eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,154 Commits 15 Branches 78 Tags
d68d981f36762e805c7b802c008a5d9a930e1c1b
Commit Graph

36 Commits

Author SHA1 Message Date
Tobias Stoeckmann
d68d981f36 Avoid integer overflows during memory allocation. 
It is possible to overflow integers during memory allocation with
insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while
parsing them, it's still a good idea to fix any form of possible
overflow attacks against cryptsetup in these allocation functions.
 2016-10-28 11:54:18 +02:00
VittGam
b8359b3652 Fix off-by-one error in maximum keyfile size. 
Allow keyfiles up to DEFAULT_KEYFILE_SIZE_MAXKB * 1024 bytes in size, and not that value minus one.

Signed-off-by: Vittorio Gambaletta <git-cryptsetup@vittgam.net>
 2016-05-19 12:54:57 +02:00
Milan Broz
7843415243 Move string_to_size to userspace tools. 2015-08-26 12:42:25 +02:00
Milan Broz
0dc245401f Allow to enter empty password through stdin pipe. 
Also always use empty passsword when using null cipher in tests.
 2015-07-02 08:18:12 +02:00
Milan Broz
f7b61b2617 Prevent compiler to optiize-out memset for on-stack variables. 
Also see
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

The used code is inspired by the code in Blake2 implementation.
 2015-01-11 20:26:45 +01:00
Ondrej Kozina
3cffadb508 fix possible close of unrelated fd on error path 
- infd var is uninitialised on error path in case where
  maxlen is less than 1
 2014-10-01 20:10:23 +02:00
Milan Broz
7b42254975 Workaround for scan-build false positive. 
Also tidy code to be more readable.
 2014-08-10 16:07:47 +02:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
89e09afdf6 Fix some problems found by Coverity static analysis. 2012-09-19 13:58:00 +02:00
Milan Broz
af2730fe2a Always zero memory in crypt_safe_alloc. 2012-08-27 16:28:00 +02:00
Dave Reisner
961682aa6b lib/utils_crypt: optimize seek to keyfile-offset 
Avoid using unbuffered reads when "seeking" to a keyfile offset. This is
abysmally slow when the key is hidden at the end of a large device.
Instead, try to actually call lseek, falling back on reading in chunks
of BUFSIZ bytes until the desired offset is reached.

Command line:

  cryptsetup luksOpen /dev/vdc1 home \
      --keyfile /dev/vdd --keyfile-size 4096 --keyfile-offset 123456789

Before:

  real   0m25.589s
  user   0m7.030s
  sys    0m18.479s

After:

  real   0m4.464s
  user   0m4.253s
  sys    0m0.157s
 2012-08-27 13:10:00 +02:00
Milan Broz
b684fffdaf Switch to use unit suffix for --reduce-device-size option. 2012-06-25 16:06:43 +02:00
Milan Broz
fb3b62ca02 Add --device-size option for reencryption tool. 2012-06-25 15:34:11 +02:00
Milan Broz
a9d9a2ad44 Fix hex_to_bytes and add it to common utils. 2012-06-18 17:09:48 +02:00
Milan Broz
5e52599326 Do not use IV for null cipher. 2012-05-26 20:44:14 +02:00
Milan Broz
c2a33b480f Allow empty cipher (cipher_null). 2012-05-20 21:38:23 +02:00
Yuri Chornoivan
1562879369 Fix typo 2012-04-22 22:04:42 +02:00
Milan Broz
ee8425b836 Version 1.4.2. 
Add header and copyright for header files.
 2012-04-02 22:03:05 +02:00
Milan Broz
9511c91a79 Add --keyfile-offset and --new-keyfile-offset to cryptsetup. 
Add resume_by_keyfile_offset, add_kesylot_by_keyfile_offset and
activate_by_keyfile_offset to API.

Thanks to Matthew Monaco <matthew.monaco@0x01b.net>
 2012-03-29 18:35:07 +02:00
Milan Broz
075fb8d261 Unify password verification option. 
Support password verification with quiet flag if possible. (1.2.0)
 2012-03-16 16:17:03 +01:00
Milan Broz
a5aa30be33 Fix use of empty keyfile (Issue 120). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@702 36d66b0a-2a48-0410-832c-cd162a569da5
 2012-01-12 22:13:23 +00:00
Milan Broz
7835b365a7 Fix FSF address in license text according to 
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@671 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-02 22:35:21 +00:00
Milan Broz
be246c16ab Fix exit code if passphrases do not match in luksAddKey. (Issue 109) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@625 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-10-09 13:46:14 +00:00
Milan Broz
9ca1ac5a39 Remove another compile warnings. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@515 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-04-18 14:03:59 +00:00
Milan Broz
38590eaef2 Fix return code when passphrase is read from pipe. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@486 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-25 16:11:03 +00:00
Milan Broz
93da52f883 Rewrite key input handling, add limits. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@474 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-19 00:17:10 +00:00
Milan Broz
ddcdd76cc2 Specify copyright holders in source files. 
Add README notes.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@461 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-14 14:17:38 +00:00
Milan Broz
49937ac591 Detect # of keys from cipher string. 
Fix status output string.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@417 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-25 18:48:48 +00:00
Milan Broz
a70b27762d Fix some warnings if compiled with clang. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@371 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-15 16:19:19 +00:00
Milan Broz
f90edb6133 Simplify return codes from get key functions. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@363 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-13 16:41:29 +00:00
Milan Broz
c9881f8c33 * Add crypt_get_type(), crypt_resize(), crypt_keyslot_max() 
and crypt_get_active_device() to API.
* Rewrite all implementations in cryptsetup to new API.
* Fix luksRemoveKey to behave as documented (do not ask
for remaining keyslot passphrase).
* Add more regression tests for commands.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@360 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-05 11:27:47 +00:00
Milan Broz
3ae161df5d Move get_key to common code, simplify verify flags. 
(This code need rewrite anyway).

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@352 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-10-26 22:08:02 +00:00
Milan Broz
3a5a1ea0e7 Move safe alloc routines into common lib file. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@351 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-10-26 22:07:43 +00:00
Milan Broz
ec3b767103 Remove dead parse code. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@349 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-10-26 14:35:06 +00:00
Milan Broz
bb8e085378 Add utils_crypt file and test for supported modes presentation. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@348 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-10-26 14:34:47 +00:00