eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-23 16:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,028 Commits 13 Branches 81 Tags
b40f31fb8c96b234204096f0532fe6f7401963cc
Commit Graph

3028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
cd1fe75987 Close all device handlers after failed internal load. 2019-05-24 17:29:56 +02:00
Ondrej Kozina
e92e320956 Add explicit device_close routine. 2019-05-24 17:29:56 +02:00
Ondrej Kozina
0e4757e0fb Add LUKS2 reencryption recovery in repair command. 2019-05-24 17:29:56 +02:00
Ondrej Kozina
bd6af68bc5 Add support for explicit reencryption recovery in request. 2019-05-24 17:07:37 +02:00
Ondrej Kozina
13050f73c1 Properly finished reencryption after recovery. 2019-05-24 17:07:37 +02:00
Ondrej Kozina
5472fb0c56 Refactor reencryption recovery during activation. 2019-05-24 17:07:36 +02:00
Ondrej Kozina
73c2424b24 Refactor LUKS2 device activation (in reencryption). 2019-05-24 17:07:36 +02:00
Milan Broz
5117eda688 Switch to Xenial distro in Travis. 2019-05-24 08:33:20 +02:00
Ondrej Kozina
cfbef51d3d Add interactive dialog in case active device auto-detection fails. 2019-05-22 12:50:18 +02:00
Ondrej Kozina
09cb2d76ef Add dialog with default 'no' answer. 2019-05-22 12:50:17 +02:00
Ondrej Kozina
3f549ad0df Refactor yesDialog utility. 2019-05-22 12:50:17 +02:00
Ondrej Kozina
60d26be325 Load volume key in keyring when activated by token. 
LUKS2 should use keyring for dm-crypt volume keys by default
when possible. crypt_activate_by_token didn't load keys in
keyring by default. It was a bug.
 2019-05-21 18:08:00 +02:00
Ondrej Kozina
013d0d3753 Rename internal reencrypt enum to REENC_PROTECTION_NONE. 2019-05-21 18:08:00 +02:00
Ondrej Kozina
97da67c6a8 Add tests for reencryption with fixed device size. 2019-05-21 18:08:00 +02:00
Ondrej Kozina
f74072ba28 Silence active device detection message in batch mode. 2019-05-21 16:05:23 +02:00
Ondrej Kozina
19eac239b7 Add --device-size parameter for use in LUKS2 reencryption. 
Currently it's used only in LUKS2 reencryption code
for reencrypting initial part of data device only.

It may be used to encrypt/reencrypt only initial part
of data device if user is aware that rest of the device
is empty.
 2019-05-21 15:54:43 +02:00
Ondrej Kozina
31cd41bfe4 Add support for reencryption of initial device part. 
It's useful to reencrypt only initial device part only.
For example with golden image reencryption it may be useful
to reencrypt only first X bytes of device because we know
the rest of device is empty.
 2019-05-21 15:54:07 +02:00
Ondrej Kozina
af6c321395 Set default length for reencryption with resilience 'none' only. 2019-05-21 15:54:07 +02:00
Milan Broz
448fca1fdf Integritysetup: implement new bitmap mode. 2019-05-21 15:54:07 +02:00
Ondrej Kozina
1923928fdc Drop duplicate error message from reencrypt load. 2019-05-21 15:54:07 +02:00
Ondrej Kozina
bee5574656 Add --resume-only parameter to reencrypt command. 2019-05-21 15:54:07 +02:00
Ondrej Kozina
8c8a68d850 Add CRYPT_REENCRYPT_RESUME_ONLY flag. 2019-05-13 18:23:20 +02:00
Ondrej Kozina
9159b5b120 Add coverity toctou annotation in device_open_excl. 
We can't avoid this race due to undefined behaviour if called with
O_EXCL flag on regular file.

Let's double-check fd with O_EXCL flag is actually open block device.
 2019-05-13 18:23:20 +02:00
Ondrej Kozina
2d0079905e Adapt device_open_excl to reusing of fds. 2019-05-10 21:05:31 +02:00
Ondrej Kozina
83c227d53c Sync device using internal write enabled descriptor. 2019-05-10 21:05:31 +02:00
Ondrej Kozina
ee57b865b0 Reuse device file desriptors. 2019-05-10 21:05:31 +02:00
Milan Broz
ecbb9cfa90 Use upstream gnulib patch for Coverity warning fixed by previous patch. 2019-05-10 21:03:22 +02:00
Ondrej Kozina
8545e8496b Fix memleak in reencryption with moved segment. 2019-05-07 17:17:34 +02:00
Kamil Dudka
75b2610e85 Fix TAINTED_SCALAR false positives of Coverity 
Coverity Analysis 2019.03 incorrectly marks the input argument
of base64_encode(), and conseuqnetly base64_encode_alloc(), as
tainted_data_sink because it sees byte-level operations on the input.
This one-line annotation makes Coverity suppress the following false
positives:

Error: TAINTED_SCALAR:
lib/luks2/luks2_digest_pbkdf2.c:117: tainted_data_argument: Calling function "crypt_random_get" taints argument "salt".
lib/luks2/luks2_digest_pbkdf2.c:157: tainted_data: Passing tainted variable "salt" to a tainted sink.

Error: TAINTED_SCALAR:
lib/luks2/luks2_keyslot_luks2.c:445: tainted_data_argument: Calling function "crypt_random_get" taints argument "salt".
lib/luks2/luks2_keyslot_luks2.c:448: tainted_data: Passing tainted variable "salt" to a tainted sink.
 2019-05-07 15:35:55 +02:00
Milan Broz
237021ec15 Fix some warnings in static analysis. 2019-05-07 13:44:43 +02:00
Ondrej Kozina
4f5c25d0dd Add HAVE_DECL_DM_TASK_RETRY_REMOVE define in local tests. 2019-05-06 15:42:11 +02:00
Ondrej Kozina
4c33ab1997 Remove internal config file scratching (breaks local tests.) 2019-05-06 15:41:37 +02:00
Ondrej Kozina
5bb65aca8f Remove all test dm devices with retry option if available. 2019-05-06 15:37:35 +02:00
Milan Broz
3fd7babacc Update Readme.md. 2019-05-03 15:50:39 +02:00
Ondrej Kozina
caea8a9588 Update rc release notes. v2.2.0-rc0 2019-05-03 15:16:12 +02:00
Ondrej Kozina
e1d6cba014 Add reencryption action man page. 2019-05-03 15:00:33 +02:00
Milan Broz
1f91fe7a2c Use JSON-debug wrappers. 2019-05-03 14:02:43 +02:00
Milan Broz
dc53261c3b Fix data leak in format and reencrypt command. 2019-05-03 13:06:58 +02:00
Milan Broz
b3e90a93b0 Add test release notes and increase ABI version. 2019-05-03 12:57:29 +02:00
Milan Broz
1f3e2b770c Fix offline reencryption tool name. 2019-05-02 21:05:22 +02:00
Ondrej Kozina
d310e896cb Add basic offline tests for LUKS2 reencryption. 2019-05-02 17:23:59 +02:00
Ondrej Kozina
a36245cef6 Add new reencrypt cryptsetup action. 
The new reencryption code is enabled via cryptsetup cli
and works with LUKS2 devices only.
 2019-05-02 16:45:43 +02:00
Ondrej Kozina
092ef90f29 Add autodetection code for active dm device. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
64f59ff71e Add reencryption progress function. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
a7f80a2770 Add resilient LUKS2 reencryption library code. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
a5c5e3e876 Add dm_device_deps for quering dm device dependencies. 2019-05-02 15:23:29 +02:00
Ondrej Kozina
8e4fb993c0 Add error target support in dm_query_device. 2019-05-02 15:23:29 +02:00
Ondrej Kozina
846567275a Move dm_query_device body in static function. 2019-05-02 15:23:28 +02:00
Ondrej Kozina
741c972935 Remove unused minor number from dm_is_dm_device. 2019-05-02 15:23:28 +02:00
Ondrej Kozina
6c2760c9cd Report data sync errors from storage wrapper. 2019-04-29 16:48:20 +02:00