chiark / gitweb /
cryptsetup: default to no hash when keyfile is specified
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 24 Nov 2014 14:11:12 +0000 (09:11 -0500)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 24 Nov 2014 14:14:18 +0000 (09:14 -0500)
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.

https://bugs.freedesktop.org/show_bug.cgi?id=52630

src/cryptsetup/cryptsetup.c

index 94570eb..b9e67fa 100644 (file)
@@ -400,7 +400,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                         /* plain isn't a real hash type. it just means "use no hash" */
                         if (!streq(arg_hash, "plain"))
                                 params.hash = arg_hash;
                         /* plain isn't a real hash type. it just means "use no hash" */
                         if (!streq(arg_hash, "plain"))
                                 params.hash = arg_hash;
-                } else
+                } else if (!key_file)
+                        /* for CRYPT_PLAIN, the behaviour of cryptsetup
+                         * package is to not hash when a key file is provided */
                         params.hash = "ripemd160";
 
                 if (arg_cipher) {
                         params.hash = "ripemd160";
 
                 if (arg_cipher) {