forked from pool/s390-tools
a7f8ed0265
Lots of features implemented for SLES15 SP1. OBS-URL: https://build.opensuse.org/request/show/648783 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=57
48 lines
1.5 KiB
Diff
48 lines
1.5 KiB
Diff
Subject: zkey: Fix APQN validation routine
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
Summary: zkey: Support CCA master key change with LUKS2 volumes using paes
|
|
Description: Support the usage of protected key crypto for dm-crypt disks in
|
|
LUKS2 format by providing a tool allowing to re-encipher a
|
|
secure LUKS2 volume key when the CCA master key is changed
|
|
Upstream-ID: 344965bd296f434ccbd9ad5b16427590b988d480
|
|
Problem-ID: SEC1424.1
|
|
|
|
Upstream-Description:
|
|
|
|
zkey: Fix APQN validation routine
|
|
|
|
When a zkey generate or change command is used to associate one
|
|
or multiple APQNs the command succeeds, but no key is generated
|
|
and no APQNs are associated, because the return code returned by
|
|
_keystore_apqn_check() is wrong.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
|
|
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
zkey/keystore.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
--- a/zkey/keystore.c
|
|
+++ b/zkey/keystore.c
|
|
@@ -986,6 +986,7 @@ static int _keystore_apqn_check(const ch
|
|
}
|
|
|
|
if (sscanf(apqn, "%x.%x", &card, &domain) != 2) {
|
|
+ warnx("the APQN '%s' is not valid", apqn);
|
|
rc = -EINVAL;
|
|
goto out;
|
|
}
|
|
@@ -1003,6 +1004,8 @@ static int _keystore_apqn_check(const ch
|
|
rc == -1 ? "not a CCA card" : "not online");
|
|
rc = -EIO;
|
|
goto out;
|
|
+ } else {
|
|
+ rc = 0;
|
|
}
|
|
|
|
out:
|