From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42396) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b88Vf-0001zo-QZ for qemu-devel@nongnu.org; Wed, 01 Jun 2016 11:56:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b88Vb-0007A4-Se for qemu-devel@nongnu.org; Wed, 01 Jun 2016 11:56:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50040) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b88Vb-00079y-JB for qemu-devel@nongnu.org; Wed, 01 Jun 2016 11:56:39 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2D24B8CF58 for ; Wed, 1 Jun 2016 15:56:38 +0000 (UTC) References: <1464796193-4656-1-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <574F05B5.50105@redhat.com> Date: Wed, 1 Jun 2016 09:56:37 -0600 MIME-Version: 1.0 In-Reply-To: <1464796193-4656-1-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OSNK9jdoXBLeo0So90GL9Ohqis9bJUf01" Subject: Re: [Qemu-devel] [PATCH] crypto: fix handling of iv generator hash defaults List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Paolo Bonzini This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OSNK9jdoXBLeo0So90GL9Ohqis9bJUf01 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/01/2016 09:49 AM, Daniel P. Berrange wrote: > When opening an existing LUKS volume, if the iv generator is > essiv, then the iv hash algorithm is mandatory to provide. We > must report an error if it is omitted in the cipher mode spec, > not silently default to hash 0 (md5). If the iv generator is > not essiv, then we explicitly ignore any iv hash algorithm, > rather than report an error, for compatibility with dm-crypt. >=20 > When creating a new LUKS volume, if the iv generator is essiv > and no iv hsah algorithm is provided, we should default to > using the sha256 hash. >=20 > Reported-by: Paolo Bonzini > Signed-off-by: Daniel P. Berrange > --- > crypto/block-luks.c | 21 ++++ > tests/qemu-iotests/149 | 12 +++ > tests/qemu-iotests/149.out | 240 +++++++++++++++++++++++++++++++++++++= ++++++++ > 3 files changed, 273 insertions(+) >=20 > @@ -904,6 +916,15 @@ qcrypto_block_luks_create(QCryptoBlock *block, > if (!luks_opts.has_hash_alg) { > luks_opts.hash_alg =3D QCRYPTO_HASH_ALG_SHA256; > } > + if (luks_opts.ivgen_alg =3D=3D QCRYPTO_IVGEN_ALG_ESSIV) { > + if (!luks_opts.has_ivgen_hash_alg) { > + luks_opts.ivgen_hash_alg =3D QCRYPTO_HASH_ALG_SHA256; > + luks_opts.has_ivgen_hash_alg =3D true; > + } > + } > + /* Note we're allowing ivgen_has_alg to be set even for s/has_/hash_/ Simple fix, so: Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --OSNK9jdoXBLeo0So90GL9Ohqis9bJUf01 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXTwW1AAoJEKeha0olJ0NqHNUH/jJDOewPM8ekfAbkm3Ri3NMB ur/qmZsW74PsdTr14sQTRjatft+itpWU7lSX+jtd66C6NjFMR/l03N3WjXMwlF0n XO00twfWE2n7gBsz1jfDeTfGkencrrqXGjc6Yc0PsOD7J5gExulgIvrsCfQZdtuZ eZFQtHayc/bZiGK1I6zv6N9zAHPckCLbxcK8HcwREvvUq+8Hdk3t/SGF3AvMQPCY 5N+do5GlRYvqAq+2ro9Wqa7HbEx7oUbsuk1MeIR5bczvkd9b3Kx+LmibWfhxPnxk TXztIHrOKIi5HVLRAB8qTt1fsZ0dBe88QEuW0zji41GHoP0Vxr1aX8PyvsooPDI= =uU+d -----END PGP SIGNATURE----- --OSNK9jdoXBLeo0So90GL9Ohqis9bJUf01--