eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,208 Commits 15 Branches 78 Tags
v1_7_x
Commit Graph

54 Commits

Author SHA1 Message Date
Milan Broz
e91b90b8c9 Fix access to unaligned hidden TrueCrypt header. 
On native 4k-sector device the old hidden header is not aligned
with hw sector size and derect-io access with SEEK_END fails.

Let's extend blockwise functions to support a negative offset
and use the same logic as normal unaligned writes.

Fixes problem mentioned in
https://gitlab.com/cryptsetup/cryptsetup/merge_requests/18
 2017-04-04 16:04:49 +02:00
Ondrej Kozina
2d298071e4 Use read/write buffer functions where appropriate. 2017-04-04 16:03:39 +02:00
Milan Broz
640eba3569 Update copyright years. 2017-03-12 13:23:34 +01:00
Milan Broz
f92786a044 Avoid possible divide-by-zero warnings. 2016-05-19 12:57:31 +02:00
Milan Broz
b282cb2366 Fix warnings reported by static analysis. 
- ensure that strings are \0 terminated (most of this is already
handled on higher level anyway)

- fix resource leak in error path in tcrypt.c

- fix time of check/time of use race in sysfs path processing

- insruct Coverity scanner to ignore constant expression in random.c
(it is intented to stop compile-time misconfiguration of RNG that would be fatal)
 2016-05-19 12:56:51 +02:00
Ondrej Kozina
d260be02d4 tcrypt: fix potential memory leak on error path 2015-10-29 12:06:40 +01:00
Milan Broz
6b10f30eb9 Reorder algorithms for VeraCrypt modes. 2015-02-27 10:12:54 +01:00
Milan Broz
1f2d8de95f Support VeraCrypt devices (TrueCrypt extension). 
Add CRYPT_TCRYPT_VERA_MODES libcryptswtup flag and
--veracrypt option.

Fixes issue#245.
 2015-02-24 22:04:15 +01:00
Milan Broz
f7b61b2617 Prevent compiler to optiize-out memset for on-stack variables. 
Also see
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

The used code is inspired by the code in Blake2 implementation.
 2015-01-11 20:26:45 +01:00
Ondrej Kozina
54d81a6258 fix memory leak on error path 2014-06-25 18:03:42 +02:00
Cristian Rodríguez
a809224ec7 Fix all format string issues found by the attribute format patch 2014-04-12 08:52:20 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
486ec44c3e Fix previous commit (do not print warning even for wrong passphrase). 2014-01-01 21:11:12 +01:00
Milan Broz
8dc4877697 Fix error message when some algoritmhs are not available. 
Fixes http://www.saout.de/pipermail/dm-crypt/2013-December/003721.html
 2013-12-29 09:56:23 +01:00
Milan Broz
a9b24ccc82 Remove obsoleted warning. 2013-12-08 00:04:32 +01:00
Milan Broz
c57071a43a Fix TCRYPT system encryption mapping for multiple partitions. 
Since this commit, one can use partition directly as device parameter.

Should fix Issue#183 and Issue#188.
 2013-12-07 23:58:56 +01:00
Milan Broz
54c1f71bd3 Detect presence of TCW mode support in kernel dmcrypt. 2013-10-20 13:20:22 +02:00
Milan Broz
a7e2809466 Properly calculate key sizes (inluding IV seed and whitening) for TCRYPT. 
Also prepare code for possible activation through dmcrypt for some
CBC container variants.
 2013-10-20 13:07:24 +02:00
Milan Broz
3be96efe0b Map TCRYPT system encryption through partition. 
Kernel doesn't allow mapping through whle device if some
other partition an the device is used.

So first try to find partition device which match
system encryption (== TCRYPT partition system encryption)
and use that.
 2013-06-30 10:46:21 +02:00
Milan Broz
99a2486b09 Simplify sysfs helpers. 2013-06-30 09:05:43 +02:00
Milan Broz
42b0ab437a Print a warning if system encryption is used and device is a partition. 
System encryption hav metadata in space located ouside of
partition itself.

Ideally the check should be automatic but for virtualized systems
(where a partition could be "whole device" for another sustem this
can be dangerous.
 2013-06-23 15:26:45 +02:00
Milan Broz
a36de633d5 Fix mapping of TCRYPT system encryption for more partitions. 
If TCRYPT system encryption uses only partition (not the whole device)
some other partitions could be in use and we have to use
more relaxed check to allow device activation.
 2013-06-23 15:24:01 +02:00
Milan Broz
6127b6959f Update copyright year on changed files. 2013-03-24 09:05:33 +01:00
Milan Broz
c810b0514e Return EPERM instead EINVAL for too long TCRYPT passphrase. 2013-02-15 09:52:22 +01:00
Milan Broz
e600024908 Fix passphrase pool overflow for TCRYPT device id passphrase > pool size. 
TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.
 2013-02-14 14:37:50 +01:00
Milan Broz
929dc47be4 Fix displaying of error messages for mising kernel features. 2013-01-08 14:19:31 +01:00
Milan Broz
46de69d0e6 Add kernel userspace header detection. 
Add --disable-kernel_crypto to allow compilation with old kernel.
 2012-12-30 12:28:30 +01:00
Milan Broz
05da2ed2c2 Skip TCRYPT KDF if hash is not available. 2012-12-29 20:23:52 +01:00
Milan Broz
6190ad928d Support device/file images if O_DIRECT cannot be used (1.5.1). 
On some filesystems (like tmpfs) O_DIRECT cannot be used.
So just try to open device without O_DIRECT in the second try.
 2012-12-29 15:33:20 +01:00
Milan Broz
7eccb7ff50 Change License for sub-libraries from GPLv2 only to LGPLv2.1+ ("or any later") 
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.

Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
 2012-12-29 11:47:28 +01:00
Milan Broz
e4c4049741 Add basic support for system TCRYPT device. 
Rename option hidden to tcrypt-hidden.
 2012-12-22 22:34:09 +01:00
Milan Broz
50d5cfa8bc Get page size should never fail (in the works case it fails later with wrong alignment). 2012-12-10 17:47:06 +01:00
Milan Broz
80d21c039e Fix some problems found by Coverity scan. 2012-12-10 17:28:52 +01:00
Milan Broz
549ab64358 TCRYPT: properly wipe all buffers; use prefix for all functions. 2012-12-10 16:36:22 +01:00
Milan Broz
a4585423fd Remove some gcc extra warnings (signed/unsigned problems etc). 2012-12-02 23:13:59 +01:00
Milan Broz
5aef0809d4 Add TCRYPT documentation, 2012-12-02 21:32:49 +01:00
Milan Broz
72c111bac4 Fix (stupid) crc32 keyfile endianess bug. 2012-12-01 14:32:01 +01:00
Milan Broz
ffb6ecc488 Add TCRYPT api test, fix some minor problems found. 2012-11-30 18:41:10 +01:00
Milan Broz
0461d9e822 Better tcrypt test options. 2012-11-30 15:03:01 +01:00
Milan Broz
4f7262aa96 And fix previous comment once more... :) 2012-11-30 13:52:03 +01:00
Milan Broz
eac953c6e4 Fix skcipher failure handling. 2012-11-30 13:37:14 +01:00
Milan Broz
d7fc953fa2 Handle kernel crypto api init failure better. 2012-11-29 18:01:02 +01:00
Milan Broz
21756a1969 TCRYPT: fix activation and hidden device offsets. 2012-11-27 17:13:53 +01:00
Milan Broz
17a8e85cb8 TCRYPT: add backup header option. 2012-11-26 13:15:08 +01:00
Milan Broz
46cf1c6ce0 TCRYPT: simplify code, support blowfish chains for header 2012-11-25 22:52:47 +01:00
Milan Broz
c81260b3c3 TCRYPT: add dump command 2012-11-23 17:10:57 +01:00
Milan Broz
8d69e19ac1 TCRYPT: support crypt_volume_key_get 2012-11-23 15:20:46 +01:00
Milan Broz
6ab93841e9 TCRYPT: show proper device in status for chained mode 2012-11-23 13:46:23 +01:00
Milan Broz
52cbbdaf38 TCRYPT: move all header handling into library. 
Add warning about unsupported modes.
 2012-11-23 13:01:43 +01:00
Milan Broz
0996a43dbb TCRYPT: parse cipher chain on init. 2012-11-22 17:28:03 +01:00