From b3c05065801c723966a3e8d93c9b84e808ff38b9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 12:30:09 +0100
Subject: [PATCH] luks: Various fixes for Clang

With Clang:

luks.c:728:25: error: implicit conversion from enumeration type 'gnutls_digest_algorithm_t' to different enumeration type 'gnutls_mac_algorithm_t' [-Werror,-Wenum-conversion]
  r = gnutls_pbkdf2 (h->hash_alg, &key, &salt, ks->password_iterations,
      ~~~~~~~~~~~~~  ~~~^~~~~~~~
luks.c:764:25: error: implicit conversion from enumeration type 'gnutls_digest_algorithm_t' to different enumeration type 'gnutls_mac_algorithm_t' [-Werror,-Wenum-conversion]
  r = gnutls_pbkdf2 (h->hash_alg, &mkey, &msalt,
      ~~~~~~~~~~~~~  ~~~^~~~~~~~
luks.c:886:35: error: result of comparison of constant 18446744073709551615 with expression of type 'uint32_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
      if (ks->password_iterations > ULONG_MAX) {
          ~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~

Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
(cherry picked from commit 87d488ede9101a2effc71cd1851bf4a4caa521d2)
---
 filters/luks/luks.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/filters/luks/luks.c b/filters/luks/luks.c
index 706a9bd2..cc619698 100644
--- a/filters/luks/luks.c
+++ b/filters/luks/luks.c
@@ -693,6 +693,10 @@ key_material_length_in_sectors (struct handle *h, size_t i)
 static int
 try_passphrase_in_keyslot (nbdkit_next *next, struct handle *h, size_t i)
 {
+  /* I believe this is supposed to be safe, looking at the GnuTLS
+   * header file.
+   */
+  const gnutls_mac_algorithm_t mac = (gnutls_mac_algorithm_t) h->hash_alg;
   struct luks_keyslot *ks = &h->phdr.keyslot[i];
   size_t split_key_len;
   CLEANUP_FREE uint8_t *split_key = NULL;
@@ -725,7 +729,7 @@ try_passphrase_in_keyslot (nbdkit_next *next, struct handle *h, size_t i)
   }
 
   /* Hash the passphrase to make a possible masterkey. */
-  r = gnutls_pbkdf2 (h->hash_alg, &key, &salt, ks->password_iterations,
+  r = gnutls_pbkdf2 (mac, &key, &salt, ks->password_iterations,
                      masterkey, h->phdr.master_key_len);
   if (r != 0) {
     nbdkit_error ("gnutls_pbkdf2: %s", gnutls_strerror (r));
@@ -761,7 +765,7 @@ try_passphrase_in_keyslot (nbdkit_next *next, struct handle *h, size_t i)
   /* Check if the masterkey is correct by comparing hash of the
    * masterkey with LUKS header.
    */
-  r = gnutls_pbkdf2 (h->hash_alg, &mkey, &msalt,
+  r = gnutls_pbkdf2 (mac, &mkey, &msalt,
                      h->phdr.master_key_digest_iterations,
                      key_digest, LUKS_DIGESTSIZE);
   if (r != 0) {
@@ -883,11 +887,6 @@ luks_prepare (nbdkit_next *next, void *handle, int readonly)
                       "points beyond the end of the disk", i);
         return -1;
       }
-      if (ks->password_iterations > ULONG_MAX) {
-        nbdkit_error ("bad LUKSv1 header: key slot %zu "
-                      "iterations too large", i);
-        return -1;
-      }
       /*FALLTHROUGH*/
     case LUKS_KEY_DISABLED:
       break;
-- 
2.31.1