From 047db2a1daaecfe54aa8d87c546b750f1c4f127f Mon Sep 17 00:00:00 2001 From: Packit Service Date: Feb 24 2021 15:56:21 +0000 Subject: Apply patch cryptsetup-2.3.4-fix-crypto-backend-to-properly-handle-ECB-mode.patch patch_name: cryptsetup-2.3.4-fix-crypto-backend-to-properly-handle-ECB-mode.patch present_in_specfile: true --- diff --git a/lib/crypto_backend/crypto_storage.c b/lib/crypto_backend/crypto_storage.c index 846f17c..fffdca5 100644 --- a/lib/crypto_backend/crypto_storage.c +++ b/lib/crypto_backend/crypto_storage.c @@ -63,7 +63,7 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx, memset(ctx, 0, sizeof(*ctx)); ctx->iv_size = crypt_cipher_ivsize(cipher_name, mode_name); - if (ctx->iv_size < 8) + if (ctx->iv_size < 0 || (strcmp(mode_name, "ecb") && ctx->iv_size < 8)) return -ENOENT; if (!strcmp(cipher_name, "cipher_null") || diff --git a/tests/compat-test2 b/tests/compat-test2 index fd8d6f0..beff9b4 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -1017,5 +1017,14 @@ echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +prepare "[42] Some encryption compatibility mode tests" wipe +CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64" +key_size=256 +for cipher in $CIPHERS ; do + echo -n "[$cipher/$key_size]" + $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail +done +echo + remove_mapping exit 0