eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-09 00:45:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,472 Commits 13 Branches 81 Tags
f787eafd8afc96dace7d4dd3c01bf92daa58dac2
Commit Graph

666 Commits

Author SHA1 Message Date
Ondrej Kozina
f787eafd8a drop duplicate default segment define 2017-11-30 16:54:06 +01:00
Milan Broz
9588a961d6 Do not alloc tcrypt keyfileon stack. 
The keyfile has 1MB, it is better to run malloc for this code.
 2017-11-24 13:45:21 +01:00
Ondrej Kozina
3c839f44d8 luks2: fix off-by-one error in uint64 validation 2017-11-23 16:18:19 +01:00
Ondrej Kozina
304bdd7d0d luks2: add json_object_new_uint64 wrapper 
json doesn't support 64 bits integers. We workaround it by storing
large numbers as string and validate the value internally.
 2017-11-23 16:18:14 +01:00
Ondrej Kozina
382d27b4dc remove unused function 2017-11-23 16:17:07 +01:00
Milan Broz
b80278c04f Ignore device opt-io alignment if it is not multiple of minimal-io. 
Some USB enclosures seems to report bogus topology info.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1513820
 2017-11-21 15:39:36 +01:00
Ondrej Kozina
7d4fcfa191 fix memleaks on integrity format error path 2017-11-19 10:01:59 +01:00
Ondrej Kozina
ad3fe00dea fix memleaks on verity format error path 2017-11-19 09:51:59 +01:00
Milan Broz
f507d16baa Update bundled Argon2 source. 2017-11-14 12:07:53 +01:00
Milan Broz
68f4485cdd Fix deactivation of standalone integrity device. 2017-11-13 19:57:16 +01:00
Andrea Gelmini
a97de38b6b Fix typos. 2017-11-08 10:22:49 +01:00
Ondrej Kozina
1f01c76fa5 fix memory leak on failed luks2 activation 2017-11-03 17:30:14 +01:00
Ondrej Kozina
76947fa835 luks2: add offline reencrypt requriement 2017-10-28 22:29:28 +02:00
Milan Broz
f7dadfb646 Fix some benign compiler warnings. 2017-10-28 14:12:25 +02:00
Milan Broz
31779c0763 Fix memory leak in LUKS2 requirements handling for restore context. 2017-10-28 12:01:02 +02:00
Milan Broz
a10059d531 Fix memory leak in verity device destructor. 2017-10-27 21:45:54 +02:00
Milan Broz
1f2ce01c08 Fix a memory leak of key description for integrity device. 2017-10-27 15:58:33 +02:00
Milan Broz
fb5a70a663 Fix memory leak in integrity device query processing. 2017-10-27 15:18:10 +02:00
Ondrej Kozina
961e65424e crypt_deactivate: fail earlier when holders detected 
crypt_deactivate_* fail earlier without noisy dm retries
when other device holders detected. The early detection
works if:

a) other device-mapper device has a hold reference on the
   device

- or -

b) mounted fs is detected on the device

Any deactivation flag CRYPT_DEACTIVATE_FORCE or
CRYPT_DEACTIVATE_DEFERRED will disable this detection
 2017-10-17 10:03:17 +02:00
Milan Broz
86ef5475b9 Enable OpenSSL backend in FIPS mode. 
Note that this is just for testing, primary FIPS backend is gcrypt.
 2017-10-14 21:37:10 +02:00
Michal Virgovic
956ea10f56 Integritysetup manual correction (key size). 
Also mention key size in header struct doc.
 2017-10-14 19:46:37 +02:00
Milan Broz
d77bbe93c1 Use non-recursive automake. 
This change also causes that now binaries and libraries are placed in
build root directory.

Now we can use subdir-objects for automake.
 2017-10-12 11:48:17 +02:00
Milan Broz
12908709bb Resize loop device after fallocate. 
On old systems we have a loop mapped so the loop must be resized as well.
 2017-10-10 19:48:29 +02:00
Milan Broz
b42d183b08 Create LUKS header file in luksFormat if it does not exist. 2017-10-10 13:52:50 +02:00
Milan Broz
e1ed664adc Print error if device name is invalid (in use by other target). 2017-10-09 14:36:43 +02:00
Milan Broz
de2f07b82f Do not try to load LUKS2 header if backup_file is LUKS1. 
Also do not allow header restore if a different version is requested.
 2017-10-06 12:28:59 +02:00
Milan Broz
cc5c91158d Do not allow resize if device size is not aligned to sector size. 2017-10-04 15:26:00 +02:00
Milan Broz
8dc35a7906 Enable to use system libargon2. 
Rename --disable-argon2 to --disable-internal-argon2 option
and add --enable-libargon2 flag to allow system libarhgon2.
 2017-10-04 15:24:26 +02:00
Milan Broz
948006561a Yet another fix for header strings. 2017-09-27 10:54:03 +02:00
Milan Broz
3ccbb8fe84 Fix some problems found by Coverity analysis. 2017-09-27 10:18:38 +02:00
Ondrej Kozina
b4782809d4 luks2: allow masking of requirements internaly 
before this patch any LUKS2 requirement defined in header
would stop a restricted operation from proceeding further.
This patch adds ability to mask requirements (internal only).
 2017-09-27 07:48:53 +02:00
Ondrej Kozina
b3feae5474 luks2: unify naming for requirements flags 2017-09-27 07:47:41 +02:00
Ondrej Kozina
c015aeca4e luks2: move pre-activation requirements check lower 2017-09-27 07:47:13 +02:00
Milan Broz
38d53db6e9 Reformat and fix libcryptsetup.h / Doxygen doc. 
No functional change in this patch.
 2017-09-26 16:35:20 +02:00
Ondrej Kozina
0f4d83960f add remainders to fix some longstanding issues 2017-09-24 19:50:34 +02:00
Milan Broz
19a1852e4b Support sector size option even for plain devices. 2017-09-24 19:50:28 +02:00
Milan Broz
9f2727bb77 Add libLUKS2. 2017-09-24 19:50:12 +02:00
Milan Broz
a0d2d4c0b1 Add uint64_to_str helper. 2017-09-24 19:50:01 +02:00
Milan Broz
64e91951b2 Add generic LUKS format define. 
It means "load any LUKS version".
 2017-09-24 19:49:56 +02:00
Milan Broz
5536b3a58d Add implementation of device/file locking for metadata. 
To be used later.
 2017-09-24 19:49:46 +02:00
Milan Broz
a8347d2820 Add integrity intefrace test stub. 2017-09-24 19:49:40 +02:00
Milan Broz
c56bdee177 Add backend support for new device-mapper kernel options. 
This patch adds support for using keyring for volume key
and support for new integrity fields for dm-crypt.

Also helpers for searching disk by id.

To be used later.
 2017-09-24 19:49:35 +02:00
Milan Broz
894e7b9357 Add base64 implementation. 
To be used later. Copy from gnulib.
 2017-09-24 19:49:30 +02:00
Milan Broz
66db5b39bb Change PBKDF insterface to allow forced iterations (time cost) count. 
Also move functions to separate utils_pbkdf.c file.

PBKDF can be now set for any context.

TODO: new setting is not covered by tests.
 2017-09-24 19:49:21 +02:00
Ondrej Kozina
c34bee2009 return correct key description format in dm_query_device 
dm_query_device is expected to return kernel key description
string only. By mistake the code returned also type in head
of key description.
 2017-09-23 23:45:32 +02:00
Milan Broz
57825365fe Fix another signed/unsigned compilation warnings. 2017-09-23 23:30:28 +02:00
Milan Broz
b35785bb1b Fix some signed/unsigned and other compiler warnings. 2017-09-23 23:29:11 +02:00
Milan Broz
a85fee7a0d Silence compiler warning (dmt_flags is always initialized). 2017-09-11 12:36:43 +02:00
Milan Broz
f66dedc759 Add plain64be IV to storage backend. 2017-09-11 12:33:10 +02:00
Milan Broz
6b7a2f6641 Fix memory leaks in dm_query_integrity and dm_query_verity. 2017-08-26 11:44:21 +02:00