OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

crypto: enforce that LUKS stripes is always a fixed value

Browse Source 
Although the LUKS stripes are encoded in the keyslot header and so
potentially configurable, in pratice the cryptsetup impl mandates
this has the fixed value 4000. To avoid incompatibility apply the
same enforcement in QEMU too. This also caps the memory usage for
key material when QEMU tries to open a LUKS volume.

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2022-05-10 14:27:33 +01:00
parent c1d8634c20
commit f1195961f3
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/block-luks.c
View File

@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
header_sectors,
slot1->stripes);
if (slot1->stripes == 0) {
error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) {
error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)",
i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES);
return -1;
}