From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Mon, 24 Nov 2014 14:11:12 +0000 (-0500)
Subject: cryptsetup: default to no hash when keyfile is specified
X-Git-Tag: v218~384
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=8a52210c9392887a31fdb2845f65b4c5869e8e66;ds=sidebyside

cryptsetup: default to no hash when keyfile is specified

For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.

https://bugs.freedesktop.org/show_bug.cgi?id=52630
---

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 94570eb82..b9e67fa63 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -400,7 +400,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                         /* plain isn't a real hash type. it just means "use no hash" */
                         if (!streq(arg_hash, "plain"))
                                 params.hash = arg_hash;
-                } else
+                } else if (!key_file)
+                        /* for CRYPT_PLAIN, the behaviour of cryptsetup
+                         * package is to not hash when a key file is provided */
                         params.hash = "ripemd160";
 
                 if (arg_cipher) {