Skip to content

Commit

Permalink
fscrypt: Fetch passphrase when keyFn is invoked not created
Browse files Browse the repository at this point in the history 
Fetch password when keyFn is invoked, not when it is created. This
allows creation of the keyFn before actually creating the passphrase.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
  • Loading branch information
@mergify
Marcel Lauhoff authored and mergify[bot] committed Oct 17, 2022
1 parent a6a4282 commit dd0e198
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions internal/util/fscrypt/fscrypt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,13 @@ func createKeyFuncFromVolumeEncryption(
encryption util.VolumeEncryption,
volID string,
) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) {
passphrase, err := getPassphrase(ctx, encryption, volID)
if err != nil {
return nil, err
}

keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) {
key, err := fscryptcrypto.NewBlankKey(32)
passphrase, err := getPassphrase(ctx, encryption, volID)
if err != nil {
return nil, err
}

key, err := fscryptcrypto.NewBlankKey(encryptionPassphraseSize / 2)
copy(key.Data(), passphrase)

return key, err
Expand Down

0 comments on commit dd0e198

Please sign in to comment.