eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-23 16:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,747 Commits 13 Branches 81 Tags
6244b4d00f93dbe966a010737c6aaec4221db74c
Commit Graph

1747 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
7c9312607c Fix cryptsetup-reencrypt static build if pwquality is enabled. 
In static build we need to link also to pwquality.

Fixes Issue#357.
 2017-12-17 15:20:49 +01:00
Ondrej Kozina
286c2960c8 silence signed/unsigned compiler warnings 
any array with item count close to INT32_MAX would
not fit LUKS2 header json area anyway
 2017-12-13 12:06:58 +01:00
Ondrej Kozina
a12e374a04 harden checks of json_object_array_length return values 
with json-c until 0.12.x json_object_array_length returned signed
integer. json-c 0.13.x and later changed return type to unsigned
size_t.

Consider return values less or equal to zero as empty array, otherwise
array is non-empty.
 2017-12-13 12:06:54 +01:00
Ondrej Kozina
d799c8bd1e update crypt_resize api docs 2017-12-12 14:02:41 +01:00
Milan Broz
251eec8401 Update Readme.md. 2017-12-10 21:26:56 +01:00
Milan Broz
bca8a32674 Prepare version 2.0.0. v2.0.0 2017-12-10 20:49:43 +01:00
Ondrej Kozina
c740324636 Derive VK kernel key description from digest id 
Originally the key description for VK was derived
from segment id. This could lead to ambiguity when
keyslot key is verified and loaded in kernel keyring
using activation functions with CRYPT_ACTIVATE_KEYRING_KEY
flag raised.
 2017-12-10 19:56:14 +01:00
Milan Broz
f049afcb5b Fix a rare fail in key-length regression test with PBKDF2. 
PBKDF2 has nasty behaviour that it generates the same output
for passwords that has several trailing zero bytes.
(IOW null trailing bytes causes collision.)

Unfortunatelly our test plays with password length
and expect wrong length must always fail.
Sometimes the randomly generated key key contains
the null byte in the "wrong" place and PBKDF2 causes test to fail.

For now, fix it by using fixed keyfile without null bytes
(similar to fixed passphrased we already have).
 2017-12-10 11:39:00 +01:00
Ondrej Kozina
c188654ebd simplify kernel keyring key removal path 
simplify crypt_drop_keyring_key

also do not search for keyring keys when we know
we haven't loaded any
 2017-12-09 14:55:23 +01:00
Ondrej Kozina
a6aba8cab2 tests: check keyring key is gone after crypt_suspend 2017-12-09 14:53:02 +01:00
Ondrej Kozina
583fbfdb2a drop keyring key after successful crypt_suspend 
due to wrong sequence of function calls the volume key
(if present) in keyring was never dropped properly.
 2017-12-09 14:52:46 +01:00
Ondrej Kozina
7c34ac6f6d always return error when VK fails to load in keyring 2017-12-09 14:52:26 +01:00
Milan Broz
b72354ca22 Fix test scripts to always use different keyfile size. 
Othewise it fails later with 1/256 probability if the first random byte is
the same :-]
 2017-12-07 14:21:29 +01:00
Ondrej Kozina
82d81b9e86 extend use of lseek_blockwise functions 2017-12-07 13:01:04 +01:00
Ondrej Kozina
ed19ddf620 be specific about version in failed format operation 2017-12-07 13:00:59 +01:00
Milan Broz
ebbd33db7a Add po file. 2017-12-07 12:16:37 +01:00
Milan Broz
7ba4ca1854 Add bundled lib README to package. 2017-12-07 12:15:55 +01:00
Milan Broz
fa1f8c0d87 Limit KDF memory by available physical memory. 
On some systems the requested amount of memory causes OOM killer
to kill the process (instead of returning ENOMEM).

For now, we never try to use more than half of available
physical memory.
 2017-12-07 10:43:52 +01:00
Milan Broz
e0cacef52e Align legacy keyslot temporary device according to keyslot alignment. 
For some strange filesystems (nfs) we get big block size (1MB).

For temporary keyslot devices this mapping does not make sense and
can cause problem with detached headers that are smaller (contains
exactly the slot size).
 2017-12-06 17:07:24 +01:00
Milan Broz
767ed40b75 Use better "time cost" for Argon than time. 2017-12-05 15:41:24 +01:00
Milan Broz
3c2f92a7af Increase Argon2 LUKS2 default. 2017-12-05 14:44:44 +01:00
Milan Broz
2568f828c8 Workaround to delete stale library if --disable-libargon2 was used. 2017-12-05 14:43:41 +01:00
Michal Virgovic
5427f55358 Add test for integritysetup modes. 2017-12-05 10:50:45 +01:00
Ondrej Kozina
92b41e4935 more return NULL instead of 0 cleanups 2017-12-01 13:17:32 +01:00
Ondrej Kozina
6edae6ddef return NULL instead of 0 2017-12-01 13:10:37 +01:00
Ondrej Kozina
f787eafd8a drop duplicate default segment define 2017-11-30 16:54:06 +01:00
Milan Broz
9588a961d6 Do not alloc tcrypt keyfileon stack. 
The keyfile has 1MB, it is better to run malloc for this code.
 2017-11-24 13:45:21 +01:00
Ondrej Kozina
88758703fa test: update luks2 validation tests 2017-11-23 16:18:27 +01:00
Ondrej Kozina
3c839f44d8 luks2: fix off-by-one error in uint64 validation 2017-11-23 16:18:19 +01:00
Ondrej Kozina
304bdd7d0d luks2: add json_object_new_uint64 wrapper 
json doesn't support 64 bits integers. We workaround it by storing
large numbers as string and validate the value internally.
 2017-11-23 16:18:14 +01:00
Ondrej Kozina
382d27b4dc remove unused function 2017-11-23 16:17:07 +01:00
Milan Broz
b80278c04f Ignore device opt-io alignment if it is not multiple of minimal-io. 
Some USB enclosures seems to report bogus topology info.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1513820
 2017-11-21 15:39:36 +01:00
Ondrej Kozina
7d4fcfa191 fix memleaks on integrity format error path 2017-11-19 10:01:59 +01:00
Ondrej Kozina
ad3fe00dea fix memleaks on verity format error path 2017-11-19 09:51:59 +01:00
Milan Broz
f507d16baa Update bundled Argon2 source. 2017-11-14 12:07:53 +01:00
Milan Broz
dcce2edc4f Fix integrity setup test journal watermark setting. 2017-11-14 09:31:33 +01:00
Milan Broz
e7e1e7a0a3 Update po files. 2017-11-13 19:57:59 +01:00
Milan Broz
68f4485cdd Fix deactivation of standalone integrity device. 2017-11-13 19:57:16 +01:00
Guilhem Moulin
d93ac3c496 Remove libargon2 code from source tree 
[mbroz: fix for make distcheck]
 2017-11-08 10:51:58 +01:00
Andrea Gelmini
a97de38b6b Fix typos. 2017-11-08 10:22:49 +01:00
Milan Broz
444eac3597 Update po files. 2017-11-08 09:56:32 +01:00
Ondrej Kozina
1f01c76fa5 fix memory leak on failed luks2 activation 2017-11-03 17:30:14 +01:00
Milan Broz
16da1a5c88 Version 2.0.0-rc1. v2.0.0-rc1 2017-11-01 10:41:35 +01:00
Milan Broz
e514d1201d Use hardcoded location for distcheck tmpfiles.d. 2017-11-01 08:57:41 +01:00
Milan Broz
eb0293a637 And also define AS_VAR_COPY for old automake. 2017-10-31 21:46:55 +01:00
Milan Broz
03581fc8cc Define PKG_CHECK_VAR for old pkg-config <= 0.28 2017-10-31 21:40:49 +01:00
Milan Broz
246cf0df26 Add Travis compile only option. 2017-10-31 21:18:04 +01:00
Milan Broz
cf1d6461cb Do not rename tmpfile config but use it directly. 2017-10-31 21:11:25 +01:00
Ondrej Kozina
9bcc97bc5e install cryptsetup_tmpfiles.conf 
add --with-tmpfilesdir configuration option. Use the option
either to override default systemd tmpfiles.d directory location
or to specify install location for systems without systemd.
 2017-10-31 20:50:39 +01:00
Milan Broz
3bc124d9d3 Switch to rc1 version. 2017-10-31 11:00:37 +01:00