forked from pool/s390-tools
a7f8ed0265
Lots of features implemented for SLES15 SP1. OBS-URL: https://build.opensuse.org/request/show/648783 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=57
48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
Subject: zkey: Fix generate and import leaving key in an inconsistent state
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
Summary: zkey: Support CCA master key change with LUKS2 volumes using paes
|
|
Description: Support the usage of protected key crypto for dm-crypt disks in
|
|
LUKS2 format by providing a tool allowing to re-encipher a
|
|
secure LUKS2 volume key when the CCA master key is changed
|
|
Upstream-ID: 672548ce30f61e94c8465a560a54a4a8fe568c06
|
|
Problem-ID: SEC1424.1
|
|
|
|
Upstream-Description:
|
|
|
|
zkey: Fix generate and import leaving key in an inconsistent state
|
|
|
|
When a volume or APQN association is made while generating or
|
|
importing a key, and a duplicate association is detected, then
|
|
this may leave the key in an inconsistent state.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
|
|
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
zkey/keystore.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
--- a/zkey/keystore.c
|
|
+++ b/zkey/keystore.c
|
|
@@ -1534,7 +1534,7 @@ int keystore_generate_key(struct keystor
|
|
out_free_props:
|
|
if (key_props != NULL)
|
|
properties_free(key_props);
|
|
- if (rc != 0 && rc != -EEXIST)
|
|
+ if (rc != 0)
|
|
remove(file_names.skey_filename);
|
|
out_free_key_filenames:
|
|
_keystore_free_key_filenames(&file_names);
|
|
@@ -1617,7 +1617,7 @@ int keystore_import_key(struct keystore
|
|
out_free_props:
|
|
if (key_props != NULL)
|
|
properties_free(key_props);
|
|
- if (rc != 0 && rc != -EEXIST)
|
|
+ if (rc != 0)
|
|
remove(file_names.skey_filename);
|
|
out_free_key_filenames:
|
|
_keystore_free_key_filenames(&file_names);
|