = "ripemd160";
>
> if (arg_cipher) {
>
>
>
> _______________________________________________
> systemd-commits mailing list
> systemd-commits at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-commits
>
More information about the systemd-devel
mailing list