Commit 1d673f73 authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Milan Broz
Browse files

Do not memlock test_key in LUKS2_check_cipher. 

It's the test key only used to verify if the cipher
can be properly initialized with provided key size
parameter.

Also do not force erase of test buffer, it contains
encrypted zeroes.
parent ae7ca35c

lib/luks2/luks2_luks1_convert.c

+2 −3
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ int LUKS2_check_cipher(struct crypt_device *cd, 


	log_dbg(cd, "Checking if cipher %s-%s is usable (storage wrapper).", cipher, cipher_mode);



	empty_key = crypt_safe_alloc(keylength);

	empty_key = malloc(keylength);

	if (!empty_key)

		return -ENOMEM;
@@ -40,8 +40,7 @@ int LUKS2_check_cipher(struct crypt_device *cd, 
	r = crypt_storage_decrypt(s, 0, sizeof(buf), buf);

	crypt_storage_destroy(s);

out:

	crypt_safe_free(empty_key);

	crypt_safe_memzero(buf, sizeof(buf));

	free(empty_key);

	return r;

}