If AddKey was called with master key argument, the code always asked
for a passphrase ignoring the keyfile argument.
Now it is properly processed as the same as if no master key is specified.
The --header always takes precedence over positional device argument.
Also allow specify UUID= for luksSuspend and luksResume if used with
detached header.
Apparently there are some people using ECB.
This mode by design do not use any IV, unfortunately
kernel dmcrypt allows to specify them (but userspace crypto api don't).
Let support activation as it was in previous version.
Should fix issue#238.
If LUKS device was configured to use detached header, suspend operation
required --header option. For now it is enough that active device in-kernel
UUID type is set properly.
FIxes issue#229.
- cryptsetup library is not required to be FIPS certified anymore
due to fact gcrypt PBKDF2 algorithm can be used instead of
cryptsetup internal one.
- check in library constructor is no longer needed and therefore
removed.
- all other checks regarding MK extraction or random generator
restrictions remain the same
The strerror_r call exists in POSIX and GNU variant,
if POSIX variant is used (like in musl libc replacement)
we cannot rely on char* pointer.
Fixes issue#237.
The partial read usually happens only on IO error,
so reencrypt at least part what is read properly.
For EINTR code must restart read completely.
Fixes issue#226.
O_DIRECT operations directed towards filesystem are problematic:
There's no sane way how to detect specific filesystem requirements
for such operations.
This patch is replacing O_DIRECT flag with O_SYNC flag for all
open() calls related to reencrypt log. The O_SYNC flag is used
when --use-fsync option is detected.
Man page is modified accordingly.
All these are Python interface misconceptions,
the strings (or string arrays) in parameters should be const
parameters.
To avoid gcc confusing warnings just explicitly re-cast them.
The dm_flags() call cannot be used if dmcrypt module is not present.
Better try to activate volume with dicard flags and if it is not possible,
try to activate device without the discard flag.
