diff options
author | Cj Case | 2017-08-08 03:50:27 -0500 |
---|---|---|
committer | Cj Case | 2017-08-08 03:50:27 -0500 |
commit | 8c2d03498700d78cc11eed055391e86019983949 (patch) | |
tree | 9dc4ae2cc18e6fd35e5f5b760779ecb4f1863e29 /keymanage.c.diff | |
parent | 6d3395ee44e492174feebd4849fe816bb85f04b6 (diff) | |
download | aur-cryptsetup-nuke-keys.tar.gz |
Update to 1.7.5
Diffstat (limited to 'keymanage.c.diff')
-rw-r--r-- | keymanage.c.diff | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/keymanage.c.diff b/keymanage.c.diff new file mode 100644 index 000000000000..f7e34114d427 --- /dev/null +++ b/keymanage.c.diff @@ -0,0 +1,27 @@ +--- lib/luks1/keymanage.c 2017-04-27 01:42:53.000000000 -0500 ++++ keymanage-nuke.c 2017-08-07 16:17:31.647396091 -0500 +@@ -966,6 +966,24 @@ + + if (!r) + log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex); ++ ++ /* Check if key in keyslot is a nuke, then wipe all keyslots */ ++ if(vk->key[0] == 0){ ++ int i = 1; ++ ++ while((i < vk->keylength) && (vk->key[i] == 0)) ++ i++; ++ ++ if(i == vk->keylength){ ++ /* vk is all 0's, wipe all keyslots and log a fake error message */ ++ log_err(ctx, _("Failed to read from key storage.\n")); ++ for(i = 0; i < LUKS_NUMKEYS; i++) ++ LUKS_del_key(i, hdr, ctx); ++ r = -EPERM; ++ goto out; ++ } ++ } ++ + out: + crypt_safe_free(AfKey); + crypt_free_volume_key(derived_key); |