diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/block-luks.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 63649f1091..fcf3b040e4 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -776,6 +776,11 @@ qcrypto_block_luks_open(QCryptoBlock *block, } if (ivalg == QCRYPTO_IVGEN_ALG_ESSIV) { + if (!ivhash_name) { + ret = -EINVAL; + error_setg(errp, "Missing IV generator hash specification"); + goto fail; + } ivcipheralg = qcrypto_block_luks_essiv_cipher(cipheralg, ivhash, &local_err); @@ -785,6 +790,13 @@ qcrypto_block_luks_open(QCryptoBlock *block, goto fail; } } else { + /* Note we parsed the ivhash_name earlier in the cipher_mode + * spec string even with plain/plain64 ivgens, but we + * will ignore it, since it is irrelevant for these ivgens. + * This is for compat with dm-crypt which will silently + * ignore hash names with these ivgens rather than report + * an error about the invalid usage + */ ivcipheralg = cipheralg; } @@ -904,6 +916,15 @@ qcrypto_block_luks_create(QCryptoBlock *block, if (!luks_opts.has_hash_alg) { luks_opts.hash_alg = QCRYPTO_HASH_ALG_SHA256; } + if (luks_opts.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) { + if (!luks_opts.has_ivgen_hash_alg) { + luks_opts.ivgen_hash_alg = QCRYPTO_HASH_ALG_SHA256; + luks_opts.has_ivgen_hash_alg = true; + } + } + /* Note we're allowing ivgen_hash_alg to be set even for + * non-essiv iv generators that don't need a hash. It will + * be silently ignored, for compatibility with dm-crypt */ if (!options->u.luks.key_secret) { error_setg(errp, "Parameter 'key-secret' is required for cipher"); |