eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix typos found by codespell.

Browse Source 
Thanks Dimitri Papadopoulos Orfanos for the patch.

Fixes: #734.
This commit is contained in:
Milan Broz
2022-04-16 19:56:37 +02:00
committed by Ondrej Kozina
parent d3ad18ad81
commit 773fc0195f
12 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
FAQ.md
View File

@@ -51,7 +51,7 @@
security model BEFORE you face such a disaster! In particular, make security model BEFORE you face such a disaster! In particular, make
sure you have a current header backup before doing any potentially sure you have a current header backup before doing any potentially
dangerous operations. The LUKS2 header should be a bit more resilient dangerous operations. The LUKS2 header should be a bit more resilient
as critical data starts later and is stored twice, but you can decidely as critical data starts later and is stored twice, but you can decidedly
still destroy it or a keyslot permanently by accident. still destroy it or a keyslot permanently by accident.
DEBUG COMMANDS: While the --debug and --debug-json options should not DEBUG COMMANDS: While the --debug and --debug-json options should not
@@ -1039,7 +1039,7 @@
that is intact. that is intact.
In order to find out whether a key-slot is damaged one has to look for In order to find out whether a key-slot is damaged one has to look for
"non-random looking" data in it. There is a tool that automatizes this "non-random looking" data in it. There is a tool that automates this
for LUKS1 in the cryptsetup distribution from version 1.6.0 onwards. It for LUKS1 in the cryptsetup distribution from version 1.6.0 onwards. It
is located in misc/keyslot_checker/. Instructions how to use and how to is located in misc/keyslot_checker/. Instructions how to use and how to
interpret results are in the README file. Note that this tool requires interpret results are in the README file. Note that this tool requires
@@ -2730,7 +2730,7 @@ offset length name data type description
safe under these circumstances, then you have bigger problems than this safe under these circumstances, then you have bigger problems than this
somewhat expected behavior. somewhat expected behavior.
The CVE was exagerrated and should not be assigned to upstream The CVE was exaggerated and should not be assigned to upstream
cryptsetup in the first place (it is a distro specific initrd issue). cryptsetup in the first place (it is a distro specific initrd issue).
It was driven more by a try to make a splash for self-aggrandizement, It was driven more by a try to make a splash for self-aggrandizement,
than by any actual security concerns. Ignore it. than by any actual security concerns. Ignore it.

2
README.md
View File

@@ -88,7 +88,7 @@ See ``./configure --help`` and use ``--disable-*`` and ``--enable-*`` options.
For running the test suite that come with the project, type ``make check``. For running the test suite that come with the project, type ``make check``.
Note that most tests will need root user privileges and run many dangerous storage fail simulations. Note that most tests will need root user privileges and run many dangerous storage fail simulations.
Do **not** run tests with root privilege on production systems! Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug kernel module to be available.
For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals. For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals.

4
docs/v2.0.0-ReleaseNotes
View File

@@ -89,7 +89,7 @@ Important features
Integritysetup is intended to be used for settings that require Integritysetup is intended to be used for settings that require
non-cryptographic data integrity protection with no data encryption. non-cryptographic data integrity protection with no data encryption.
Fo setting integrity protected encrypted devices, see disk authenticated For setting integrity protected encrypted devices, see disk authenticated
encryption below. encryption below.
Note that after formatting the checksums need to be initialized; Note that after formatting the checksums need to be initialized;
@@ -583,7 +583,7 @@ Unfinished things & TODO for next releases
in kernel (more on this later). in kernel (more on this later).
NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
in kernel have too small 96-bit nonces that are problematic with in kernel have too small 96-bit nonces that are problematic with
randomly generated IVs (the collison probability is not negligible). randomly generated IVs (the collision probability is not negligible).
For the GCM, nonce collision is a fatal problem. For the GCM, nonce collision is a fatal problem.
* Authenticated encryption do not set encryption for dm-integrity journal. * Authenticated encryption do not set encryption for dm-integrity journal.

2
docs/v2.3.4-ReleaseNotes
View File

@@ -75,7 +75,7 @@ Changes since version 2.3.3
If users want to use blake2b/blake2s, the kernel algorithm name includes If users want to use blake2b/blake2s, the kernel algorithm name includes
a dash (like "blake2s-256"). a dash (like "blake2s-256").
Theses algorithms can now be used for integritysetup devices. These algorithms can now be used for integritysetup devices.
* Fix crypto backend to properly handle ECB mode. * Fix crypto backend to properly handle ECB mode.

2
lib/libcryptsetup_macros.h
View File

@@ -1,5 +1,5 @@
/* /*
* Definitions of common constant and generic macros fo libcryptsetup * Definitions of common constant and generic macros of libcryptsetup
* *
* Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved.
* Copyright (C) 2009-2022 Milan Broz * Copyright (C) 2009-2022 Milan Broz

2
lib/libcryptsetup_symver.h
View File

@@ -31,7 +31,7 @@
* It's supposed to be used only with symbols that are exported in at least * It's supposed to be used only with symbols that are exported in at least
* two versions simultaneously as follows: * two versions simultaneously as follows:
* *
* - the latest version is marked with _NEW variant and oll other compatible * - the latest version is marked with _NEW variant and all other compatible
* symbols should be marked with _OLD variant * symbols should be marked with _OLD variant
* *
* Examples: * Examples:

2
lib/luks1/keymanage.c
View File

@@ -399,7 +399,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
/* /*
* cryptsetup 1.0 did not align keyslots to 4k, cannot repair this one * cryptsetup 1.0 did not align keyslots to 4k, cannot repair this one
* Also we cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset(). * Also we cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset().
* Expect first keyslot is aligned, if not, then manual repair is neccessary. * Expect first keyslot is aligned, if not, then manual repair is necessary.
*/ */
if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
log_err(ctx, _("Non standard keyslots alignment, manual repair required.")); log_err(ctx, _("Non standard keyslots alignment, manual repair required."));

2
man/cryptsetup.8
View File

@@ -1162,7 +1162,7 @@ maximum is 4294967295 (maximum for 32bit unsigned integer).
Memory and parallel costs are unused for PBKDF2. Memory and parallel costs are unused for PBKDF2.
For \fBArgon2i\fR and \fBArgon2id\fR, minimum iteration count (CPU cost) is 4 and For \fBArgon2i\fR and \fBArgon2id\fR, minimum iteration count (CPU cost) is 4 and
maximum is 4294967295 (maximum for 32bit unsigned integer). maximum is 4294967295 (maximum for 32bit unsigned integer).
Minimum memory cost is 32 KiB and maximum is 4 GiB. (Limited by addresable Minimum memory cost is 32 KiB and maximum is 4 GiB. (Limited by addressable
memory on some CPU platforms.) memory on some CPU platforms.)
If the memory cost parameter is benchmarked (not specified by a parameter) If the memory cost parameter is benchmarked (not specified by a parameter)
it is always in range from 64 MiB to 1 GiB. it is always in range from 64 MiB to 1 GiB.

4
man/integritysetup.8
View File

@@ -244,10 +244,10 @@ Do not use these options until you need compatibility with specific old kernel.
Use inefficient legacy padding. Use inefficient legacy padding.
.TP .TP
.B "\-\-integrity\-legacy\-hmac" .B "\-\-integrity\-legacy\-hmac"
Use old flawed HMAC calclation (also does not protect superblock). Use old flawed HMAC calculation (also does not protect superblock).
.TP .TP
.B "\-\-integrity\-legacy\-recalculate" .B "\-\-integrity\-legacy\-recalculate"
Allow insecure recalculating of volumes with HMAC keys (recalcualtion offset in superblock Allow insecure recalculating of volumes with HMAC keys (recalculation offset in superblock
is not protected). is not protected).
.SH RETURN CODES .SH RETURN CODES

2
tests/compat-test-args
View File

@@ -73,7 +73,7 @@ export LANG=C
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
# initial test constructed acccording to current cryptsetup content # initial test constructed according to current cryptsetup content
echo "[1] Current state" echo "[1] Current state"
exp_fail resize NAME --test-passphrase exp_fail resize NAME --test-passphrase
exp_fail close NAME --test-passphrase exp_fail close NAME --test-passphrase

2
tests/cryptsetup-valg-supps
View File

@@ -1,4 +1,4 @@
# Suppresion file for valgrind # Suppression file for valgrind
# known problem in libgcrypt # known problem in libgcrypt
{ {

10
tests/luks2-validation-test
View File

@@ -132,27 +132,27 @@ cd $START_DIR
echo "[1] Test basic auto-recovery" echo "[1] Test basic auto-recovery"
RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0" RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0"
# TODO: check epoch is incresed after recovery # TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c) # TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384" RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384"
# TODO: check epoch is incresed after recovery # TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c) # TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair" RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair"
echo "[2] Test ability to auto-correct mallformed json area" echo "[2] Test ability to auto-correct mallformed json area"
RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512" RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512"
# TODO: check epoch is incresed after recovery # TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c) # TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896" RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896"
# TODO: check epoch is incresed after recovery # TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c) # TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area" RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area"
# TODO: detect noop (norecovery, epoch untouched) # TODO: detect noop (norecovery, epoch untouched)
# TODO: check epoch is NOT incresed after recovery of secondary header # TODO: check epoch is NOT increased after recovery of secondary header
# these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation # these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation
RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters." RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters."