| commit | 8b7cdba386d55ecee2caa26973c1d6c31822e801 | |
| author | Daniel P. Berrange <berrange@redhat.com> | |
| Fri, 20 May 2016 16:43:44 +0000 (20 17:43 +0100) | ||
| committer | Daniel P. Berrange <berrange@redhat.com> | |
| Mon, 4 Jul 2016 09:46:59 +0000 (4 10:46 +0100) | ||
| tree | efac27c8a317697f3310a402e14fd5a40fd9490d | treesnapshot (tar.gz zip) |
| parent | 96b39d8327883094f52b0a3d3f25dba83d6d1d63 | commitdiff |
crypto: fix handling of iv generator hash defaults
When opening an existing LUKS volume, if the iv generator is
essiv, then the iv hash algorithm is mandatory to provide. We
must report an error if it is omitted in the cipher mode spec,
not silently default to hash 0 (md5). If the iv generator is
not essiv, then we explicitly ignore any iv hash algorithm,
rather than report an error, for compatibility with dm-crypt.
When creating a new LUKS volume, if the iv generator is essiv
and no iv hsah algorithm is provided, we should default to
using the sha256 hash.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When opening an existing LUKS volume, if the iv generator is
essiv, then the iv hash algorithm is mandatory to provide. We
must report an error if it is omitted in the cipher mode spec,
not silently default to hash 0 (md5). If the iv generator is
not essiv, then we explicitly ignore any iv hash algorithm,
rather than report an error, for compatibility with dm-crypt.
When creating a new LUKS volume, if the iv generator is essiv
and no iv hsah algorithm is provided, we should default to
using the sha256 hash.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
| crypto/block-luks.c | diffblobblamehistory | |
| tests/qemu-iotests/149 | diffblobblamehistory | |
| tests/qemu-iotests/149.out | diffblobblamehistory |