[systemd-devel] [systemd-commits] src/cryptsetup

Quentin Lefebvre qlefebvre_pro at yahoo.com
Mon Nov 24 09:44:25 PST 2014


Hi,

I tested your patch and actually it doesn't solve the bug.
For example, if "hash=sha512" is provided in /etc/crypttab, the first > 
                           if (!streq(arg_hash, "plain"))
is true, and the
 > +                } else if (!key_file)
is not reached.

So I suggest rewriting the patch, or applying my original patch, that is 
maybe less elegant, but has both advantages to work and be easily readable.

Best regards,
Quentin

On 24/11/2014 15:14, Zbigniew Jędrzejewski-Szmek wrote :
>   src/cryptsetup/cryptsetup.c |    4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
>
> New commits:
> commit 8a52210c9392887a31fdb2845f65b4c5869e8e66
> Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> Date:   Mon Nov 24 09:11:12 2014 -0500
>
>      cryptsetup: default to no hash when keyfile is specified
>
>      For plain dm-crypt devices, the behavior of cryptsetup package is to
>      ignore the hash algorithm when a key file is provided. It seems wrong
>      to ignore a hash when it is explicitly specified, but we should default
>      to no hash if the keyfile is specified.
>
>      https://bugs.freedesktop.org/show_bug.cgi?id=52630
>
> diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
> index 94570eb..b9e67fa 100644
> --- a/src/cryptsetup/cryptsetup.c
> +++ b/src/cryptsetup/cryptsetup.c
> @@ -400,7 +400,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
>                           /* plain isn't a real hash type. it just means "use no hash" */
>                           if (!streq(arg_hash, "plain"))
>                                   params.hash = arg_hash;
> -                } else
> +                } else if (!key_file)
> +                        /* for CRYPT_PLAIN, the behaviour of cryptsetup
> +                         * package is to not hash when a key file is provided */
>                           params.hash = "ripemd160";
>
>                   if (arg_cipher) {
>
>
>
> _______________________________________________
> systemd-commits mailing list
> systemd-commits at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-commits
>



More information about the systemd-devel mailing list