projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c126c8a) | patch
cryptsetup: do not assert when unsealing token without salt
authorLuca Boccassi <bluca@debian.org>
Wed, 15 Feb 2023 00:44:01 +0000 (00:44 +0000)
committerLuca Boccassi <luca.boccassi@gmail.com>
Wed, 15 Feb 2023 18:01:28 +0000 (18:01 +0000)
commit504d0acf61c8472bc93c2a927e858074873b2eaf
tree7b06a1c427598a7aaa145b134f3b1da67d7e1766tree | snapshot
parentc126c8ac81f849ccf5214ff3f90c416b6bbad71fcommit | diff
cryptsetup: do not assert when unsealing token without salt

Salt was added in v253. We are not checking whether it was actually found
(non-zero size), so when an old tpm+pin enrollment is opened things go boom.
For good measure, check both the buffer and the size in both places.

Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c diff | blob | history
src/cryptsetup/cryptsetup-tpm2.c diff | blob | history
src/shared/tpm2-util.c diff | blob | history
https://github.com/systemd/systemd.git