eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-07 00:40:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,388 Commits 14 Branches 78 Tags
d792de66d5e7aa6c8ece30e23c5f99e62eef643b
Commit Graph

652 Commits

Author SHA1 Message Date
Milan Broz
e521edd6ca Print cryptsetup library version in crypto init. 2015-08-26 10:42:47 +02:00
Milan Broz
1aba9ab444 Cryptsetup resize will try resize also underlying device. 
If encrypted device is file-backed, resize should try to resize
underlying loop device as well.
 2015-08-19 14:16:42 +02:00
Milan Broz
b789b011a2 Fix some compiler warnings introduced recently. 2015-01-15 12:27:34 +01:00
Colin Misare
ea8864badf printing unsigned fields as unsigned 2015-01-15 11:14:42 +01:00
Milan Broz
49335b600f Allow luksSuspend without explicitly specify detached header. 
If LUKS device was configured to use detached header, suspend operation
required --header option. For now it is enough that active device in-kernel
UUID type is set properly.

FIxes issue#229.
 2015-01-15 10:40:17 +01:00
Milan Broz
f7b61b2617 Prevent compiler to optiize-out memset for on-stack variables. 
Also see
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

The used code is inspired by the code in Blake2 implementation.
 2015-01-11 20:26:45 +01:00
Ondrej Kozina
dc40b91cdf libcryptsetup: drop FIPS power on self test 
- cryptsetup library is not required to be FIPS certified anymore
  due to fact gcrypt PBKDF2 algorithm can be used instead of
  cryptsetup internal one.

- check in library constructor is no longer needed and therefore
  removed.

- all other checks regarding MK extraction or random generator
  restrictions remain the same
 2015-01-10 21:09:17 +01:00
Milan Broz
3762c8b76e Report crypto lib version only once (and add kernel version). 2014-07-27 20:39:06 +02:00
Milan Broz
d5b594dd12 Remove uneeded check in luksFormat to allow operation as normal user. 2014-06-28 15:23:04 +02:00
Milan Broz
bb8dbfdf5b Update author name. 2014-06-23 21:40:12 +02:00
Milan Broz
1a6e1ae918 Always remove temporary active device name on load and format. 2014-06-17 22:28:51 +02:00
Milan Broz
e0d3ff8aeb Fix non-header context init for device in use. 2014-06-14 23:04:43 +02:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
7effba0f71 Fix return codes from LUKS_set_key. 2014-02-27 14:19:01 +01:00
Milan Broz
58b5be440f Fix initialization of unknown used device. 
dm_query can return open count, this should be processed
as success (and properly fail later ;-)
 2013-11-19 20:57:23 +01:00
Milan Broz
626801f7df Unify LUKS type check. 
Warn if device type is not set (incompatible activation
either by manual dmsetup or other tools).
 2013-11-19 20:50:36 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Milan Broz
6127b6959f Update copyright year on changed files. 2013-03-24 09:05:33 +01:00
Milan Broz
f64064fe71 Fix deactivation of device when failed underlying node disappeared 
If underlying device disappears (failed drive, removed flash drive etc)
cryptsetup cannot report LUKS parameters (header no longer available).

Fix return code of init_by name in this situation (crypt
context is NULL).

Report visible error if deactivation fails and device is still busy.

Fixes issue#149.
 2013-03-17 20:54:04 +01:00
Milan Broz
f2521889c2 Deactivate whole device TCRYPT tree if context is NULL 
API (unfortunately) supports NULL argument for crypt_deactivate,
with new chained TCRYPT devices it must deactivate all
chained devices as well.

Fixes issue#147.
 2013-03-17 19:20:42 +01:00
Milan Broz
72db6e4de2 Do not support user uuid for plain & loopaes devices. 
This function was not documented.
So now crypt_get_uuid() returns only on-disk UUID.
 2013-01-22 16:20:09 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
3b4424226f Fix non-translated messages. 2012-12-29 11:11:23 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
80d21c039e Fix some problems found by Coverity scan. 2012-12-10 17:28:52 +01:00
Milan Broz
549ab64358 TCRYPT: properly wipe all buffers; use prefix for all functions. 2012-12-10 16:36:22 +01:00
Milan Broz
e8d09733d4 Require params for crypt_load & TCRYPT type. 2012-12-08 01:31:38 +01:00
Milan Broz
5dc654433c Disallow header restore if context is nonLUKS device. 2012-12-07 15:55:56 +01:00
Milan Broz
05af3a3383 Move change key into library (add crypt_keyslot_change_by_passphrase). 
This change is useful mainly in FIPS mode, where we cannot
extract volume key directly from libcryptsetup.
 2012-12-07 15:33:47 +01:00
Milan Broz
95daec798b Use union instead of replicated attributes. 2012-12-03 16:17:43 +01:00
Milan Broz
a4585423fd Remove some gcc extra warnings (signed/unsigned problems etc). 2012-12-02 23:13:59 +01:00
Milan Broz
21756a1969 TCRYPT: fix activation and hidden device offsets. 2012-11-27 17:13:53 +01:00
Milan Broz
c81260b3c3 TCRYPT: add dump command 2012-11-23 17:10:57 +01:00
Milan Broz
8d69e19ac1 TCRYPT: support crypt_volume_key_get 2012-11-23 15:20:46 +01:00
Milan Broz
6ab93841e9 TCRYPT: show proper device in status for chained mode 2012-11-23 13:46:23 +01:00
Milan Broz
52cbbdaf38 TCRYPT: move all header handling into library. 
Add warning about unsupported modes.
 2012-11-23 13:01:43 +01:00
Milan Broz
0996a43dbb TCRYPT: parse cipher chain on init. 2012-11-22 17:28:03 +01:00
Milan Broz
3faaa8b227 TCRYPT: support proper device removal 2012-11-22 14:19:43 +01:00
Milan Broz
911ffe81f0 TCRYPT: implement (most of) legacy modes support. 2012-11-19 21:25:57 +01:00
Milan Broz
ecf993834c TCRYPT: support keyfiles 2012-11-19 21:25:26 +01:00
Milan Broz
3cbb43a73a Add basic TCRYPT library. 2012-11-19 21:24:59 +01:00
Milan Broz
db97d3d8c8 Add simple cipher benchmarking. 2012-11-19 21:22:43 +01:00
Milan Broz
89e09afdf6 Fix some problems found by Coverity static analysis. 2012-09-19 13:58:00 +02:00
Milan Broz
f45d4d0755 Add crypt_keyslot_area() API call. 
Useful if you want to analyze/wipe area of disk used for keyslot
from external tool.
 2012-09-11 11:59:06 +02:00
Milan Broz
1d5788f779 Set context for DM log for all DM backend entries. 
Try to handle error if run as non-root user better.
 2012-08-14 19:17:13 +02:00
Milan Broz
97224b072a Add context to DM helpers. 
(To be used later.)
 2012-08-14 16:25:21 +02:00
Milan Broz
07815c24cd Print better error message if device is read-only etc. 2012-08-13 16:54:41 +02:00
Milan Broz
65f975655c New device access backend. 
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.

Allows using file where appropriate without allocation loop device.
 2012-08-12 22:00:17 +02:00
Milan Broz
5f7309bfa0 Add some verity api test. 
Fix set_data_device bug it uncovered.
Fix api-test for nonFIPS hash.
 2012-07-09 18:09:51 +02:00