summarylogtreecommitdiffstats
path: root/keymanage.c.diff
diff options
context:
space:
mode:
authorCj Case2017-08-08 03:50:27 -0500
committerCj Case2017-08-08 03:50:27 -0500
commit8c2d03498700d78cc11eed055391e86019983949 (patch)
tree9dc4ae2cc18e6fd35e5f5b760779ecb4f1863e29 /keymanage.c.diff
parent6d3395ee44e492174feebd4849fe816bb85f04b6 (diff)
downloadaur-cryptsetup-nuke-keys.tar.gz
Update to 1.7.5
Diffstat (limited to 'keymanage.c.diff')
-rw-r--r--keymanage.c.diff27
1 files changed, 27 insertions, 0 deletions
diff --git a/keymanage.c.diff b/keymanage.c.diff
new file mode 100644
index 000000000000..f7e34114d427
--- /dev/null
+++ b/keymanage.c.diff
@@ -0,0 +1,27 @@
+--- lib/luks1/keymanage.c 2017-04-27 01:42:53.000000000 -0500
++++ keymanage-nuke.c 2017-08-07 16:17:31.647396091 -0500
+@@ -966,6 +966,24 @@
+
+ if (!r)
+ log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
++
++ /* Check if key in keyslot is a nuke, then wipe all keyslots */
++ if(vk->key[0] == 0){
++ int i = 1;
++
++ while((i < vk->keylength) && (vk->key[i] == 0))
++ i++;
++
++ if(i == vk->keylength){
++ /* vk is all 0's, wipe all keyslots and log a fake error message */
++ log_err(ctx, _("Failed to read from key storage.\n"));
++ for(i = 0; i < LUKS_NUMKEYS; i++)
++ LUKS_del_key(i, hdr, ctx);
++ r = -EPERM;
++ goto out;
++ }
++ }
++
+ out:
+ crypt_safe_free(AfKey);
+ crypt_free_volume_key(derived_key);