eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
886 Commits 15 Branches 78 Tags
f30bbbffe75b8d561c202839d26fe40be06d09b6
Commit Graph

886 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
f30bbbffe7 Fix minimal size expectations failure for backup header file 
- backup header file must be page size aligned
- fix for https://bugzilla.redhat.com/show_bug.cgi?id=1030288
- add regression test to api-tests
 2013-11-21 19:48:12 +01:00
Ondrej Kozina
6b88461553 modify fips detection also in api-test 2013-11-21 19:48:03 +01:00
Milan Broz
700b558fb6 Fix api test to use proper key size. 
LUKS format now reuires correct kernel parameters always,
so validation test must use different but still correct key size.
 2013-11-20 22:20:15 +01:00
Milan Broz
58b5be440f Fix initialization of unknown used device. 
dm_query can return open count, this should be processed
as success (and properly fail later ;-)
 2013-11-19 20:57:23 +01:00
Milan Broz
626801f7df Unify LUKS type check. 
Warn if device type is not set (incompatible activation
either by manual dmsetup or other tools).
 2013-11-19 20:50:36 +01:00
Ondrej Kozina
77a345d4cb Add tests to reencryption-compat-test 
- test --keyslot modification (commit: 5736b0a114)
- test reecryption w/o adding --keyslot option
- use variable instead of static string ("key1" -> KEY1)
- comment one failing test (https://bugzilla.redhat.com/show_bug.cgi?id=1030288)

[gmayland: removed some tests & added -i 1 to save test time]
 2013-11-17 21:01:19 +01:00
Dave Reisner
18901fd501 libdevmapper: correctly compare major and minor versions 
Previously, this code could incorrectly identify a version of crypt or
dm due to the way it compared versions. For example, if a feature was
gated on crypt version 1.5, it would disable the feature for crypt
version 2.2.
 2013-11-14 08:32:02 +01:00
Milan Broz
5b86cb5cc2 Enable TCW dmcrypt version check (patch should be in kernel 3.13). 2013-11-10 22:20:30 +01:00
Milan Broz
ce23225e46 Check if provided cipher and mode is usable before writing LUKS header to disk. 
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.

Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).

Fixes Issue#176
 2013-11-10 22:11:00 +01:00
Milan Broz
09c229fe6c Support limitation for "plain" hash (no hash). 
This can be used for mapping problematic cryptosystems which
wipes some key (losetup sometimes set last byte to zero).
 2013-11-10 19:31:02 +01:00
Milan Broz
db56125708 Fix hash limiting if parameter is not a number. 
If hash lenght specification was not a number, the whole key was set
to zero instead of command failure.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1028362
 2013-11-10 19:08:01 +01:00
Ondrej Kozina
5736b0a114 unify --key-slot behavior in cryptsetup_reencrypt 
- cryptsetup-reencrypt: unify --key-slot behavior
  across the utility and enable the option even
  without --key-file.

[FIXME: add tests and man page revision]
 2013-11-10 18:29:11 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Ondrej Kozina
e52d5f3d98 90reencrypt fixes: 
- add loop module to initramfs image
- modprobe loop before reencrypt start
- add rd.luks.reencrypt_keyslot=
- add conflict with dracut crypt module
- drop to emergency_shell after reencryption
 2013-11-10 17:38:11 +01:00
Milan Broz
0e96b9d010 Update es.po. 2013-11-10 17:34:39 +01:00
Milan Broz
dcba8c28f2 Update es.po. 2013-10-29 20:37:03 +01:00
Milan Broz
da93a3320b Add commandline option --tcrypt-backup to access TCRYPT backup header. 2013-10-29 20:35:07 +01:00
Milan Broz
53607a0274 Add CBC TCRYPT VFAT id test images and run it by default. 2013-10-26 22:48:05 +02:00
Milan Broz
67d19f3570 Add es.po. 2013-10-26 18:54:12 +02:00
Milan Broz
54c1f71bd3 Detect presence of TCW mode support in kernel dmcrypt. 2013-10-20 13:20:22 +02:00
Milan Broz
a7e2809466 Properly calculate key sizes (inluding IV seed and whitening) for TCRYPT. 
Also prepare code for possible activation through dmcrypt for some
CBC container variants.
 2013-10-20 13:07:24 +02:00
Milan Broz
3f66e9fe4b Fix error path for DM UUID wrong format. 2013-10-20 13:06:16 +02:00
wagner
f547d0fac3 sunc with wiki version 2013-09-12 17:50:22 +02:00
Milan Broz
cdf272315e Update nl.po. 2013-08-12 08:15:29 +02:00
Milan Broz
31303718da Fix static compilation with OpenSSL. 
Resolves issue#172, see
https://bugs.gentoo.org/show_bug.cgi?id=472692
 2013-08-08 18:57:45 +02:00
Milan Broz
4192bdd731 Update pl.po. 2013-08-04 20:42:32 +02:00
Milan Broz
c18aa03552 Devel version switch. 2013-08-04 19:45:37 +02:00
Milan Broz
b2283f045a Version 1.6.2. v1_6_2 2013-08-04 19:01:55 +02:00
wagner
8e3863aa20 sync with wiki version 2013-08-02 23:53:22 +02:00
Milan Broz
79899badd0 Update fr.po. 2013-07-31 21:20:14 +02:00
Milan Broz
691b7a63f2 Update po files. 2013-07-30 07:45:12 +02:00
Milan Broz
154731306b Add 1.6.2 release notes. 
Remove some TCRYPT comments from man page (FAQ is better for this).
 2013-07-27 22:59:40 +02:00
Milan Broz
d67548adfe Fails if more device arguments are present for isLuks. 
Fixes
http://code.google.com/p/cryptsetup/issues/detail?id=165
 2013-07-27 12:43:48 +02:00
Milan Broz
cfeaaa02fc Fix sscanf cipher string and avoid warning wih -fsanitize=address. 
Code need to count terminating zero.
 2013-07-23 22:07:13 +02:00
Milan Broz
c5270f85d3 Update de.po. 2013-07-14 11:49:28 +02:00
wagner
45931a890d fixed all items in issue 164 
Escaped dashes in options, e.g. \-\-iter-time => \-\-iter\-time
to prevent word-breaks at inner dashes.
 2013-07-04 01:03:07 +02:00
wagner
1a5c169c06 Expanded more on protection of hidden TrueCrypt volumes and 
its problems.
 2013-07-02 03:23:49 +02:00
wagner
d8fbf43022 Added comment that a hidden volume is unprotected against changes 
in its outer volume and hence the outer volume should not be mounted.
 2013-07-02 03:00:02 +02:00
Milan Broz
3be96efe0b Map TCRYPT system encryption through partition. 
Kernel doesn't allow mapping through whle device if some
other partition an the device is used.

So first try to find partition device which match
system encryption (== TCRYPT partition system encryption)
and use that.
 2013-06-30 10:46:21 +02:00
Milan Broz
99a2486b09 Simplify sysfs helpers. 2013-06-30 09:05:43 +02:00
Milan Broz
c3c65ee864 Use internally common uint64 parsing for sysfs values. 2013-06-29 13:06:04 +02:00
Milan Broz
db0f5f8d22 Add kernel version to DM debug output. 2013-06-29 11:28:33 +02:00
Milan Broz
8b162ca258 Fix default modes in man page. 2013-06-28 20:39:54 +02:00
Mikulas Patocka
4f990d5a74 dm-verity: Fix a boundary condition that caused failure for certain device sizes 
On Fri, 28 Jun 2013, Mikulas Patocka wrote:

Fix a boundary condition that caused failure for certain device sizes

The problem is reported at
http://code.google.com/p/cryptsetup/issues/detail?id=160

This is the userspace fix.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com
 2013-06-28 17:05:45 +02:00
Cristian Rodríguez
1349efa34d Fix buildsytem to always include config.h. 
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.

(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
 2013-06-23 17:14:33 +02:00
Milan Broz
cf99ecb5a9 Force use serial-tests. 
Unfortunately, automake did not provided compatible way,
so if anyone need to use old automake, one line change
in is needed.
 2013-06-23 16:16:43 +02:00
Milan Broz
0d818d0a92 Copy file in automake, never make symlinks. 2013-06-23 15:37:27 +02:00
Milan Broz
42b0ab437a Print a warning if system encryption is used and device is a partition. 
System encryption hav metadata in space located ouside of
partition itself.

Ideally the check should be automatic but for virtualized systems
(where a partition could be "whole device" for another sustem this
can be dangerous.
 2013-06-23 15:26:45 +02:00
Milan Broz
a36de633d5 Fix mapping of TCRYPT system encryption for more partitions. 
If TCRYPT system encryption uses only partition (not the whole device)
some other partitions could be in use and we have to use
more relaxed check to allow device activation.
 2013-06-23 15:24:01 +02:00
Cristian Rodríguez
8a43d49b89 build: test byteswap.h and endian.h for bitops.h 
Otherwise the fallback code will be used.
 2013-06-03 21:35:56 +02:00