From: Will Fancher <elvishjerricco@gmail.com>
Date: Fri, 15 May 2026 01:09:54 +0000 (-0400)
Subject: cryptsetup: Invalidate ineffective try_discover_key before trying
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7aaa26571da5b3b47c6cd328eafb4e108c7937ae;p=thirdparty%2Fsystemd.git

cryptsetup: Invalidate ineffective try_discover_key before trying

A single incorrect password attempt from the user would be tried
twice, because the first failed try would think it was the
try_discover_key method that failed, and would invalidate that instead
of the actual failed password. This resulted in the user being
prompted one fewer time than they should be.

Fixes #38495
---

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 9c7b2006bab..50f78a2004c 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -2755,6 +2755,8 @@ static int verb_attach(int argc, char *argv[], uintptr_t _data, void *userdata)
                                 return r;
                         if (r > 0)
                                 key_data = &discovered_key_data;
+                        else
+                                try_discover_key = false;
                 }
 
                 if (token_type < 0 && !key_file && !key_data && !passwords) {