storage: Add extra failure condition for luks volume creation

Commit id '5e46d7d6' did not take into account that usage of a luks
volume will require usage of the master key encrypted passphrase for
a QEMU environment.  So rather than allow creation of something that
won't be usable, just fail the creation.

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 6aa55939f19c2225b78653bb8181498be1546923..862fb2914473e14aec07d1bbc539444da9affc87 100644 (file)
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -56,6 +56,7 @@
 #include "internal.h"
 #include "secret_conf.h"
 #include "secret_util.h"
+#include "vircrypto.h"
 #include "viruuid.h"
 #include "virstoragefile.h"
 #include "storage_backend.h"
@@ -1065,6 +1066,12 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,
                            _("no secret provided for luks encryption"));
             return -1;
         }
+        if (!virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("luks encryption usage requires encrypted "
+                             "secret generation to be supported"));
+            return -1;
+        }
     } else {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("volume encryption unsupported with format %s"), type);