@@ -119,7 +119,7 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz
return -1;
}
- ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_CIPHER_key_length(cipher), NULL, 0, salt);
+ ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_MD_size(EVP_sha256()), NULL, 0, salt);
if (ret != iv_len)
errmsg("Unable to compute ESSIV salt, return value %zi instead of %zi", ret, iv_len);
@@ -31,7 +31,7 @@ unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx)
int ret;
unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE);
- ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, FS_MAX_KEY_SIZE, new_key);
+ ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, fscrypt_cipher->key_length, new_key);
if (ret < 0) {
err_msg("derive_key_aes failed: %i\n", ret);
@@ -202,7 +202,7 @@ static int load_master_key(const char *key_file, struct cipher *fsc)
return -1;
}
- keysize = read(kf, fscrypt_masterkey, sizeof(fscrypt_masterkey));
+ keysize = read(kf, fscrypt_masterkey, fsc->key_length);
if (keysize < 0) {
sys_errmsg("read '%s'", key_file);
goto fail;
This works currently by chance since the sizes match, but that might change with different cipher setups. Signed-off-by: Richard Weinberger <richard@nod.at> --- ubifs-utils/mkfs.ubifs/crypto.c | 2 +- ubifs-utils/mkfs.ubifs/fscrypt.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)