eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-20 07:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,622 Commits 13 Branches 81 Tags
35d29b22c04c1f6e6bd0e359cfd8cd15468f4a0c
Commit Graph

1622 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
7ae863e380 Prepare version 1.6.8. v1_6_8 2015-09-08 12:53:48 +02:00
Milan Broz
f238e8c075 Add 1.6.8 release notes. 2015-09-08 12:26:54 +02:00
Milan Broz
7d9a14fd24 Fix some signed/unsigned compiler warnings. 2015-09-08 08:12:07 +02:00
Milan Broz
2f964d95d8 Fix benign warning in clang analysis output. 2015-09-08 07:54:03 +02:00
Milan Broz
00f419e5ea Add zh_CN.po. 2015-09-05 13:07:05 +02:00
Milan Broz
cc698dcde3 Update es.po. 2015-08-31 10:08:36 +02:00
Milan Broz
edced6cfed Update nl.po. 2015-08-30 12:58:33 +02:00
Milan Broz
4fb11976d2 Update po files. 2015-08-28 12:59:59 +02:00
Milan Broz
68ba5b2b36 Update fr.po. 2015-08-27 16:22:13 +02:00
Milan Broz
65fa22ff23 Override password quality check if used cipher is cipher_null. 2015-08-27 16:21:07 +02:00
Milan Broz
c25d81d2a1 Update po files. 2015-08-27 07:53:13 +02:00
Milan Broz
57d16a7a55 Fix misleading error messages in reencrypt. 2015-08-26 16:15:11 +02:00
Milan Broz
def397d0c8 Update libcryptsetup.h comments. 2015-08-26 16:10:10 +02:00
Milan Broz
7843415243 Move string_to_size to userspace tools. 2015-08-26 12:42:25 +02:00
Milan Broz
5a8b045bdd Properly support stdin "-" handling for luksAddKey. 2015-08-26 12:41:20 +02:00
Milan Broz
ab62f45d57 Use stdin and "-" file check wrapper. 2015-08-26 10:54:33 +02:00
Milan Broz
e521edd6ca Print cryptsetup library version in crypto init. 2015-08-26 10:42:47 +02:00
Milan Broz
3a0293a299 Do not link FIPS helper to cryptsetup anymore. 
Just print info about FIPS mode in RNG init.
 2015-08-26 10:36:49 +02:00
Milan Broz
8a4db1ad7b Ingore Whirlpool test instead of failing. 2015-08-26 10:35:38 +02:00
Milan Broz
1aba9ab444 Cryptsetup resize will try resize also underlying device. 
If encrypted device is file-backed, resize should try to resize
underlying loop device as well.
 2015-08-19 14:16:42 +02:00
Milan Broz
dfa2755aba If the null cipher is used, allow only empty password for LUKS. 
The cipher_null is no-encryption, it can be used for testing
or temporarily when encrypting device (cryptsetup-reencrypt).

Accepting only empty password prevents situation when you replace
a LUKS header on an unlocking device with the faked header using
null cipher (and the same UUID).
Here a system could think that the device was properly unlocked
(with any entered password) and will try to use this unencrypted
partition instead.
(IOW it prevents situation when attacker intentionaly forces
an user to boot into dirrerent system just by LUKS header manipulation.)

Properly configured systems should have an additional integrity protection
in place here (LUKS here provides only confidentiality) but it is better
to not not allow this situation in the first place.
(Despite the fact that once you allow physical tampering of your system
it cannot be properly secured anymore.)
 2015-07-02 08:21:19 +02:00
Milan Broz
6e82bdd9a5 Do not use real password when unlocking "fake" header on reecryption. 
If reencrypt removes encryption (or adds encryption to not yet encrypted system)
there is a temporary header using null (none) cipher.
We do not need to pass through password when unlocking these devices.
 2015-07-02 08:18:44 +02:00
Milan Broz
0dc245401f Allow to enter empty password through stdin pipe. 
Also always use empty passsword when using null cipher in tests.
 2015-07-02 08:18:12 +02:00
Milan Broz
a57f1b1b64 Silence repeated device removal in verity test. 2015-07-02 08:13:42 +02:00
Milan Broz
1a50fee1d0 Update po files. 2015-04-19 09:55:13 +02:00
Milan Broz
046e0e5280 Update README.md. 2015-03-23 21:20:56 +01:00
Milan Broz
656b55cd4b Set devel version. 2015-03-23 20:41:33 +01:00
Milan Broz
8d7af433d8 Update po files. 2015-03-23 20:40:04 +01:00
Milan Broz
dc3de39eb7 Include prototype for stat(). 2015-03-23 20:38:14 +01:00
Milan Broz
3d403a7bd0 Bump libcryptsetup version. v1_6_7 2015-03-23 18:22:16 +01:00
Milan Broz
91f6296699 Prepare version 1.6.7. 2015-03-23 17:49:06 +01:00
Milan Broz
bd94eb36b3 Update po files. 2015-03-20 13:32:42 +01:00
Milan Broz
1a19329b18 Use silent rules in autoconf. 2015-03-20 13:32:13 +01:00
Milan Broz
78a43c053a Update po files. 2015-03-19 12:35:09 +01:00
Milan Broz
d7d76e72f7 Update URLs (->gitlab.com). 
The code.google is going to be abandoned.
Thank you you for all the fish.
 2015-03-19 11:23:16 +01:00
Milan Broz
dd0dcc05df Fix typo in URL. 2015-03-19 11:05:28 +01:00
Milan Broz
3be8731fef Add notes about releases. 2015-03-19 11:03:14 +01:00
Milan Broz
86d0ff1a2b Add README.md for project page info. 2015-03-19 10:43:40 +01:00
Milan Broz
3adfe80601 Test device read only once for O_DIRECT. 
Also do not report error for disappeared device (it is reported later on real access).
 2015-03-19 09:39:36 +01:00
Milan Broz
0bc437d92c Detect if O_DIRECT is usable on device allocation. 
Try to read the first sector of a device when allocating
device context.

Should fix issue#247.
 2015-03-18 15:01:53 +01:00
Milan Broz
6b10f30eb9 Reorder algorithms for VeraCrypt modes. 2015-02-27 10:12:54 +01:00
Milan Broz
fedd5bc969 Update de.po. 2015-02-26 08:08:16 +01:00
Milan Broz
8aee4f95fb Clarify using of VeraCrypt modes in libcryptsetup.h. 2015-02-25 10:55:24 +01:00
Milan Broz
1f2d8de95f Support VeraCrypt devices (TrueCrypt extension). 
Add CRYPT_TCRYPT_VERA_MODES libcryptswtup flag and
--veracrypt option.

Fixes issue#245.
 2015-02-24 22:04:15 +01:00
Milan Broz
dced269426 Update kernel version in man page. 2015-02-23 10:19:02 +01:00
Milan Broz
b834a59eaf Fix typo in man page. 
Fixes issue#244.
 2015-02-20 16:57:20 +01:00
Milan Broz
4f7b413638 Add low-level performance options for dmcrypt tuning. 
The patch adds the two options
  --perf-same_cpu_crypt
  --perf-submit_from_crypt_cpus
that set the same named options inside dmcrypt
(available in Linux kernel 3.20 and later).
 2015-02-20 16:46:34 +01:00
Milan Broz
e4355c2973 Wait for udev scan before removing device in reencrypt test. 2015-02-20 13:02:27 +01:00
Milan Broz
31a4d552a2 Support keyfile offset and keyfile size option even for plain volumes. 
For historic reasons, in the plain mode the hashing is not used
if keyfile is used (with exception of --key-file=-).

Print warning if the parameters are ignored.

For other cases, uses keyfile offset, keyfile size and hash
as psecified on commandline.

Partially fixes issue#243
 2015-02-20 12:55:21 +01:00
Milan Broz
6d51e8ab69 Support permanent device decryption using cryptsetup-reencrypt --decrypt. 2015-01-27 14:20:34 +01:00