forked from pool/s390-tools
48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
|
Subject: zkey: Fix generate and import leaving key in an inconsistent state
|
||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
|
||
|
Summary: zkey: Support CCA master key change with LUKS2 volumes using paes
|
||
|
Description: Support the usage of protected key crypto for dm-crypt disks in
|
||
|
LUKS2 format by providing a tool allowing to re-encipher a
|
||
|
secure LUKS2 volume key when the CCA master key is changed
|
||
|
Upstream-ID: 672548ce30f61e94c8465a560a54a4a8fe568c06
|
||
|
Problem-ID: SEC1424.1
|
||
|
|
||
|
Upstream-Description:
|
||
|
|
||
|
zkey: Fix generate and import leaving key in an inconsistent state
|
||
|
|
||
|
When a volume or APQN association is made while generating or
|
||
|
importing a key, and a duplicate association is detected, then
|
||
|
this may leave the key in an inconsistent state.
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
|
||
|
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
---
|
||
|
zkey/keystore.c | 4 ++--
|
||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
||
|
--- a/zkey/keystore.c
|
||
|
+++ b/zkey/keystore.c
|
||
|
@@ -1534,7 +1534,7 @@ int keystore_generate_key(struct keystor
|
||
|
out_free_props:
|
||
|
if (key_props != NULL)
|
||
|
properties_free(key_props);
|
||
|
- if (rc != 0 && rc != -EEXIST)
|
||
|
+ if (rc != 0)
|
||
|
remove(file_names.skey_filename);
|
||
|
out_free_key_filenames:
|
||
|
_keystore_free_key_filenames(&file_names);
|
||
|
@@ -1617,7 +1617,7 @@ int keystore_import_key(struct keystore
|
||
|
out_free_props:
|
||
|
if (key_props != NULL)
|
||
|
properties_free(key_props);
|
||
|
- if (rc != 0 && rc != -EEXIST)
|
||
|
+ if (rc != 0)
|
||
|
remove(file_names.skey_filename);
|
||
|
out_free_key_filenames:
|
||
|
_keystore_free_key_filenames(&file_names);
|