eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,589 Commits 16 Branches 78 Tags
429afe8fc3532bb30cc8b47a8247a61a643be59c
Commit Graph

3589 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
c400a84987 Add 2.4.2 release notes. 2021-11-17 13:11:26 +01:00
Yuri Chornoivan
ce52bb2f5a po: update uk.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Yuri Kozlov
bf374ca9e6 po: update ru.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Hiroshi Takekawa
17ca463767 po: update ja.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Frédéric Marchal
aa8d8ec0ae po: update fr.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Roland Illig
1b08d47045 po: update de.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Petr Pisar
0f656105e2 po: update cs.po (from translationproject.org) 2021-11-16 16:53:12 +01:00
Milan Broz
0b3a7ecd01 Update cryptsetup.pot. 2021-11-16 16:52:22 +01:00
Milan Broz
a364355c16 Fix missing translation macros. 2021-11-10 15:29:29 +00:00
Milan Broz
7086c414bc Avoid casting of uint64_t to unsigned int in debug messages. 2021-11-10 13:39:54 +00:00
Milan Broz
0bb193d487 Fix code style. 
We do not use curly brackets in this context.
 2021-11-10 13:39:54 +00:00
Milan Broz
80b57c6e24 Free json buffer on error path. 
Code should not return allocated buffer if validation fails.

(But this does not fix a leak, memory is freed later, it is just more readable.)
 2021-11-10 13:39:54 +00:00
Milan Broz
9576549fee Fix bogus memory allocation if LUKS2 header size is invalid. 
LUKS2 code read the whole header to buffer to verify checksum,
so malloc is called on unvalidated input size parameter.

This can cause out of memory or unintentional device reads.
(Header validation will fail later anyway - the size is unsupported.)

Just do not allow too small and too big allocations here and fail quickly.

Fixes: #683.
 2021-11-10 13:39:54 +00:00
Milan Broz
0cc5f2fdf9 Fix debug message printing LUKS2 checksum. 
The trailing NUL is written already by snprintf, moreover,
it is written on wrong place here.

Just rely on snprintf here.

Fixes: #685.
 2021-11-10 12:56:20 +01:00
Abhijit Menon-Sen
26a3f3b058 Fix typo ("Veryfing") 2021-11-02 08:08:28 +01:00
Milan Broz
e03f3bb36e Set devel version. 2021-11-01 17:11:33 +01:00
Daniel Zaťovič
be5ab79c9d Switch GitLab CI tags for the libvirt custom runner. 2021-10-26 19:28:42 +02:00
Milan Broz
083cdb9310 Add a debug message before running keyslot PBKDF. 
This is useful for debugging if the process is killed by OOM.
 2021-10-15 19:17:45 +02:00
leongross
ca30d3cda9 fix minor README.md issues 2021-10-12 14:55:16 +00:00
Мирослав Николић
5c17722854 po: update sr.po (from translationproject.org) 2021-10-12 16:54:00 +02:00
Milan Broz
49177aac46 Add test vector for empty password for Argon2. 
While it is insecure, we need crypto backend to support this :)
 2021-10-06 21:54:49 +02:00
Milan Broz
d20beacba0 Remove redundant link to uuid lib for static build. 
Veritysetup does not need to link this library at all, for others
we have link already in flags.
 2021-10-06 13:02:51 +02:00
Milan Broz
26cc1644b4 Do not link integritysetup and veritysetup with pwquality. 
These tools do not read passphrases, no need to link to these libraries.

Just move the helper code that introduced this dependence as a side-effect.

Fixes: #677
 2021-10-06 13:02:19 +02:00
Milan Broz
9ed0036286 CI: comment out fixed project rule for merge request jobs. 
We need pipeline to be created here, seems GitLab does not
allow it otherwise.
 2021-09-29 15:20:54 +02:00
Milan Broz
00f7d92514 OpenSSL backend: no need to use strlen for KDF param length. 2021-09-29 10:24:45 +00:00
Milan Broz
43674b2903 OpenSSL3 backend: avoid remaining deprecated calls in API. 
Implement HMAC through new API.

In reality, these calls are never used (the only user is internal PBKDF2
that is never called with OpenSSL backend).
 2021-09-29 10:24:45 +00:00
Milan Broz
5cfd5fc4cd Crypt vectors test: add test for hash/hmac context reset. 
The crypto API expects that after final() call the context is reset,
let's test if backend properly supports it.
 2021-09-29 10:24:45 +00:00
Milan Broz
9f252d4bf8 Install openssl binary for CI test. 2021-09-27 22:31:34 +02:00
Ondrej Kozina
321057eed5 Add Fedora rawhide runner to CI. 2021-09-27 17:25:13 +02:00
Ondrej Kozina
1a3d049454 Add tags for currently available runners. 2021-09-27 17:09:21 +02:00
Milan Broz
9d1f29a9fd OpenSSL backend: separate KDF wrappers. 
Prepare code for later to add Argon2 OpenSSL wrapper more easily.
 2021-09-22 08:25:19 +00:00
Milan Broz
da31341d5d OpenSSL3 backend: use predefined macros to construct KDF params. 2021-09-22 08:25:19 +00:00
Milan Broz
10b1d6493e Check if DM create device failed in an early phase. 
This happens when concurrent creation of DM devices meets
in the very early state (no device node exists but creation fails).

Return -ENODEV here instead of -EINVAL.

(Should "fix" random verity concurrent test failure.)
 2021-09-21 17:58:34 +02:00
Milan Broz
a76310b53f Do not try to set compiler optimization flag if wipe is implemented in libc. 
If zeroing memory is implemented through libc call (like memset_bzero),
compiler should never remove such call. It is not needed to set O0
optimization flag explicitly.

Various checkers like annocheck causes problems with these flags,
just remove it where it makes no sense.

(Moreover, we use the same pattern without compiler magic
in crypt_backend_memzero() already.)
 2021-09-20 17:42:20 +02:00
Yuri Kozlov
26d26d7134 po: update ru.po (from translationproject.org) 2021-09-17 18:52:18 +02:00
Hector Martin
a1b577c085 Do not attempt to unload external tokens if USE_EXTERNAL_TOKENS is disabled. 
This allows building a static binary as long as --disable-external-tokens is used
 2021-09-17 05:44:18 +00:00
Milan Broz
8a0682650e Version 2.4.1. v2.4.1 2021-09-15 11:29:09 +02:00
Milan Broz
85e5ccec17 Update cryptsetup.pot. 2021-09-15 11:26:57 +02:00
Milan Broz
3da5352b89 Fix compatible OpenSSL backend constructor definition. 2021-09-15 08:13:49 +02:00
Ondrej Kozina
1569558503 Fix offset bug in LUKS2 encryption code. 
The code did not account for data offset when
set via --offset when creating new header in-before
LUKS2 encryption took place.
 2021-09-14 16:10:24 +02:00
Ondrej Kozina
ce704859b8 Fix offset error in decryption hotzone. 
The hotzone segment offset has to be altered
accordingly no matter the segment type.

Note for testing: This feature is currently
blocked in cli but it should be tested via
API tests anyway.
 2021-09-14 15:21:07 +02:00
Milan Broz
fd18e0b1c9 Fix integrity test & non-fips algorithms. 
Apparently algorithms can be in /proc/crypto despite they are not available.
Just limit failure of the test to sha and crc algorithms.
 2021-09-14 14:51:50 +02:00
Milan Broz
ba4d5680d6 Fix typo and EOL in vector test. 2021-09-14 10:33:38 +02:00
Milan Broz
75e45462f0 Cache FIPS mode check. 
We do not support switch while the crypto backend is already initialized,
so it does not make sense to check repeatedly for the FIPS mode status.
 2021-09-14 09:56:05 +02:00
Milan Broz
f8eb7b225a Do not load own OpenSSL backend context in FIPS mode. 
In the FIPS mode keep configuration up to the system wide config.
 2021-09-13 21:56:59 +02:00
Milan Broz
29ea07ef66 OpenSSL backend: make legacy for OpenSSL3 optional and report loaded providers 2021-09-13 21:56:54 +02:00
Ondrej Kozina
6c9d386303 Adapt crypto backend to openssl3 lib context. 
Fully leverage openssl custom library context for various
providers (default, legacy). It can be used to properly
free all openssl resources used by libcryptsetup when
libcryptsetup is unloaded (and destructor is triggered).
 2021-09-13 16:54:40 +02:00
Arno Wagner
bf84ead85c sync to Wiki 2021-09-13 11:03:15 +02:00
Yuri Chornoivan
ca2ba1a6f5 po: update uk.po (from translationproject.org) 2021-09-07 12:41:48 +02:00
Jakub Bogusz
284d1615c8 po: update pl.po (from translationproject.org) 2021-09-07 12:41:48 +02:00