From dbc094900f3de46bb9ef9250ae314c2b52e79297 Mon Sep 17 00:00:00 2001
Message-Id: <dbc094900f3de46bb9ef9250ae314c2b52e79297@dist-git>
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 25 Jul 2016 12:43:05 -0400
Subject: [PATCH] storage: Add extra failure condition for luks volume creation

https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Commit id '5e46d7d6' did not take into account that usage of a luks
volume will require usage of the master key encrypted passphrase for
a QEMU environment.  So rather than allow creation of something that
won't be usable, just fail the creation.

(cherry picked from commit 30d27f24d8ab262ad93b663002a0e1d5edf95fa0)
Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/storage/storage_backend.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index d0eaaf9..8faafa4 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -56,6 +56,7 @@
 #include "internal.h"
 #include "secret_conf.h"
 #include "secret_util.h"
+#include "vircrypto.h"
 #include "viruuid.h"
 #include "virstoragefile.h"
 #include "storage_backend.h"
@@ -1065,6 +1066,12 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,
                            _("no secret provided for luks encryption"));
             return -1;
         }
+        if (!virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("luks encryption usage requires encrypted "
+                             "secret generation to be supported"));
+            return -1;
+        }
     } else {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("volume encryption unsupported with format %s"), type);
-- 
2.9.2