Commit 16ad14d2 authored by Milan Broz's avatar Milan Broz

Check if requested hash is supported before writing LUKS header.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@331 36d66b0a-2a48-0410-832c-cd162a569da5
parent b117dcc2
......@@ -4,6 +4,7 @@
* Switch to 1MiB default alignment of data.
For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
* Check if requested hash is supported before writing LUKS header.
2010-07-28 Arno Wagner <arno@wagner.name>
* Add FAQ (Frequently Asked Questions) file to distribution.
......
......@@ -439,6 +439,11 @@ int LUKS_generate_phdr(struct luks_phdr *header,
if (alignPayload == 0)
alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
if (PBKDF2_HMAC_ready(hashSpec) < 0) {
log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
return -EINVAL;
}
memset(header,0,sizeof(struct luks_phdr));
/* Set Magic */
......
......@@ -140,7 +140,8 @@ For \fIluksFormat\fR action specifies hash used in LUKS key setup scheme and vol
\fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device incompatible with older version of cryptsetup.
The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported.
The hash string is passed to libgcrypt, so all hash algorithms are supported
(for \fIluksFormat\fR algorithm must provide at least 20 byte long hash).
Default is set during compilation, compatible values with old version of cryptsetup are
\fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
......
......@@ -761,6 +761,10 @@ static void NonFIPSAlg(void)
}
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
params.hash = "md5";
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params),
"MD5 unsupported, too short");
crypt_free(cd);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment