On Tue, Sep 06, 2022 at 09:41:36AM +0100, Daniel P. Berrangé wrote:
> Richard pointed out that we didn't do all that much validation against
> bad parameters in the LUKS header metadata. This series adds a bunch
> more validation checks along with unit tests to demonstrate they are
> having effect against maliciously crafted headers.
>
> Daniel P. Berrangé (11):
> crypto: sanity check that LUKS header strings are NUL-terminated
> crypto: enforce that LUKS stripes is always a fixed value
> crypto: enforce that key material doesn't overlap with LUKS header
> crypto: validate that LUKS payload doesn't overlap with header
> crypto: strengthen the check for key slots overlapping with LUKS
> header
> crypto: check that LUKS PBKDF2 iterations count is non-zero
> crypto: split LUKS header definitions off into file
> crypto: split off helpers for converting LUKS header endianess
> crypto: quote algorithm names in error messages
> crypto: ensure LUKS tests run with GNUTLS crypto provider
> crypto: add test cases for many malformed LUKS header scenarios
>
> crypto/block-luks-priv.h | 143 ++++++++++++++++
> crypto/block-luks.c | 228 +++++++++++--------------
> tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++-
> 3 files changed, 542 insertions(+), 131 deletions(-)
> create mode 100644 crypto/block-luks-priv.h
I think there is one typo in a commit message, but for the series:
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW