Do not wipe keyslot area before in-place overwrite.

If LUKS2 keyslot area has to be overwritten (due to lack of free space), do not wipe the affected area first. It will get overwritten anyway. Originaly, in between the keyslot wipe and new key material write, pbkdf calculation took place. The pbkdf calculation takes ~2 seconds by default and it put the user in unnecesary risk of loosing the keysot data in case of a crash.
mbroz · Sep 29, 2023 · f0b556b · f0b556b
1 parent ca0c9c7
commit f0b556b
Showing 1 changed file with 1 addition and 9 deletions.
diff --git a/lib/setup.c b/lib/setup.c
@@ -4400,16 +4400,8 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
 			r = LUKS2_token_assignment_copy(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new, 0);
 			if (r < 0)
 				goto out;
-		} else {
+		} else
 			log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old);
-			/* FIXME: improve return code so that we can detect area is damaged */
-			r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1);
-			if (r) {
-				/* (void)crypt_keyslot_destroy(cd, keyslot_old); */
-				r = -EINVAL;
-				goto out;
-			}
-		}
 
 		r = LUKS2_keyslot_store(cd,  &cd->u.luks2.hdr,
 					keyslot_new, new_passphrase,