diff --git a/FAQ b/FAQ index 30f17f16..ef6f5c3f 100644 --- a/FAQ +++ b/FAQ @@ -2475,7 +2475,7 @@ offset length name data type description More details: - Cipher, mode and pasword hash (or no hash): + Cipher, mode and password hash (or no hash): -e cipher [-N] => -c cipher-cbc-plain -H plain [-s 256] -e cipher => -c cipher-cbc-plain -H ripemd160 [-s 256] @@ -2616,7 +2616,7 @@ My take is this was much more driven by some big egos that wanted to make a splash for self-aggrandizement, than by any actual security concerns. Ignore it. -* 9.3 How do I do my own inird with cryptsetup? +* 9.3 How do I do my own initrd with cryptsetup? It depends on the distribution. Below, I give a very simple example and step-by-step instructions for Debian. With a bit of work, it diff --git a/INSTALL b/INSTALL index a4b34144..45ff9bb1 100644 --- a/INSTALL +++ b/INSTALL @@ -44,7 +44,7 @@ The simplest way to compile this package is: `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. - Running `configure' takes awhile. While running, it prints some + Running `configure' takes a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. diff --git a/README.md b/README.md index d7effcde..06b4e692 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Last version of the LUKS format specification is Why LUKS? --------- - * compatiblity via standardization, + * compatibility via standardization, * secure against low entropy attacks, * support for multiple keys, * effective passphrase revocation, diff --git a/docs/ChangeLog.old b/docs/ChangeLog.old index e51d362f..93d70adf 100644 --- a/docs/ChangeLog.old +++ b/docs/ChangeLog.old @@ -178,7 +178,7 @@ * Document cryptsetup exit codes. 2011-03-18 Milan Broz - * Respect maximum keyfile size paramater. + * Respect maximum keyfile size parameter. * Introduce maximum default keyfile size, add configure option. * Require the whole key read from keyfile in create command (broken in 1.2.0). * Fix offset option for loopaesOpen. @@ -334,13 +334,13 @@ * Version 1.1.0. 2010-01-10 Milan Broz - * Fix initialisation of gcrypt duting luksFormat. - * Convert hash name to lower case in header (fix sha1 backward comatible header) + * Fix initialisation of gcrypt during luksFormat. + * Convert hash name to lower case in header (fix sha1 backward compatible header) * Check for minimum required gcrypt version. 2009-12-30 Milan Broz * Fix key slot iteration count calculation (small -i value was the same as default). - * The slot and key digest iteration minimun is now 1000. + * The slot and key digest iteration minimum is now 1000. * The key digest iteration # is calculated from iteration time (approx 1/8 of that). * Version 1.1.0-rc4. @@ -395,16 +395,16 @@ * Require device device-mapper to build and do not use backend wrapper for dm calls. * Move memory locking and dm initialization to command layer. * Increase priority of process if memory is locked. - * Add log macros and make logging modre consitent. + * Add log macros and make logging more consistent. * Move command successful messages to verbose level. * Introduce --debug parameter. * Move device utils code and provide context parameter (for log). * Keyfile now must be provided by path, only stdin file descriptor is used (api only). * Do not call isatty() on closed keyfile descriptor. - * Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results. + * Run performance check for PBKDF2 from LUKS code, do not mix hash algorithms results. * Add ability to provide pre-generated master key and UUID in LUKS header format. * Add LUKS function to verify master key digest. - * Move key slot manuipulation function into LUKS specific code. + * Move key slot manipulation function into LUKS specific code. * Replace global options struct with separate parameters in helper functions. * Add new libcryptsetup API (documented in libcryptsetup.h). * Implement old API calls using new functions. @@ -412,7 +412,7 @@ * Add --master-key-file option for luksFormat and luksAddKey. 2009-08-17 Milan Broz - * Fix PBKDF2 speed calculation for large passhrases. + * Fix PBKDF2 speed calculation for large passphrases. * Allow using passphrase provided in options struct for LuksOpen. * Allow restrict keys size in LuksOpen. @@ -424,7 +424,7 @@ * Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here. * Add required parameters for changing hash used in LUKS key setup scheme. * Do not export simple XOR helper now used only inside AF functions. - * Completely remove internal SHA1 implementanion code, not needed anymore. + * Completely remove internal SHA1 implementation code, not needed anymore. * Enable hash algorithm selection for LUKS through -h luksFormat option. 2009-07-28 Milan Broz @@ -705,7 +705,7 @@ 2005-12-06 Clemens Fruhwirth - * man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i. + * man/cryptsetup.8: Correct "seconds" to "microseconds" in the explanation for -i. 2005-11-09 Clemens Fruhwirth @@ -726,7 +726,7 @@ 2005-09-08 Clemens Fruhwirth - * lib/setup.c (get_key): Fixed another incompatiblity with + * lib/setup.c (get_key): Fixed another incompatibility with original cryptsetup. 2005-08-20 Clemens Fruhwirth @@ -816,7 +816,7 @@ * man/cryptsetup.1: Add man page. - * lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the + * lib/setup.c: Remove unnecessary LUKS_write_phdr call, so the phdr is written after passphrase reading, so the user can change his mind, and not have a partial written LUKS header on it's disk. diff --git a/docs/v1.3.0-ReleaseNotes b/docs/v1.3.0-ReleaseNotes index 9ba8a3b0..b7ae9774 100644 --- a/docs/v1.3.0-ReleaseNotes +++ b/docs/v1.3.0-ReleaseNotes @@ -15,7 +15,7 @@ Important changes * NSS (because of missing ripemd160 it cannot provide full backward compatibility) * kernel userspace API (provided by kernel 2.6.38 and above) (Note that kernel userspace backend is very slow for this type of operation. - But it can be usefull for embedded systems, because you can avoid userspace + But it can be useful for embedded systems, because you can avoid userspace crypto library completely.) Backend is selected during configure time, using --with-crypto_backend option. diff --git a/docs/v1.4.0-ReleaseNotes b/docs/v1.4.0-ReleaseNotes index 6a176d4f..bef4e744 100644 --- a/docs/v1.4.0-ReleaseNotes +++ b/docs/v1.4.0-ReleaseNotes @@ -89,7 +89,7 @@ WARNING: This release removes old deprecated API from libcryptsetup (It can be used to simulate trivial hidden disk concepts.) libcryptsetup API changes: - * Added options to suport detached metadata device + * Added options to support detached metadata device crypt_init_by_name_and_header() crypt_set_data_device() * Add crypt_last_error() API call. diff --git a/docs/v2.0.0-RC1-ReleaseNotes b/docs/v2.0.0-RC1-ReleaseNotes index b0115cf6..7a1bb9c5 100644 --- a/docs/v2.0.0-RC1-ReleaseNotes +++ b/docs/v2.0.0-RC1-ReleaseNotes @@ -481,7 +481,7 @@ Other changes For LUKS2 it is always better to specify full settings (do not rely on default cost values). For example, we can set to use Argon2id with iteration cost 5, memory 128000 - and paralell set 1: + and parallel set 1: $ cryptsetup luksFormat --type luks2 \ --pbkdf argon2id --pbkdf-force-iterations 5 --pbkdf-memory 128000 --pbkdf-parallel 1 diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h index b56ca324..08209507 100644 --- a/lib/crypto_backend/crypto_backend.h +++ b/lib/crypto_backend/crypto_backend.h @@ -53,7 +53,7 @@ int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length); int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length); int crypt_hmac_destroy(struct crypt_hmac *ctx); -/* RNG (if fips paramater set, must provide FIPS compliance) */ +/* RNG (if fips parameter set, must provide FIPS compliance) */ enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 }; int crypt_backend_rng(char *buffer, size_t length, int quality, int fips); diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 24973c1d..7ba40a9e 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -239,7 +239,7 @@ struct crypt_pbkdf_type { * * @return 0 on success or negative errno value otherwise. * - * @note For LUKS1, only PBKDF2 is suppported, other settings will be rejected. + * @note For LUKS1, only PBKDF2 is supported, other settings will be rejected. * @note For non-LUKS context types the call succeeds, but PBKDF is not used. */ int crypt_set_pbkdf_type(struct crypt_device *cd, @@ -511,7 +511,7 @@ struct crypt_params_luks2 { * * @note Note that crypt_format does not enable any keyslot (in case of work with LUKS device), * but it stores volume key internally and subsequent crypt_keyslot_add_* calls can be used. - * @note For VERITY @link crypt-type @endlink, only uuid parameter is used, others paramaters + * @note For VERITY @link crypt-type @endlink, only uuid parameter is used, other parameters * are ignored and verity specific attributes are set through mandatory params option. */ int crypt_format(struct crypt_device *cd, @@ -1648,7 +1648,7 @@ typedef enum { crypt_token_info crypt_token_status(struct crypt_device *cd, int token, const char **type); /** - * LUKS2 keyring token paramaters. + * LUKS2 keyring token parameters. * * @see crypt_token_builtin_set * diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index e7298f21..0884d5eb 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -1155,7 +1155,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags) /* If kernel keyring is not supported load key directly in dm-crypt */ if ((*dmd_flags & CRYPT_ACTIVATE_KEYRING_KEY) && !(dmt_flags & DM_KERNEL_KEYRING_SUPPORTED)) { - log_dbg("dm-crypt doesn't suport kernel keyring"); + log_dbg("dm-crypt doesn't support kernel keyring"); *dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_KEYRING_KEY; ret = 1; } @@ -1288,7 +1288,7 @@ int dm_status_device(struct crypt_device *cd, const char *name) struct stat st; /* libdevmapper is too clever and handles - * path argument differenly with error. + * path argument differently with error. * Fail early here if parameter is non-existent path. */ if (strchr(name, '/') && stat(name, &st) < 0) diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index 4d81e854..796d843c 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -457,7 +457,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) } /* - * check repair result before writting because repair can't fix out of order + * check repair result before writing because repair can't fix out of order * keyslot offsets and would corrupt header again */ if (LUKS_check_keyslots(ctx, phdr)) @@ -539,7 +539,7 @@ static void _to_lower(char *str, unsigned max_len) static void LUKS_fix_header_compatible(struct luks_phdr *header) { - /* Old cryptsetup expects "sha1", gcrypt allows case insensistive names, + /* Old cryptsetup expects "sha1", gcrypt allows case insensitive names, * so always convert hash to lower case in header */ _to_lower(header->hashSpec, LUKS_HASHSPEC_L); @@ -865,7 +865,7 @@ int LUKS_set_key(unsigned int keyIndex, return -EINVAL; } - /* LUKS keyslot has always at least 4000 stripes accoding to specification */ + /* LUKS keyslot has always at least 4000 stripes according to specification */ if(hdr->keyblock[keyIndex].stripes < 4000) { log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"), keyIndex); diff --git a/lib/luks2/luks2_disk_metadata.c b/lib/luks2/luks2_disk_metadata.c index db4d9f67..3c00642b 100644 --- a/lib/luks2/luks2_disk_metadata.c +++ b/lib/luks2/luks2_disk_metadata.c @@ -182,7 +182,7 @@ static void hdr_to_disk(struct luks2_hdr *hdr, } /* - * Sanity checks before checkum is validated + * Sanity checks before checksum is validated */ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr, size_t *hdr_json_size, int secondary, @@ -324,7 +324,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr, } /* - * Calculate checksum and write header with checkum. + * Calculate checksum and write header with checksum. */ r = hdr_checksum_calculate(hdr_disk.checksum_alg, &hdr_disk, json_area, hdr_json_len); @@ -504,7 +504,7 @@ static json_object *parse_and_validate_json(const char *json_area, int length) if (!jobj) return NULL; - /* successfull parse_json_len must not return offset <= 0 */ + /* successful parse_json_len must not return offset <= 0 */ assert(offset > 0); r = validate_json_area(json_area, offset, length); diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index aac8aac3..c82d334e 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -844,7 +844,7 @@ static void LUKS2_hdr_free_unused_objects(struct crypt_device *cd, struct luks2_ int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr) { - /* FIXME: we risk to hide future intenal implementation bugs with this */ + /* FIXME: we risk to hide future internal implementation bugs with this */ LUKS2_hdr_free_unused_objects(cd, hdr); if (LUKS2_hdr_validate(hdr->jobj)) @@ -1317,7 +1317,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr /* any remaining bit in requirements is unknown therefore illegal */ if (reqs) { - log_dbg("Illegal requiremnt flag(s) requested"); + log_dbg("Illegal requirement flag(s) requested"); goto err; } diff --git a/lib/setup.c b/lib/setup.c index 4305b094..5eac76a5 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -3959,7 +3959,7 @@ int crypt_convert(struct crypt_device *cd, return crypt_load(cd, type, params); } -/* Internall access function to header pointer */ +/* Internal access function to header pointer */ void *crypt_get_hdr(struct crypt_device *cd, const char *type) { /* If requested type differs, ignore it */ diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 0ffa00a9..8b732d0c 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -350,7 +350,7 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, } /* - * For chanined ciphers and CBC mode we need "outer" decryption. + * For chained ciphers and CBC mode we need "outer" decryption. * Backend doesn't provide this, so implement it here directly using ECB. */ static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers, @@ -775,7 +775,7 @@ int TCRYPT_activate(struct crypt_device *cd, return r; } - /* Frome here, key size for every cipher must be the same */ + /* From here, key size for every cipher must be the same */ dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size + algs->cipher[0].key_extra_size, NULL); if (!dmd.u.crypt.vk) { diff --git a/lib/utils.c b/lib/utils.c index 9ca691d7..ed8f6a0a 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -421,7 +421,7 @@ int crypt_keyfile_read(struct crypt_device *cd, const char *keyfile, goto out_err; } - /* If not requsted otherwise, we limit input to prevent memory exhaustion */ + /* If not requested otherwise, we limit input to prevent memory exhaustion */ if (keyfile_size_max == 0) { keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1; unlimited_read = 1; diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c index 43b241f8..6ca52231 100644 --- a/lib/utils_benchmark.c +++ b/lib/utils_benchmark.c @@ -1,5 +1,5 @@ /* - * libcryptsetup - cryptsetup library, cipher bechmark + * libcryptsetup - cryptsetup library, cipher benchmark * * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved. * Copyright (C) 2012-2017, Milan Broz @@ -281,8 +281,8 @@ static int benchmark_callback(uint32_t time_ms, void *usrptr) /* * Used in internal places to benchmark crypt_device context PBKDF. * Once requested parameters are benchmarked, iterations attribute is set, - * and the benchamarked values can be reused. - * Note that memory cost can be changed after benchark (if used). + * and the benchmarked values can be reused. + * Note that memory cost can be changed after benchmark (if used). * NOTE: You need to check that you are benchmarking for the same key size. */ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, @@ -306,8 +306,8 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { /* - * For PBKDF2 it is enouch to run benchmark for only 1 second - * and interpolate final iterarions value from it. + * For PBKDF2 it is enough to run benchmark for only 1 second + * and interpolate final iterations value from it. */ ms_tmp = pbkdf->time_ms; pbkdf->time_ms = 1000; diff --git a/lib/utils_device_locking.c b/lib/utils_device_locking.c index 78220221..8ec63baa 100644 --- a/lib/utils_device_locking.c +++ b/lib/utils_device_locking.c @@ -172,7 +172,7 @@ static void release_lock_handle(struct crypt_lock_handle *h) if (S_ISBLK(h->mode) && /* was it block device */ !flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */ !resource_by_devno(res, sizeof(res), h->devno, 1) && /* acquire lock resource name */ - !fstat(h->flock_fd, &buf_a) && /* read inode id refered by fd */ + !fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */ !stat(res, &buf_b) && /* does path file stil exist? */ same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */ /* coverity[toctou] */ diff --git a/lib/utils_dm.h b/lib/utils_dm.h index ef959d32..5aa3e993 100644 --- a/lib/utils_dm.h +++ b/lib/utils_dm.h @@ -86,7 +86,7 @@ struct crypt_dm_active_device { /* struct crypt_active_device */ uint64_t offset; /* offset in sectors */ - uint64_t iv_offset; /* IV initilisation sector */ + uint64_t iv_offset; /* IV initialisation sector */ uint32_t tag_size; /* additional on-disk tag size */ uint32_t sector_size; /* encryption sector size */ } crypt; diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c index 958b4f53..7da123e2 100644 --- a/lib/utils_pbkdf.c +++ b/lib/utils_pbkdf.c @@ -218,5 +218,5 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK); pbkdf->iterations = 0; - log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms); + log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms); } diff --git a/man/cryptsetup-reencrypt.8 b/man/cryptsetup-reencrypt.8 index d4ddb1f3..d39fa8fd 100644 --- a/man/cryptsetup-reencrypt.8 +++ b/man/cryptsetup-reencrypt.8 @@ -201,7 +201,7 @@ Print separate line every with reencryption progress. Use only while encrypting not yet encrypted device (see \-\-new). Specify LUKS version when performing in-place encryption. If the parameter -is ommited default value (LUKS1) is used. Type may be one of: \fBluks\fR (default), +is omitted default value (LUKS1) is used. Type may be one of: \fBluks\fR (default), \fBluks1\fR or \fBluks2\fR. .TP .B "\-\-version" diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 093f81b6..9a4d1c30 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -432,7 +432,7 @@ The \fItoken\fR command is supported only for LUKS2. For adding new keyring token, option \-\-key\-description is mandatory. Also, new token is assigned to key slot specified with \-\-key\-slot option or to all -active key slots in the case \-\-key\-slot option is ommited. +active key slots in the case \-\-key\-slot option is omitted. To remove existing token, specify the token ID which should be removed with \-\-token\-id option. @@ -907,7 +907,7 @@ Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes). Note that it is maximal value, PBKDF benchmark can decrease it. This option is not available for PBKDF2. .TP -.B "\-\-pbkdf\-paralell " +.B "\-\-pbkdf\-parallel " Set the parallel cost for PBKDF (number of threads, up to 4). Note that it is maximal value, it is decreased automatically if CPU online count is lower. @@ -1347,7 +1347,7 @@ the status command output. Also see losetup(8). The LUKS2 on-disk metadata is updated in several steps and to achieve proper atomic update, there is a locking mechanism. For an image in file, code uses \fIflock(2)\fR system call. -For a block device, lock is perfomed over a special file stored +For a block device, lock is performed over a special file stored in a locking directory (by default \fI/run/lock/cryptsetup\fR). The locking directory should be created with the proper security context by the distribution during the boot-up phase. diff --git a/man/veritysetup.8 b/man/veritysetup.8 index 1b7523f6..72fb6659 100644 --- a/man/veritysetup.8 +++ b/man/veritysetup.8 @@ -120,7 +120,7 @@ Defines what to do if data integrity problem is detected (data corruption). Without these options kernel fails the IO operation with I/O error. With \-\-ignore-corruption option the corruption is only logged. -With \-\-restart-on-corruption the kernel is restarted immediatelly. +With \-\-restart-on-corruption the kernel is restarted immediately. (You have to provide way how to avoid restart loops.) \fBWARNING:\fR Use these options only for very specific cases. @@ -182,7 +182,7 @@ Hash-offset must be greater than number of blocks in data-area. .B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 create test-device " -Acivatees the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same +Activates the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same as in the format command. The was calculated in format command. .B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 verify " diff --git a/misc/dict_search/README b/misc/dict_search/README index 8f4b1c92..fc6aa440 100644 --- a/misc/dict_search/README +++ b/misc/dict_search/README @@ -13,7 +13,7 @@ luks|tcrypt specified device type (LUKS or TrueCrypt) cpus - number of processes to start in parallel Format of dictionary file is simple one password per line, -if first char on line s # it is skiped as comment. +if first char on line is # it is skipped as comment. For LUKS, you have it run as root (device-mapper cannot create dmcrypt devices as nrmal user. Code need diff --git a/misc/dracut_90reencrypt/README b/misc/dracut_90reencrypt/README index cbfaaf16..06729497 100644 --- a/misc/dracut_90reencrypt/README +++ b/misc/dracut_90reencrypt/README @@ -2,9 +2,9 @@ Example of simple dracut module for reencryption of system LUKS drive on-the-fly. Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then -build special intramfs "with dracut -a reencrypt -o crypt". +build special initramfs "with dracut -a reencrypt -o crypt". Reencrypt module doesn't work (has a conflict) with crypt module as -of now. After successfull reencryption reboot using original initramfs. +of now. After successful reencryption reboot using original initramfs. Dracut then recognize argument rd.luks.reencrypt=name:size, e.g. rd.luks.reencrypt=sda2:52G means only 52G of device diff --git a/misc/keyslot_checker/chk_luks_keyslots.c b/misc/keyslot_checker/chk_luks_keyslots.c index fa284aa3..d05aad80 100644 --- a/misc/keyslot_checker/chk_luks_keyslots.c +++ b/misc/keyslot_checker/chk_luks_keyslots.c @@ -61,7 +61,7 @@ const char *help = " the threshold down to reduce misdetection. For values\n" " larger than the default you need to adjust the threshold\n" " up to retain sensitivity.\n" -" -v Print found suspicuous sectors verbosely. \n" +" -v Print found suspicious sectors verbosely. \n" " -d Print decimal addresses instead of hex ones.\n" "\n"; @@ -321,8 +321,8 @@ int main(int argc, char **argv) device = argv[optind]; /* test whether we can open and read device */ - /* This is neded as we are reading the actual data - * in the keyslots dirtectly from the LUKS container. + /* This is needed as we are reading the actual data + * in the keyslots directly from the LUKS container. */ f_luks = open(device, O_RDONLY); if (f_luks == -1) { diff --git a/misc/luks2_keyslot_example/keyslot_test_remote_pass.c b/misc/luks2_keyslot_example/keyslot_test_remote_pass.c index 64f4f620..a1dee799 100644 --- a/misc/luks2_keyslot_example/keyslot_test_remote_pass.c +++ b/misc/luks2_keyslot_example/keyslot_test_remote_pass.c @@ -192,7 +192,7 @@ static int download_remote_password(struct crypt_device *cd, char *password, siz return -EINVAL; - /* extract third party metadata neccessary to extract passphrase remotely */ + /* extract third party metadata necessary to extract passphrase remotely */ json_object_object_get_ex(jobj_keyslot, "ssh_server", &jobj_server); json_object_object_get_ex(jobj_keyslot, "ssh_user", &jobj_user); json_object_object_get_ex(jobj_keyslot, "ssh_path", &jobj_path); diff --git a/python/pycryptsetup.c b/python/pycryptsetup.c index f8dbfe24..54b69793 100644 --- a/python/pycryptsetup.c +++ b/python/pycryptsetup.c @@ -235,7 +235,7 @@ static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyO static char CryptSetup_deactivate_HELP[] = -"Dectivate LUKS device\n\n\ +"Deactivate LUKS device\n\n\ deactivate()"; static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, PyObject *kwds) diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 1a7ae6d6..9cc537ba 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -119,7 +119,7 @@ static const char *luksType(const char *type) static int _verify_passphrase(int def) { - /* Batch mode switch off verify - if not overrided by -y */ + /* Batch mode switch off verify - if not overridden by -y */ if (opt_verify_passphrase) def = 1; else if (opt_batch_mode) diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 20451902..94db2413 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -65,7 +65,7 @@ struct reenc_ctx { char *device; char *device_uuid; const char *type; - uint64_t device_size; /* overrided by parameter */ + uint64_t device_size; /* overridden by parameter */ uint64_t device_size_new_real; uint64_t device_size_org_real; uint64_t device_offset; diff --git a/tests/api-test-2.c b/tests/api-test-2.c index ad33640b..c086b666 100644 --- a/tests/api-test-2.c +++ b/tests/api-test-2.c @@ -608,8 +608,8 @@ static void AddDeviceLuks2(void) OK_(crypt_deactivate(cd, CDEVICE_1)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); // restrict format only to empty context - FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); - FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted"); // change data device to wrong one OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); @@ -628,7 +628,7 @@ static void AddDeviceLuks2(void) EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7); crypt_free(cd); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); - FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); crypt_free(cd); // check active status without header @@ -854,7 +854,7 @@ static void Luks2HeaderRestore(void) .size = 0 }; struct crypt_params_luks1 luks1 = { - .data_alignment = 8192, // 4M offset to pass alignement test + .data_alignment = 8192, // 4M offset to pass alignment test }; char key[128]; @@ -2175,7 +2175,7 @@ static void Pbkdf(void) // bad.hash = "hamster_hash"; // FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member"); crypt_free(cd); - // test whether crypt_get_pbkdf_type() behaves accordinglt after second crypt_load() call + // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_load(cd, CRYPT_LUKS, NULL)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); @@ -2367,7 +2367,7 @@ static void Luks2Requirements(void) OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); NOTNULL_(crypt_get_pbkdf_type(cd)); - /* crypt_set_itertion_time (unrestricted) */ + /* crypt_set_iteration_time (unrestricted) */ crypt_set_iteration_time(cd, 1); pbkdf = crypt_get_pbkdf_type(cd); NOTNULL_(pbkdf); @@ -2504,7 +2504,7 @@ static void Luks2Requirements(void) remove(BACKUP_FILE); OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE)); - /* crypt_header_restore (restricted, do not drop the test untill we have safe option) */ + /* crypt_header_restore (restricted, do not drop the test until we have safe option) */ FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); remove(BACKUP_FILE); @@ -2584,7 +2584,7 @@ static void Luks2Requirements(void) OK_(crypt_init_by_name(&cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1)); - /* crypt_header_restore (restricted, do not drop the test untill we have safe option) */ + /* crypt_header_restore (restricted, do not drop the test until we have safe option) */ /* refuse to overwrite header w/ backup including requirements */ FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); diff --git a/tests/api-test.c b/tests/api-test.c index 42aca6f6..6fa72656 100644 --- a/tests/api-test.c +++ b/tests/api-test.c @@ -267,12 +267,12 @@ static int _setup(void) _system(" [ ! -e " EVL_HEADER_1 " ] && bzip2 -dk " EVL_HEADER_1 ".bz2", 1); /* keymaterial offset aims into payload area */ _system(" [ ! -e " EVL_HEADER_2 " ] && bzip2 -dk " EVL_HEADER_2 ".bz2", 1); - /* keymaterial offset is valid, number of stripes causes payload area to be overwriten */ + /* keymaterial offset is valid, number of stripes causes payload area to be overwritten */ _system(" [ ! -e " EVL_HEADER_3 " ] && bzip2 -dk " EVL_HEADER_3 ".bz2", 1); /* luks device header for data and header on same device. payloadOffset is greater than * device size (crypt_load() test) */ _system(" [ ! -e " EVL_HEADER_4 " ] && bzip2 -dk " EVL_HEADER_4 ".bz2", 1); - /* two keyslots with same offset (overlaping keyslots) */ + /* two keyslots with same offset (overlapping keyslots) */ _system(" [ ! -e " EVL_HEADER_5 " ] && bzip2 -dk " EVL_HEADER_5 ".bz2", 1); /* valid header: payloadOffset=4096, key_size=32, * volume_key = bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a */ @@ -796,8 +796,8 @@ static void AddDeviceLuks(void) OK_(crypt_deactivate(cd, CDEVICE_1)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); // restrict format only to empty context - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted"); // change data device to wrong one OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); @@ -816,7 +816,7 @@ static void AddDeviceLuks(void) EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7); crypt_free(cd); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); crypt_free(cd); // check active status without header @@ -988,7 +988,7 @@ static void UseTempVolumes(void) OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL)); FAIL_(crypt_activate_by_volume_key(cd, NULL, "xxx", 3, 0), "cannot verify key with plain"); FAIL_(crypt_volume_key_verify(cd, "xxx", 3), "cannot verify key with plain"); - FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key lenght"); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key length"); OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, "volumekeyvolumek", 16, 0)); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_2)); diff --git a/tests/cryptsetup-valg-supps b/tests/cryptsetup-valg-supps index 3370ace3..b2530f7c 100644 --- a/tests/cryptsetup-valg-supps +++ b/tests/cryptsetup-valg-supps @@ -1,4 +1,4 @@ -# Supresion file for valgrind +# Suppresion file for valgrind # known problem in libgcrypt { diff --git a/tests/device-test b/tests/device-test index e64b9ce1..a2ef6e77 100755 --- a/tests/device-test +++ b/tests/device-test @@ -66,7 +66,7 @@ DEV="$MNT_DIR/test.img" mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available." format luks1 -echo "[2] Kernel dmcrypt performace options" +echo "[2] Kernel dmcrypt performance options" echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "TEST SKIPPED: dmcrypt options not available" diff --git a/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh b/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh index 0b5c27f8..fbd8cd66 100755 --- a/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh +++ b/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh @@ -6,7 +6,7 @@ # *** Description *** # # generate primary header with json area concluded with illegal -# byte beyond terminating '}' charcter. +# byte beyond terminating '}' character. # # secondary header is corrupted on purpose as well # diff --git a/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh b/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh index 244266f7..39f0c6a6 100755 --- a/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh +++ b/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh @@ -5,7 +5,7 @@ # # *** Description *** # -# generate primary header with one area incuded within another one (in terms of 'offset' + 'length') +# generate primary header with one area included within another one (in terms of 'offset' + 'length') # # secondary header is corrupted on purpose as well #