SHA256
1
0
forked from pool/s390-tools
s390-tools/s390-tools-sles15sp1-0014-zkey-Fix-generate-and-import-leaving-key-in-an-incon.patch

48 lines
1.7 KiB
Diff
Raw Normal View History

Subject: zkey: Fix generate and import leaving key in an inconsistent state
From: Ingo Franzki <ifranzki@linux.ibm.com>
Summary: zkey: Support CCA master key change with LUKS2 volumes using paes
Description: Support the usage of protected key crypto for dm-crypt disks in
LUKS2 format by providing a tool allowing to re-encipher a
secure LUKS2 volume key when the CCA master key is changed
Upstream-ID: 672548ce30f61e94c8465a560a54a4a8fe568c06
Problem-ID: SEC1424.1
Upstream-Description:
zkey: Fix generate and import leaving key in an inconsistent state
When a volume or APQN association is made while generating or
importing a key, and a duplicate association is detected, then
this may leave the key in an inconsistent state.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/keystore.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/zkey/keystore.c
+++ b/zkey/keystore.c
@@ -1534,7 +1534,7 @@ int keystore_generate_key(struct keystor
out_free_props:
if (key_props != NULL)
properties_free(key_props);
- if (rc != 0 && rc != -EEXIST)
+ if (rc != 0)
remove(file_names.skey_filename);
out_free_key_filenames:
_keystore_free_key_filenames(&file_names);
@@ -1617,7 +1617,7 @@ int keystore_import_key(struct keystore
out_free_props:
if (key_props != NULL)
properties_free(key_props);
- if (rc != 0 && rc != -EEXIST)
+ if (rc != 0)
remove(file_names.skey_filename);
out_free_key_filenames:
_keystore_free_key_filenames(&file_names);