[pkg-cryptsetup-devel] Bug#901884: Bug#901884: (no subject)
Guilhem Moulin
guilhem at debian.org
Wed Jun 20 16:20:34 BST 2018
On Wed, 20 Jun 2018 at 06:42:03 +0000, 901884 at chiru.no wrote:
> This line:
> blockcipher="$(printf '%s' "$value" | cut -d':' -f1 | cut -d'-' -f1)"
> should be:
> blockcipher="$(printf '%s' "$value" | cut -d':' -f1 | cut -d'-' -f2)"
That's indeed the regression, causing modules required for the cipher
mode not to be included to the initrd, for instance with AES-XTS on CPUs
lacking the AES-NI instruction set.
But it's wasn't the only problem with that code. Looking closer at the
specs [0], the mapping table format for crypt target prints the cipher
specifications in the following format
cipher[:keycount]-chainmode-ivmode[:ivopts]
or (since linux 4.12)
capi:cipher_api_spec-ivmode[:ivopts]
Determining the cipher/mode/IV to use in the first format when a
keycount is present, such as "aes:64-cbc-lmk", or in the second format,
such as "capi:xts(aes)-plain64", was already broken in <2:2.0.3-2. The
former is now fixed, for the latter a warning is now displayed.
--
Guilhem.
[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/device-mapper/dm-crypt.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180620/b8a767a7/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list