Benno Schulenberg
3886646273
po: update nl.po (from translationproject.org)
2026-01-09 08:57:27 +01:00
Petr Pisar
0abf6d5698
po: update cs.po (from translationproject.org)
2026-01-09 08:57:27 +01:00
Milan Broz
935a8dfe9d
ci: Use clang-21
2026-01-06 20:09:42 +01:00
Milan Broz
1d83c6b126
ci: Remove disable Annocheck
2026-01-06 20:09:42 +01:00
Milan Broz
806d3ede43
ci: Use Debian 13 in build
2026-01-06 20:09:42 +01:00
Milan Broz
7fa4cd9308
Fix wrong device size status reports in cryptsetup and integritysetup
...
In version 2.8.0 the status output was modified to strictly use
units and also bytes device size was added.
Unfortunately, the size was wrongly calculated if sector size was
different than 512-byte default.
Fixes : #972
2026-01-02 21:09:47 +01:00
Milan Broz
8bc6749256
Update Readme for 2.8.3.
2025-12-19 13:55:23 +01:00
Milan Broz
c7ae50f1a4
Add 2.8.3 Release notes.
2025-12-19 13:40:45 +01:00
Milan Broz
55d40220cb
Fix BITLK FVE validation on big-endian platforms
...
Fix several mistakes in validation code.
Fixes : #970
2025-12-19 11:59:27 +01:00
Milan Broz
42b6c21119
Update Readme for 2.8.2.
2025-12-18 17:15:55 +01:00
Milan Broz
892e3ce03e
Add 2.8.2 Release notes.
2025-12-18 11:30:40 +01:00
Yuri Chornoivan
16f0a80322
po: update uk.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Мирослав Николић
1050cc019b
po: update sr.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Marián Haburaj
779d0dda67
po: update sk.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Remus-Gabriel Chelu
3594af706e
po: update ro.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Jakub Bogusz
c38b8be79e
po: update pl.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Hiroshi Takekawa
fe04944ba9
po: update ja.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Frédéric Marchal
b89e99b0f1
po: update fr.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Roland Illig
81964c4f9e
po: update de.po (from translationproject.org)
2025-12-15 22:00:47 +01:00
Milan Broz
c06a4d5ff8
tests: Do not use sync
...
Calling sync should not be needed and it waits for not relevant devices.
2025-12-15 17:28:29 +01:00
Milan Broz
4c2a6ad8be
tests: Avoid lazy losetup in reencryption test
...
According to man page, losetup detach can be lazy operation.
Udev settle should cause it to finalize.
All othe tests use this in destructor only.
2025-12-15 17:28:29 +01:00
Milan Broz
b4aaf5c3b8
tests: Add luksFormat detached header test for authenticated encryption
...
Fixes : #969
2025-12-13 21:34:47 +01:00
Milan Broz
4d491e1f59
ci: Add GitHub CIFuzz check
2025-12-12 15:37:55 +01:00
Milan Broz
282f299cf0
ci: Try to build fuzzers without Docker image
2025-12-12 15:37:55 +01:00
Kristina Hanicova
4c166958ac
tests: Add test for (inline hw tags)
2025-12-12 13:27:03 +01:00
Kristina Hanicova
cdb6a56260
Set inline integrity flag if no underlying dm-integrity device
...
Cryptsetup status does not report when the hw inline integrity is
set without the underlying dm-integrity device.
Fixes : #965
2025-12-12 13:13:32 +01:00
Milan Broz
58d9054920
Use @e 0 constistently
2025-12-12 11:47:38 +01:00
Milan Broz
100c925ec9
Fix order of params/return function descriptions
...
Also remove redundant empty lines.
2025-12-12 11:47:38 +01:00
Milan Broz
068790018a
Use "negative errno value" consistently.
2025-12-12 11:47:38 +01:00
Milan Broz
097328f18a
Use @e NULL consistently.
2025-12-12 11:47:38 +01:00
Milan Broz
8505e851be
Use @return in header files
...
The @returns is alias, but for consistency, use only one form.
2025-12-12 11:47:38 +01:00
Milan Broz
55e0209a4e
Fix LUKS2 device status in inline HW mode and detached header
...
Internal type is not set if detached header is not specified,
but inline tag check should be done anyway.
2025-12-12 10:41:26 +01:00
Milan Broz
403def1d11
Fix inline format data device
...
The data device from parameters was not applied properly
for inline HW tags device.
The luksFormat then fails if --header is used.
2025-12-12 10:41:26 +01:00
Ondrej Kozina
a07c8a556c
Fix C std23 related warnings with new glibc.
...
C standard library functions now preserves qualifiers passed
to some functions. In case of strchr() if the passed argument is
const qualified also the returned value is const qualified. Similarly
if the passed argument is not const qualified neither is the return
value.
This patch makes libcryptsetup compliant with the change and should
be backward compatible with older std libraries.
Thanks Vojta Trefny for heads-up.
2025-12-10 19:01:36 +01:00
Kristina Hanicova
f1ba606c28
ci: Add debian unstable (sid)
2025-11-28 20:46:56 +01:00
Ondrej Kozina
5d69c34f59
Reinstate pbkdf serialization flag in device activation.
...
crypt_activate_by_keyslot_context never respected pbkdf serialation
flag (CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF).
In fact it worked only when device was activated via passphrase or via
passphrase file. It was never respected when device was activated
by a token for example.
When the internal code was fully switched to activation via keyslot
context the legacy code for passphrase based activation was dropped
and we lost track of serialization flag completely.
This fixes all of the issues so now the serialization flag will be
respected also with tokens (and all other activation methods unlocking
LUKS2 keyslot with memory hard pbkdf).
Fixes: 58385d68d8Fixes : #968 .
2025-11-27 14:51:44 +01:00
Ondrej Kozina
e1cbd4ecba
tests: add simple verification test for --serialize-memory-hard-pbkdf
2025-11-27 14:51:32 +01:00
Kfir Kahanov
9ea9af1bcd
tests: Add Bitlocker images for clearkey
2025-11-21 22:07:01 +02:00
Kfir Kahanov
4fe1601d9c
bitlocker: Open bitlocker devices with clearkey
...
Always trying to open with clearkey when available
2025-11-21 22:07:01 +02:00
Kfir Kahanov
72173b2777
bitlocker: Handle getting NULL passwords
2025-11-21 22:07:01 +02:00
Kfir Kahanov
f304132b2b
bitlocker: Support clearkey
...
Clearkey does not mean partially encrypted, and may be on fully
encrypted volumes.
2025-11-21 22:07:01 +02:00
Milan Broz
0779c8ceed
Explicitly mention units (bytes) for volume key in header.
2025-11-21 16:34:47 +01:00
Milan Broz
153aed3d16
Fix key-size descriptions
...
For compatibility reasons, cryptsetup uses key size in BITS
while integritysetup in BYTES.
The help is confusing here, this patch fixes it.
Thanks Daniel Tang for notification.
2025-11-21 16:34:47 +01:00
Milan Broz
8a3e16fa25
tests: Avoid verity concurrent test failure on device node check
...
This regularly crashes on Alpine Linux that use some strange
configuration.
Udev settle seems to help, despite it should be noop on recent systems...
2025-11-21 14:29:38 +01:00
Milan Broz
8da66c3066
verity: Support status info about FEC repaired events
...
Kernel 6.19 will support additional info on dm-verity status
line that contains number of FEC successful repair events.
This patch adds support to libcryptsetup and veritysetup status command.
Ref. https://lore.kernel.org/dm-devel/074e1ecc-6690-1c22-0dba-454e191e1b6f@redhat.com/T/#m1af31c9c4263fe2b1fb58dee2fd7f0bdf045c463
2025-11-20 17:18:37 +01:00
Milan Broz
11a4fc6790
tests: use utility to detect FIPS mode
...
Also try to use crypto lib/kernel check where appropriate.
This can be useful for local testing (non-FIPS kernel) byt
should not break real FIPS systems.
2025-11-19 22:09:27 +01:00
Milan Broz
e4c498d15b
Remove fips argument from crypt_backend_init()
...
It is really not needed, as it is detected automagically.
2025-11-19 22:09:27 +01:00
Milan Broz
e609c47916
tests: Add fips mode detection to crypt check tool
2025-11-19 22:09:27 +01:00
Milan Broz
ccc0c69cd7
Add fips_mode check for kernel.
...
Akso add a separate function so we can detect that kernel and crypto
lib is in different FIPS state (only for testing).
2025-11-19 22:09:27 +01:00
Milan Broz
7fba92260a
ci: Fix Alpine runner dependences
...
gettext-dev install asli gettext.
argp-standalone is needed for with musl
This ensures that we can later use simplified package mappings.
2025-11-19 18:16:17 +01:00
