From 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 24 Nov 2014 09:11:12 -0500 Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630 --- src/cryptsetup/cryptsetup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 94570eb82d0..b9e67fa63ba 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -400,7 +400,9 @@ static int attach_luks_or_plain(struct crypt_device *cd, /* plain isn't a real hash type. it just means "use no hash" */ if (!streq(arg_hash, "plain")) params.hash = arg_hash; - } else + } else if (!key_file) + /* for CRYPT_PLAIN, the behaviour of cryptsetup + * package is to not hash when a key file is provided */ params.hash = "ripemd160"; if (arg_cipher) {