This is temporary hotfix for stable 2.3.6 release. The full
fix that requires new API will be provided in later 2.4.0
release.
For more info see issue #614.
This patch fixes several problems:
- some optional features for dm-verity can be larger than pre-allocated buffer
- device paths and other strings can be allocated dynamically
- featured options with keys in dm-integrity are not wiped on stack
- get rid of strncat()
- always check return code of snprintf
Related #648
In ideal system nothing should touch test devices, but to make tests
more robust, we should expect that something is still scanning devices
after activation. So replace all checks for CRYPT_ACTIVE to allow
also CRYPT_BUSY.
(Fixes some problems seen in #633)
We support most recent crypto algorithms, so this
is only addition of the Blake hash family.
Kernel and gcrypt crypto backend supports all variants,
OpenSSL only Blake2b-512 and Blake2s-256.
There is no useable support for NSS and Nettle yet.
Crypto backend supports kernel notation e.g. "blake2b-512"
that is translated to the library backend names.
TrueCrypt/VeraCrypt supports backup header, it seems to have
the same format as normal header.
Let's use --header option here, it can be used to unlock data partition
with header backup (open and dump commands).
Fixes: #587.
Starting with version 2.0.0, libpasswdqc can use memory allocation
when loading configuration that contains new optional parameters.
It's therefore recommended to free all memory allocated by
passwdqc_params_load using new passwdqc_params_free function
introduced in the same version of libpasswdqc.
[slightly modified by mbroz]
Some stable kernels started to return buffer from terminal
in partial buffers of maximal size 64 bytes.
This breaks all passphrases longer than 64 characters entered
through interactive input (for all crypto formats).
(The problem is probably fixed in more recent kernels, but
the read() call can always return a partial read here.)
This patch also fixes wrong password limit, the last character
of passphrase of maximal size was never handled.
Now the maximal passphrase length is really 512 characters.
Fixes: #627.
Most of these functions already works even with device=NULL.
There can be some rare situations when this call could happen,
so be safe always.
(Like initialization for a device that disappears during init.)
Also see
https://bugzilla.redhat.com/show_bug.cgi?id=1932946
