From dd0e1988c08e75ce9564854eab93bb0826a9532d Mon Sep 17 00:00:00 2001
From: Marcel Lauhoff <marcel.lauhoff@suse.com>
Date: Tue, 19 Jul 2022 16:57:26 +0200
Subject: [PATCH] fscrypt: Fetch passphrase when keyFn is invoked not created

Fetch password when keyFn is invoked, not when it is created. This
allows creation of the keyFn before actually creating the passphrase.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
---
 internal/util/fscrypt/fscrypt.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/internal/util/fscrypt/fscrypt.go b/internal/util/fscrypt/fscrypt.go
index 53ec08ced7f..53c5f99c929 100644
--- a/internal/util/fscrypt/fscrypt.go
+++ b/internal/util/fscrypt/fscrypt.go
@@ -85,13 +85,13 @@ func createKeyFuncFromVolumeEncryption(
 	encryption util.VolumeEncryption,
 	volID string,
 ) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) {
-	passphrase, err := getPassphrase(ctx, encryption, volID)
-	if err != nil {
-		return nil, err
-	}
-
 	keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) {
-		key, err := fscryptcrypto.NewBlankKey(32)
+		passphrase, err := getPassphrase(ctx, encryption, volID)
+		if err != nil {
+			return nil, err
+		}
+
+		key, err := fscryptcrypto.NewBlankKey(encryptionPassphraseSize / 2)
 		copy(key.Data(), passphrase)
 
 		return key, err