From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1oEney-0005vH-GN
	for mharc-grub-devel@gnu.org; Fri, 22 Jul 2022 04:05:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34256)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1oEnen-0005uM-Qd
 for grub-devel@gnu.org; Fri, 22 Jul 2022 04:05:12 -0400
Received: from mail-qt1-x82b.google.com ([2607:f8b0:4864:20::82b]:39475)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1oEnel-0008FZ-Tc
 for grub-devel@gnu.org; Fri, 22 Jul 2022 04:05:09 -0400
Received: by mail-qt1-x82b.google.com with SMTP id r24so3011340qtx.6
 for <grub-devel@gnu.org>; Fri, 22 Jul 2022 01:05:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=efficientek-com.20210112.gappssmtp.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=zIgpHuowdVQEtCScav72Knlo5gtBW7alKJHdKCYdlOo=;
 b=StzTBmaSi8p7CHQqXWkWjb9V/sY2d4jt77ApEqJ9fXK+oVYqf2v58KENNACNgoKkmN
 kEVmDbp/Q6qEQPId++2puIt1X3qbH3yKlhsMct24tWcNWstAUy2zF/U4HNlTE7uHgk7p
 giNtJpRSyG2rHQZlYa+MI0/q8gJar1eYN0sSmPhDU+GeUiLX+lt1Z/SG1OaT7m0zyWfC
 ud5VNCJQwLQBRlvYuI4Gk86wodVSfJFbjIZsxtzCnxdBuKlB/COyq6p0IBxukCqvVp5+
 9mtuqHYoBREbFn8yli78X0gTwprpm/1y6294toV6X6BrhcIJUnRc+x6+ONMTKbJEmtdA
 q0fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=zIgpHuowdVQEtCScav72Knlo5gtBW7alKJHdKCYdlOo=;
 b=sI1goPPb3eY+ywOmQkkKOjGpgePL3O91e2ZYxnIjrGcqEzuquOjQ6w3+VmGDsSNOZq
 cx8BqEfXM5nxfT3lg+9zqXamvv1lpDrCYvcsaSDsTRwiHCjxrfza7EFQ6bCZesJJmq1G
 vDKILz3dveX0JozCTsCVABT8MSBu+gfzb0wBVTlD1gSmu0WHnikRUdb4nTUskvTWYwv7
 usC3X3EhbIEyV1/AdhzzF5fuaZs/IygFN6rCQnZ14bgoLVXHKDm8DTp81f1PIZI9a21k
 7RndYcj3LzelWpDRcr75+eSm2qO90C/uBF+3yys8StRnW5s6HDeiH5HVzFI6jtOWzQS1
 L+Mw==
X-Gm-Message-State: AJIora9yiFXZvaNLWJRlFgN7wdZigS+SwPusEP6qNn/Fl6U0ZURDKnko
 edNgmOFocTTKJ2EZRBWbjuW0wnFlVAtpoQ==
X-Google-Smtp-Source: AGRyM1u7zSdo3E8+J1A9LW52xPyVkeXd+wGvDHd7yVb6EgE06FQEzRb8b7R68welVWK17/TS+nfptw==
X-Received: by 2002:a05:622a:1820:b0:31e:e8d0:3eb3 with SMTP id
 t32-20020a05622a182000b0031ee8d03eb3mr2133690qtc.74.1658477106582; 
 Fri, 22 Jul 2022 01:05:06 -0700 (PDT)
Received: from localhost.localdomain ([37.218.244.251])
 by smtp.gmail.com with ESMTPSA id
 y17-20020a37f611000000b006b5e50057basm2918070qkj.95.2022.07.22.01.05.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 22 Jul 2022 01:05:06 -0700 (PDT)
From: Glenn Washburn <development@efficientek.com>
To: grub-devel@gnu.org,
	Daniel Kiper <dkiper@net-space.pl>
Cc: Patrick Steinhardt <ps@pks.im>,
 Glenn Washburn <development@efficientek.com>
Subject: [PATCH] luks2: Continue trying all keyslots even if there are some
 failures
Date: Fri, 22 Jul 2022 03:04:50 -0500
Message-Id: <20220722080450.1289623-1-development@efficientek.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::82b;
 envelope-from=development@efficientek.com; helo=mail-qt1-x82b.google.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2022 08:05:14 -0000

luks2_get_keyslot can fail for a variety of reasons that do not neccesarily
mean the next keyslot should not be tried (eg. a new kdf type). So always
try the next slot. This will make GRUB more resilient to non-spec json data
that 3rd party systems may add. We do not care if some of the keyslots are
unusable, only if there is at least one that is.

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 grub-core/disk/luks2.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index bf741d70f..d8d3180ed 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source,
       grub_errno = GRUB_ERR_NONE;
       ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx);
       if (ret)
-	goto err;
+	{
+	  /*
+	   * luks2_get_keyslot can fail for a variety of reasons that do not
+	   * neccesarily mean the next keyslot should not be tried (eg. a new
+	   * kdf type). So always try the next slot.
+	   */
+	  grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T "\n", keyslot.idx);
+	  continue;
+	}
       if (grub_errno != GRUB_ERR_NONE)
 	  grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_get_keyslot\n", grub_errno);
 
-- 
2.34.1