systemd/0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch

29 lines
1.3 KiB
Diff

Based on 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 24 Nov 2014 09:11:12 -0500
Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.
https://bugs.freedesktop.org/show_bug.cgi?id=52630
---
src/cryptsetup/cryptsetup.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- src/cryptsetup/cryptsetup.c
+++ src/cryptsetup/cryptsetup.c 2014-12-15 12:00:17.554019752 +0000
@@ -386,7 +386,9 @@ static int attach_luks_or_plain(struct c
/* plain isn't a real hash type. it just means "use no hash" */
if (!streq(opt_hash, "plain"))
params.hash = opt_hash;
- } else
+ } else if (!key_file)
+ /* for CRYPT_PLAIN, the behaviour of cryptsetup
+ * package is to not hash when a key file is provided */
params.hash = "ripemd160";
if (opt_cipher) {