29 lines
1.3 KiB
Diff
29 lines
1.3 KiB
Diff
Based on 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Date: Mon, 24 Nov 2014 09:11:12 -0500
|
|
Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified
|
|
|
|
For plain dm-crypt devices, the behavior of cryptsetup package is to
|
|
ignore the hash algorithm when a key file is provided. It seems wrong
|
|
to ignore a hash when it is explicitly specified, but we should default
|
|
to no hash if the keyfile is specified.
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=52630
|
|
---
|
|
src/cryptsetup/cryptsetup.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
--- src/cryptsetup/cryptsetup.c
|
|
+++ src/cryptsetup/cryptsetup.c 2014-12-15 12:00:17.554019752 +0000
|
|
@@ -386,7 +386,9 @@ static int attach_luks_or_plain(struct c
|
|
/* plain isn't a real hash type. it just means "use no hash" */
|
|
if (!streq(opt_hash, "plain"))
|
|
params.hash = opt_hash;
|
|
- } else
|
|
+ } else if (!key_file)
|
|
+ /* for CRYPT_PLAIN, the behaviour of cryptsetup
|
|
+ * package is to not hash when a key file is provided */
|
|
params.hash = "ripemd160";
|
|
|
|
if (opt_cipher) {
|