projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53bb1d9) | patch
ceph-volume: honour osd_dmcrypt_key_size option
authorGuillaume Abrioux <gabrioux@redhat.com>
Tue, 25 Jan 2022 09:25:53 +0000 (10:25 +0100)
committerBastien Roucariès <rouca@debian.org>
Sat, 21 Oct 2023 16:42:26 +0000 (17:42 +0100)
commite52038594e7aaf77371466c0d742c677d89f00ca
treec1ea355573fb2a792fe2e97e54e270bef3ab881atree | snapshot
parent53bb1d9dd639205e1efe102ef72f2645acfa7237commit | diff
ceph-volume: honour osd_dmcrypt_key_size option

ceph-volume doesn't honour osd_dmcrypt_key_size.
It means the default size is always applied.

It also changes the default value in `get_key_size_from_conf()`

From cryptsetup manpage:

> For XTS mode you can optionally set a key size of 512 bits with the -s option.

Using more than 512bits will end up with the following error message:

```
Key size in XTS mode must be 256 or 512 bits.
```

Fixes: https://tracker.ceph.com/issues/54006
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 47c33179f9a15ae95cc1579a421be89378602656)

Origin: upstream, https://github.com/ceph/ceph/commit/f69339e00f582ec64b843ff58b66817975fca0d7

Gbp-Pq: Name CVE-2021-3979.patch
src/ceph-volume/ceph_volume/tests/util/test_encryption.py diff | blob | history
src/ceph-volume/ceph_volume/util/encryption.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.