clevis/0005-luks-define-max-entropy-bits-for-pwmake.patch

--- clevis-18.ori/src/clevis.1.adoc	2021-04-15 13:00:19.965065700 +0200
+++ clevis-18/src/clevis.1.adoc	2022-12-16 11:25:48.407264932 +0100
@@ -101,7 +101,7 @@
 
 This command performs four steps:
 
-1. Creates a new key with the same entropy as the LUKS master key.
+1. Creates a new key with the same entropy as the LUKS master key -- maximum entropy bits is 256.
 2. Encrypts the new key with Clevis.
 3. Stores the Clevis JWE in the LUKS header.
 4. Enables the new key for use with LUKS.
--- clevis-18.ori/src/luks/clevis-luks-common-functions.in	2022-12-16 11:23:23.982459214 +0100
+++ clevis-18/src/luks/clevis-luks-common-functions.in	2022-12-16 14:39:32.694114153 +0100
@@ -852,6 +852,7 @@
     [ -z "${DEV}" ] && return 1
 
     local dump filter bits
+    local MAX_ENTROPY_BITS=256  # Maximum allowed by pwmake.
     dump=$(cryptsetup luksDump "${DEV}")
     if cryptsetup isLuks --type luks1 "${DEV}"; then
         filter="$(echo "${dump}" | sed -rn 's|MK bits:[ \t]*([0-9]+)|\1|p')"
@@ -863,6 +864,9 @@
     fi
 
     bits="$(echo -n "${filter}" | sort -n | tail -n 1)"
+    if [ "${bits}" -gt "${MAX_ENTROPY_BITS}" ]; then
+        bits="${MAX_ENTROPY_BITS}"
+    fi
     pwmake "${bits}"
 }
 
--- clevis-18.ori/src/luks/clevis-luks-bind.1.adoc	2022-12-16 11:23:23.982459214 +0100
+++ clevis-18/src/luks/clevis-luks-bind.1.adoc	2022-12-16 14:41:33.502788100 +0100
@@ -20,7 +20,7 @@
 
 This command performs four steps:
 
-1. Creates a new key with the same entropy as the LUKS master key.
+1. Creates a new key with the same entropy as the LUKS master key -- maximum entropy bits is 256.
 2. Encrypts the new key with Clevis.
 3. Stores the Clevis JWE in the LUKS header.
 4. Enables the new key for use with LUKS.