eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-17 13:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,529 Commits 13 Branches 79 Tags
1a04ffbae476b10e08fc1531b77d7a000ace54fe
Commit Graph

701 Commits

Author SHA1 Message Date
Milan Broz
e84b1ed7c0 Fix scan-build warning (null use). 
Probably false positive but defensive approach is better here.
 2014-08-10 16:06:21 +02:00
Milan Broz
89f795d7b4 Fix keyslot device access for devices not supporting O_DIRECT. 2014-08-08 14:49:38 +02:00
Milan Broz
3762c8b76e Report crypto lib version only once (and add kernel version). 2014-07-27 20:39:06 +02:00
Milan Broz
59fdf2a6bb Properly allow activation of discard even if dm_crypt module is not yet loaded. 
The dm_flags() call cannot be used if dmcrypt module is not present.

Better try to activate volume with dicard flags and if it is not possible,
try to activate device without the discard flag.
 2014-07-24 22:11:58 +02:00
Milan Broz
3640eaa726 Re-check flags after DM device creations. 2014-07-24 11:52:58 +02:00
Milan Broz
2250d5f71f Move safe table params wipe into function which allocates it. 2014-07-24 11:37:24 +02:00
Milan Broz
dc8c47d936 Fallback to old temporary device mapping method if hash is not supported. 2014-07-12 20:30:24 +02:00
Milan Broz
54c7a2b0aa Fix signed/unsigned compiler warnings. 2014-06-29 11:55:11 +02:00
Milan Broz
dfd46df8a5 Properly fail for unsupported IVs. 2014-06-29 10:38:50 +02:00
Milan Broz
25cd4f3a1d Add debug info for crypto wrapper in LUKS keyslot encryption. 2014-06-28 21:50:05 +02:00
Milan Broz
d5b594dd12 Remove uneeded check in luksFormat to allow operation as normal user. 2014-06-28 15:23:04 +02:00
Milan Broz
3add769b51 Add deprecation warning about internal terminal password query. 2014-06-28 13:49:26 +02:00
Milan Broz
d5a72cd65a Fix typo in kernel backend. 2014-06-26 15:38:51 +02:00
Ondrej Kozina
54d81a6258 fix memory leak on error path 2014-06-25 18:03:42 +02:00
Milan Broz
02f860140d Fix trailing space. 2014-06-23 23:30:11 +02:00
Milan Broz
bb8dbfdf5b Update author name. 2014-06-23 21:40:12 +02:00
Milan Broz
8e380183f8 Print minimal device size if LUKS header space is too small. 2014-06-22 17:51:31 +02:00
Ondrej Kozina
4f89028c67 modify FIPS checks 
- we need a way to notify an user about running misconfigured system which
will turn to be unusable in real FIPS mode. For more details look at:
http://bugzilla.redhat.com/show_bug.cgi?id=1009707#c25

- also fixes invisble verbose log about running in FIPS mode due to its misplacement
 2014-06-22 17:24:10 +02:00
Milan Broz
1a6e1ae918 Always remove temporary active device name on load and format. 2014-06-17 22:28:51 +02:00
Milan Broz
aedf39a9ca Remove unused static declaration. 2014-06-17 22:01:59 +02:00
Milan Broz
6be21469fb Use internel PBKDF2 in Nettle library for Nettle crypto backend. 
This also requires Nettle >= 2.6.
 2014-06-17 21:54:14 +02:00
Milan Broz
e0d3ff8aeb Fix non-header context init for device in use. 2014-06-14 23:04:43 +02:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
4d30237f7a Handle error better in storage wrapper. 2014-06-01 22:02:32 +02:00
Milan Broz
a3c0f6784b Process LUKS keyslots in userspace through kernel crypto wrapper. 
This allow LUKS handling without requiring root privilege.

The dmcrypt device-mapper is used only for device activation now.
 2014-06-01 21:34:21 +02:00
Milan Broz
1436f2a0a0 Add wrapper for cipher block size query. 
There is no better way for now without loading crypto modules.
 2014-06-01 20:56:17 +02:00
Milan Broz
9563aa33c8 Fix PBKDF2 for crypto backens which does not support long HMAC keys. 
(Or it rehases key in every iteration.)

- Kernel backens seems not to support >20480 HMAC key
- NSS is slow (without proper key reset)

Add some test vectors (commented out by default).
 2014-04-13 19:34:50 +02:00
Milan Broz
cad0cbf0c8 Fix integer type warnings in debug log. 2014-04-13 16:41:29 +02:00
Cristian Rodríguez
a809224ec7 Fix all format string issues found by the attribute format patch 2014-04-12 08:52:20 +02:00
Cristian Rodríguez
ae23ecb9b2 annotate two function with __attribute__ ((format (printf... 
Helps to find format strings bugs..
 2014-04-12 08:52:06 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
7effba0f71 Fix return codes from LUKS_set_key. 2014-02-27 14:19:01 +01:00
Milan Broz
ad2f50316f Fix memory leak in Nettle crypto backend. 2014-02-05 17:17:55 +01:00
Milan Broz
75c105f853 Do not retry to test gcrypt whirlpool bug. 2014-01-21 20:55:21 +01:00
Milan Broz
680eb76e45 Add internal shortcut for flawed whirlpool hash in gcrypt. 2014-01-19 20:31:48 +01:00
Milan Broz
461011ad2a Add test for flawed Whirlpool hash to gcrypt backend. 
Will be used later, for now add info to debug.
Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
 2014-01-18 13:05:56 +01:00
Milan Broz
486ec44c3e Fix previous commit (do not print warning even for wrong passphrase). 2014-01-01 21:11:12 +01:00
Milan Broz
8dc4877697 Fix error message when some algoritmhs are not available. 
Fixes http://www.saout.de/pipermail/dm-crypt/2013-December/003721.html
 2013-12-29 09:56:23 +01:00
Milan Broz
7415c5858d Count system time in PBKDF2 benchmark if kernel return no self usage info. 
This is kind of workaround for Issue#192...
 2013-12-22 10:12:36 +01:00
Milan Broz
004dc271a4 Fix wrong block size if used on 4k block fs through loop device. 
Always use page size if running through loop device.
 2013-12-08 16:09:25 +01:00
Milan Broz
a9b24ccc82 Remove obsoleted warning. 2013-12-08 00:04:32 +01:00
Milan Broz
c57071a43a Fix TCRYPT system encryption mapping for multiple partitions. 
Since this commit, one can use partition directly as device parameter.

Should fix Issue#183 and Issue#188.
 2013-12-07 23:58:56 +01:00
Milan Broz
f3e398afc5 Rewrite cipher benchmark loop. 
Using getrusage seems toi give not adequate precision,
so use clock_gettime and try to scale buffer size a bit
on high performance systems.

If it still fail, return ERANGE error instead calculating
completely unreliable numbers.

Should fix Issue#186.
 2013-12-01 10:55:35 +01:00
Ondrej Kozina
f30bbbffe7 Fix minimal size expectations failure for backup header file 
- backup header file must be page size aligned
- fix for https://bugzilla.redhat.com/show_bug.cgi?id=1030288
- add regression test to api-tests
 2013-11-21 19:48:12 +01:00
Milan Broz
58b5be440f Fix initialization of unknown used device. 
dm_query can return open count, this should be processed
as success (and properly fail later ;-)
 2013-11-19 20:57:23 +01:00
Milan Broz
626801f7df Unify LUKS type check. 
Warn if device type is not set (incompatible activation
either by manual dmsetup or other tools).
 2013-11-19 20:50:36 +01:00
Dave Reisner
18901fd501 libdevmapper: correctly compare major and minor versions 
Previously, this code could incorrectly identify a version of crypt or
dm due to the way it compared versions. For example, if a feature was
gated on crypt version 1.5, it would disable the feature for crypt
version 2.2.
 2013-11-14 08:32:02 +01:00
Milan Broz
5b86cb5cc2 Enable TCW dmcrypt version check (patch should be in kernel 3.13). 2013-11-10 22:20:30 +01:00
Milan Broz
ce23225e46 Check if provided cipher and mode is usable before writing LUKS header to disk. 
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.

Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).

Fixes Issue#176
 2013-11-10 22:11:00 +01:00
Milan Broz
09c229fe6c Support limitation for "plain" hash (no hash). 
This can be used for mapping problematic cryptosystems which
wipes some key (losetup sometimes set last byte to zero).
 2013-11-10 19:31:02 +01:00