rpms / clevis

Clone
Source Code
GIT

Blame SOURCES/0004-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   0004-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch
Blob History Raw
cee3b6 
From 76ad9b21b61627a728bc9499821cf8e09446725d Mon Sep 17 00:00:00 2001
cee3b6 
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
cee3b6 
Date: Thu, 21 Oct 2021 13:58:52 +0200
cee3b6 
Subject: [PATCH 4/4] luks: explicitly specify pbkdf iterations to cryptsetup
cee3b6
cee3b6 
This fixes an Out of memory error when the system has not much memory,
cee3b6 
such as a VM configured with 2GB currently being installed through the
cee3b6 
network (hence having ~1GB free memory only).
cee3b6 
See RHBZ #1979256 (https://bugzilla.redhat.com/show_bug.cgi?id=1979256).
cee3b6 
---
cee3b6 
 src/luks/clevis-luks-common-functions.in | 7 ++++++-
cee3b6 
 1 file changed, 6 insertions(+), 1 deletion(-)
cee3b6
cee3b6 
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
cee3b6 
index d53d2ab..360eb7e 100644
cee3b6 
--- a/src/luks/clevis-luks-common-functions.in
cee3b6 
+++ b/src/luks/clevis-luks-common-functions.in
cee3b6 
@@ -760,10 +760,12 @@ clevis_luks_add_key() {
cee3b6 
         extra_args="$(printf -- '--key-file %s' "${KEYFILE}")"
cee3b6 
         input="$(printf '%s' "${NEWKEY}")"
cee3b6 
     fi
cee3b6 
+    local pbkdf_args="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
cee3b6
cee3b6 
     printf '%s' "${input}" | cryptsetup luksAddKey --batch-mode \
cee3b6 
                                          --key-slot "${SLT}" \
cee3b6 
                                          "${DEV}" \
cee3b6 
+                                         ${pbkdf_args} \
cee3b6 
                                          ${extra_args}
cee3b6 
 }
cee3b6
cee3b6 
@@ -792,11 +794,14 @@ clevis_luks_update_key() {
cee3b6 
         extra_args="$(printf -- '--key-file %s' "${KEYFILE}")"
cee3b6 
         input="$(printf '%s' "${NEWKEY}")"
cee3b6 
     fi
cee3b6 
+    local pbkdf_args="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
cee3b6
cee3b6 
     if [ -n "${in_place}" ]; then
cee3b6 
         printf '%s' "${input}" | cryptsetup luksChangeKey "${DEV}" \
cee3b6 
                                             --key-slot "${SLT}" \
cee3b6 
-                                            --batch-mode ${extra_args}
cee3b6 
+                                            --batch-mode \
cee3b6 
+                                            ${pbkdf_args} \
cee3b6 
+                                            ${extra_args}
cee3b6 
         return
cee3b6 
     fi
cee3b6
cee3b6 
--
cee3b6 
2.33.1
cee3b6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation