Update copyright years.

Fixes Issue #314.

Thanks to Martin Jeřábek for the report.

ChangeLog

@@ -3,4 +3,4 @@ Since version 1.6 this file is no longer maintained.
 See docs/*ReleaseNotes for release changes documentation.
 
 See version control history for full commit messages.
-  http://code.google.com/p/cryptsetup/source/list
+  https://gitlab.com/cryptsetup/cryptsetup/commits/master

FAQ

@@ -9,7 +9,8 @@ Sections
 6. Backup and Data Recovery
 7. Interoperability with other Disk Encryption Tools
 8. Issues with Specific Versions of cryptsetup
-9. References and Further Reading
+9. The Initrd question
+10. References and Further Reading
 A. Contributors
 
 1. General Questions
@@ -310,7 +311,7 @@ A. Contributors
 
   and adjust the iteration count accordingly by creating the container
   again with a different iteration time (the number after '-i' is the
-  iteration time in milicesonds) until your requirements are met.
+  iteration time in milliseconds) until your requirements are met.
 
   05) Map the container. Here it will be mapped to /dev/mapper/c1:
 
@@ -808,7 +809,7 @@ A. Contributors
 
   For device set-up, do the following:
 
-    cryptsetup open --type plain -d /dev/urandom /dev/<block-device>  target
+    cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped
 
   This maps the container as plain under /dev/mapper/to_be_wiped with a
   random password.  For the actual wipe you have several options. 
@@ -828,6 +829,29 @@ A. Contributors
 
   Remove the mapping at the end and you are done.
 
+  * 2.20 How to I wipe only the LUKS header?
+
+  This is not the emergency wipe procedure. That is in Item 5.4. This procedure
+  is intended to be used when the data should stay intact, e.g. when you change
+  your LUKS container to use a detached header and want to remove the old one.
+
+  Most safe way is this (backup is still a good idea):
+ 
+  01) Determine header size in 512 Byte sectors with "luksDump":
+
+     cryptsetup luksDump <device with LUKS container>
+
+->   ...
+     Payload offset: <number>
+     ...
+
+  02) Take the result number and write number * 512 zeros to the start of the
+      device, e.g. like this:
+
+     dd bs=512 count=<number> if=/dev/zero of=<device>
+
+  That is it.   
+
 
 3. Common Problems
 
@@ -1583,11 +1607,33 @@ A. Contributors
   * 5.18 What about Plausible Deniability?
 
   First let me attempt a definition for the case of encrypted
-  filesystems: Plausible deniability is when you hide encrypted data
+  filesystems: Plausible deniability is when you store data
   inside an encrypted container and it is not possible to prove it is
-  there.  The idea is compelling and on first glance it seems possible
-  to do it.  And from a cryptographic point of view, it actually is
-  possible.
+  there without  having a special passphrase. And at the same time
+  it must be "plausible" that there actually is no hidden data there.
+
+  As a simple entropy-analysis will show that here may be data there,
+  the second part is what makes it tricky.
+
+  There seem to  be a lot of misunderstandings what that
+  means, so let me make clear that this refers to the situation where 
+  the attackers can prove that there is data that may be random or 
+  may be part of a plausible-deniability scheme, they just cannot 
+  prove which one it is. Hence a plausible-deniability
+  scheme must hold up when the attackers know there is 
+  something potentially fishy. If you just hide data and rely on
+  it not being found, that is just simple deniability, not "plausible"
+  deniability and I am not talking about that in the following.
+  Simple deniability against a low-competence attacker may
+  be as simple as  renaming a file or putting data into an unused
+  part of a disk. Simple deniability against a high-skill attacker
+  with time to invest is usually pointless though unless you go
+  for advanced steganographic techniques, which have their own
+  drawbacks, such as low data capacity.
+
+  Now, the idea of plausible deniability is compelling and on first 
+  glance it seems possible to do it.  And from a cryptographic point 
+  of view, it actually is possible.
 
   So, does it work in practice? No, unfortunately. The reasoning used
   by its proponents is fundamentally flawed in several ways and the
@@ -1599,7 +1645,7 @@ A. Contributors
   with random data, nothing in there"?  I do not see any reason.
 
   Second, there are two types of situations: Either they cannot force
-  you to give them the key (then you simply do not) or the can.  In the
+  you to give them the key (then you simply do not) or they can.  In the
   second case, they can always do bad things to you, because they
   cannot prove that you have the key in the first place!  This means
   they do not have to prove you have the key, or that this random
@@ -1630,8 +1676,8 @@ A. Contributors
   places were they can demand encryption keys.
 
   Here is an additional reference for some problems with plausible
-  deniability: http://www.schneier.com/paper-truecrypt-dfs.pdf I
-  strongly suggest you read it.
+  deniability: http://www.schneier.com/paper-truecrypt-dfs.pdf 
+  I strongly suggest you read it.
 
   So, no, I will not provide any instructions on how to do it with
   plain dm-crypt or LUKS.  If you insist on shooting yourself in the
@@ -2537,7 +2583,170 @@ offset  length  name                  data type  description
   bug was discovered.
 
 
-9. References and Further Reading
+9. The Initrd question
+
+* 9.1 My initrd is broken with cryptsetup or does now work as I want it to
+
+That is not nice! However the initrd is supplied by your distribution, not by
+the cryptsetup project and hence you should complain to them. We cannot 
+really do anything about it.
+
+* 9.2 CVE-2016-4484 says cryptsetup is broken!
+
+Not really. It says the initrd in some Debian versions have a behavior that 
+under some very special and unusual conditions may be considered
+a vulnerability. Incidentally, at this time (1-Jan-17) CVE-2016-4484 still says
+absolutely nothing, which means that the reporters could not be bothered
+do actually describe the problem so far and hence it cannot be that bad.
+If it were, you would expect that they would have a CVE description in
+there more than 30 days (!) after reporting the problem to the press.
+
+What happens is that you can trick the initrd to go to a rescue-shell
+if you enter the LUKS password wrongly in a specific way. But falling
+back to a rescue shell on initrd errors is a sensible default behavior
+in the first place. It gives you about as much access as booting
+a rescue system from CD or USB-Stick or as removing the disk would 
+give you. So this only applies when an attacker has physical access,
+but cannot boot anything else or remove the disk. These will be rare 
+circumstances indeed, and if you rely on the default distribution 
+initrd to keep you safe under these circumstances, than you have
+bigger problems than this somewhat expected behavior.
+
+My take is this was much more driven by some big egos that wanted
+to make a splash for self-aggrandizement, than by any actual 
+security concerns. Ignore it.
+
+* 9.3 How do I do my own inird with cryptsetup?
+
+It depends on the distribution. Below, I give a very simple example
+and step-by-step instructions for Debian. With a bit of work, it
+should be possible to adapt this to other distributions. Note that
+the description is pretty general, so if you want to do other things
+with an initrd it provides an useful starting point for that too.
+
+01) Unpacking an existing initrd to use as template
+
+A Linux initrd is in gzip'ed cpio format. To unpack it, use something
+like this: 
+
+     md tmp; cd tmp; cat ../initrd | gunzip | cpio -id
+
+After this, you have the full initrd content in tmp/
+
+02) Inspecting the init-script
+The init-script is the only thing the kernel cares about. All activity 
+starts there. Its traditional location is /sbin/init on disk, but /init
+in an initrd. In an initrd unpacked as above it is tmp/init.
+
+While init can be a binary despite usually being called "init script",
+in Debian the main init on the root partition is a binary, but the
+init in the initrd (and only that one is called by the kernel) is a script
+and starts like this:
+
+    #!/bin/sh
+    ....
+
+The "sh" used here is in tmp/bin/sh as just unpacked, and in
+Debian it currently is a busybox.
+
+03) Creating your own initrd
+The two examples below should give you most of what is needed.
+
+Here is a really minimal example. It does nothing but set up some
+things and then drop to an interactive shell. It is perfect to try
+out things that you want to go into the init-script.
+
+!/bin/sh
+export PATH=/sbin:/bin
+[ -d /sys ] || mkdir /sys
+[ -d /proc ] || mkdir /proc
+[ -d /tmp ] || mkdir /tmp
+mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
+mount -t proc -o nodev,noexec,nosuid proc /proc
+echo "initrd is running, starting BusyBox..."
+exec /bin/sh --login
+
+
+Here is an example that opens the first LUKS-partition it
+finds with the hard-coded password "test2" and then 
+mounts it as root-filesystem. This is intended to be 
+used on an USB-stick that after boot goes into a safe, 
+as it contains the LUKS-passphrase in plain text and is
+not secure to be left in the system. The script contains
+debug-output that should make it easier to see what
+is going on. Note that the final hand-over to the
+init on the encrypted root-partition is done 
+by "exec switch_root /mnt/root /sbin/init", after
+mounting the decrypted LUKS container 
+with "mount /dev/mapper/c1 /mnt/root". 
+The second argument of switch_root is relative to the
+first argument, i.e. the init started with this command
+is really /mnt/sbin/init before switch_root runs.
+
+!/bin/sh
+export PATH=/sbin:/bin
+[ -d /sys ] || mkdir /sys
+[ -d /proc ] || mkdir /proc
+[ -d /tmp ] || mkdir /tmp
+mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
+mount -t proc -o nodev,noexec,nosuid proc /proc
+echo "detecting LUKS containers in sda1-10, sdb1-10"; sleep 1
+for i in a b
+do
+  for j in 1 2 3 4 5 6 7 8 9 10
+  do
+    sleep 0.5
+    d="/dev/sd"$i""$j
+    echo -n $d
+    cryptsetup isLuks $d >/dev/null 2>&1
+    r=$?
+    echo -n "  result: "$r""
+    # 0 = is LUKS, 1 = is not LUKS, 4 = other error
+    if expr $r = 0 > /dev/null
+    then
+      echo "  is LUKS, attempting unlock"
+      echo -n "test2" | cryptsetup luksOpen --key-file=- $d c1
+      r=$?
+      echo "  result of unlock attempt: "$r""
+      sleep 2
+      if expr $r = 0 > /dev/null
+      then
+        echo "*** LUKS partition unlocked, switching root *** (waiting 30 seconds before doing that)"
+        mount /dev/mapper/c1 /mnt/root
+        sleep 30
+        exec switch_root /mnt/root /sbin/init
+      fi
+    else
+      echo "  is not LUKS"
+    fi
+  done
+done
+echo "FAIL finding root on LUKS, loading BusyBox..."; sleep 5
+exec /bin/sh --login
+
+
+04) What if I want a binary in the initrd, but libraries are missing?
+
+That is a bit tricky. One option is to compile statically, but that
+does not work for everything. Debian puts some libraries into
+lib/ and lib64/ which are usually enough. If you need more, you 
+can add the libraries you need there. That may or may not need a
+configuration change for the dynamic linker "ld" as well. 
+Refer to standard Linux documentation
+on how to add a library to a Linux system. A running initrd is
+just a running Linux system after all, it is not special in any way.
+
+05) How do I repack the initrd?
+
+Simply repack the changed directory. While in tmp/, do
+the following:
+
+find . | cpio --create --format='newc' | gzip > ../new_initrd
+
+Rename "new_initrd" to however you want it called (the name of
+the initrd is a kernel-parameter) and move to /boot. That is it.
+
+10. References and Further Reading
 
   * Purpose of this Section
 

README.md

@@ -36,28 +36,22 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest cryptsetup version is 1.7.0**
-  * [cryptsetup-1.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz)
-  * Signature [cryptsetup-1.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign)
+**The latest cryptsetup version is 1.7.3**
+  * [cryptsetup-1.7.3.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.3.tar.xz)
+  * Signature [cryptsetup-1.7.3.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.3.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 1.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
+  * [Cryptsetup 1.7.3 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.3-ReleaseNotes).
 
 Previous versions
- * [Version 1.6.8](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.8-ReleaseNotes).
- * [Version 1.6.7](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.7.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.7.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.7-ReleaseNotes).
- * [Version 1.6.6](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.6-ReleaseNotes).
- * [Version 1.6.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.5.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.5.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.5-ReleaseNotes).
- * [Version 1.6.4](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.4.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.4.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.4-ReleaseNotes).
+ * [Version 1.7.2](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.2-ReleaseNotes).
+ * [Version 1.7.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.1-ReleaseNotes).
+ * [Version 1.7.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
 
 Source and API docs
 -------------------
@@ -66,6 +60,8 @@ mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.g
 
 For libcryptsetup documentation see [libcryptsetup API](https://gitlab.com/cryptsetup/cryptsetup/wikis/API/index.html) page.
 
+The libcryptsetup API/ABI changes are tracked in [compatibility report](https://gitlab.com/cryptsetup/cryptsetup/wikis/ABI-tracker/timeline/libcryptsetup/index.html).
+
 NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
 
 Help!

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.7.1-git])
+AC_INIT([cryptsetup],[1.7.4])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@ -37,7 +37,7 @@ PKG_PROG_PKG_CONFIG
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
-	ctype.h unistd.h locale.h byteswap.h endian.h)
+	sys/sysmacros.h ctype.h unistd.h locale.h byteswap.h endian.h)
 
 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
@@ -417,14 +417,19 @@ AC_ARG_WITH([python_version],
 if test "x$with_python" = "xyes"; then
 	AM_PATH_PYTHON([$PYTHON_VERSION])
 
-	if ! test -x "$PYTHON-config" ; then
-            AC_MSG_ERROR([Cannot find python development packages to build bindings])
+	AC_PATH_PROGS([PYTHON_CONFIG], [python${PYTHON_VERSION}-config python-config], [no])
+	if test "${PYTHON_CONFIG}" = "no"; then
+		AC_MSG_ERROR([cannot find python${PYTHON_VERSION}-config or python-config in PATH])
 	fi
 
-	PYTHON_INCLUDES=$($PYTHON-config --includes)
+	AC_MSG_CHECKING(for python headers using $PYTHON_CONFIG --includes)
+	PYTHON_INCLUDES=$($PYTHON_CONFIG --includes)
+	AC_MSG_RESULT($PYTHON_INCLUDES)
 	AC_SUBST(PYTHON_INCLUDES)
 
-	PYTHON_LIBS=$($PYTHON-config --libs)
+	AC_MSG_CHECKING(for python libraries using $PYTHON_CONFIG --libs)
+	PYTHON_LIBS=$($PYTHON_CONFIG --libs)
+	AC_MSG_RESULT($PYTHON_LIBS)
 	AC_SUBST(PYTHON_LIBS)
 fi
 AM_CONDITIONAL([PYTHON_CRYPTSETUP], [test "x$with_python" = "xyes"])

docs/examples/crypt_log_usage.c

@@ -1,7 +1,7 @@
 /*
  * An example of using logging through libcryptsetup API
  *
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

docs/examples/crypt_luks_usage.c

@@ -1,7 +1,7 @@
 /*
  * An example of using LUKS device through libcryptsetup API
  *
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

docs/v1.7.1-ReleaseNotes

@@ -0,0 +1,36 @@
+Cryptsetup 1.7.1 Release Notes
+==============================
+
+Changes since version 1.7.0
+
+* Code now uses kernel crypto API backend according to new
+  changes introduced in mainline kernel
+
+  While mainline kernel should contain backward compatible
+  changes, some stable series kernels do not contain fully
+  backported compatibility patches.
+  Without these patches  most of cryptsetup operations
+  (like unlocking device) fail.
+
+  This change in cryptsetup ensures that all operations using
+  kernel crypto API works even on these kernels.
+
+* The cryptsetup-reencrypt utility now properly detects removal
+  of underlying link to block device and does not remove
+  ongoing re-encryption log.
+  This allows proper recovery (resume) of reencrypt operation later.
+
+  NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
+  this link disappears once the device metadata is temporarily
+  removed from device.
+
+* Cryptsetup now allows special "-" (standard input) keyfile handling
+  even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
+
+* Cryptsetup now fails if there are more keyfiles specified
+  for non-TCRYPT device.
+
+* The luksKillSlot command now does not suppress provided password
+  in batch mode (if password is wrong slot is not destroyed).
+  Note that not providing password in batch mode means that keyslot
+  is destroyed unconditionally.

docs/v1.7.2-ReleaseNotes

@@ -0,0 +1,37 @@
+Cryptsetup 1.7.2 Release Notes
+==============================
+
+Changes since version 1.7.1
+
+* Update LUKS documentation format.
+  Clarify fixed sector size and keyslots alignment.
+
+* Support activation options for error handling modes in Linux kernel
+  dm-verity module:
+
+  --ignore-corruption - dm-verity just logs detected corruption
+
+  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected
+
+  If the options above are not specified, default behavior for dm-verity remains.
+  Default is that I/O operation fails with I/O error if corrupted block is detected.
+
+  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
+  to contain zeroes and always return zeroes directly instead.
+
+  NOTE that these options could have security or functional impacts,
+  do not use them without assessing the risks!
+
+* Fix help text for cipher benchmark specification (mention --cipher option).
+
+* Fix off-by-one error in maximum keyfile size.
+  Allow keyfiles up to compiled-in default and not that value minus one.
+
+* Support resume of interrupted decryption in cryptsetup-reencrypt utility.
+  To resume decryption, LUKS device UUID (--uuid option) option must be used.
+
+* Do not use direct-io for LUKS header with unaligned keyslots.
+  Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005).
+
+* Fix device block size detection to properly work on particular file-based
+  containers over underlying devices with 4k sectors.

docs/v1.7.3-ReleaseNotes

@@ -0,0 +1,24 @@
+Cryptsetup 1.7.3 Release Notes
+==============================
+
+Changes since version 1.7.2
+
+* Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup.
+
+* Set configured (compile-time) default iteration time for devices created directly through
+  libcryptsetup (default was hardcoded 1 second, the configured value applied only
+  for cryptsetup application).
+
+* Fix PBKDF2 benchmark to not double iteration count for specific corner case.
+  If the measurement function returns exactly 500 ms, the iteration calculation loop
+  doubled iteration count but instead of repeating measurement it used this value directly.
+
+* Verify passphrase in cryptsetup-reencrypt when encrypting a new drive.
+
+* OpenSSL backend: fix memory leak if hash context was repeatedly reused.
+
+* OpenSSL backend: add support for OpenSSL 1.1.0.
+
+* Fix several minor spelling errors.
+
+* Properly check maximal buffer size when parsing UUID from /dev/disk/.

docs/v1.7.4-ReleaseNotes

@@ -0,0 +1,22 @@
+Cryptsetup 1.7.4 Release Notes
+==============================
+
+Changes since version 1.7.3
+
+* Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper.
+
+* Use LUKS1 compiled-in defaults also in Python wrapper.
+
+* OpenSSL backend: Fix OpenSSL 1.1.0 support without backward compatible API.
+
+* OpenSSL backend: Fix LibreSSL compatibility.
+
+* Check for data device and hash device area overlap in veritysetup.
+
+* Fix a possible race while allocating a free loop device.
+
+* Fix possible file descriptor leaks if libcryptsetup is run from a forked process.
+
+* Fix missing same_cpu_crypt flag in status command.
+
+* Various updates to FAQ and man pages.

lib/crypt_plain.c

@@ -2,8 +2,8 @@
  * cryptsetup plain device helper functions
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2010-2012 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2017 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/crypto_backend/crypto_backend.h

@@ -1,8 +1,8 @@
 /*
  * crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_cipher_kernel.c

@@ -1,8 +1,8 @@
 /*
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -88,33 +88,8 @@ int crypt_cipher_blocksize(const char *name)
 	return ca ? ca->blocksize : -EINVAL;
 }
 
-/* Shared with hash kernel backend */
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
-
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
-{
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		return -ENOTSUP;
-
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -ENOENT;
-	}
-
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 /*
- *ciphers
+ * ciphers
  *
  * ENOENT - algorithm not available
  * ENOTSUP - AF_ALG family not available
@@ -128,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "skcipher",
 	};
-	int r;
 
 	h = malloc(sizeof(*h));
 	if (!h)
@@ -137,14 +111,28 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "%s(%s)", mode, name);
 
-	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
-	if (r < 0) {
-		free(h);
-		return r;
+	h->opfd = -1;
+	h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (h->tfmfd < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOTSUP;
 	}
 
-	if (length && strcmp(name, "cipher_null") &&
-	    setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+	if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOENT;
+	}
+
+	if (!strcmp(name, "cipher_null"))
+		length = 0;
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	h->opfd = accept(h->tfmfd, NULL, 0);
+	if (h->opfd < 0) {
 		crypt_cipher_destroy(h);
 		return -EINVAL;
 	}
@@ -239,9 +227,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 
 int crypt_cipher_destroy(struct crypt_cipher *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/crypto_backend/crypto_gcrypt.c

@@ -1,8 +1,8 @@
 /*
  * GCRYPT crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_kernel.c

@@ -1,8 +1,8 @@
 /*
  * Linux kernel userspace API crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -68,8 +68,34 @@ struct crypt_hmac {
 	int hash_len;
 };
 
-/* Defined in crypt_kernel_ciphers.c */
-extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd,
+				    const void *key, size_t key_length)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd < 0)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
 
 int crypt_backend_init(struct crypt_device *ctx)
 {
@@ -87,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
 
-	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
 		return -EINVAL;
 
 	close(tfmfd);
@@ -152,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -188,9 +214,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -227,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) {
 		free(h);
 		return -EINVAL;
 	}
 
-	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
-		crypt_hmac_destroy(h);
-		return -EINVAL;
-	}
-
 	*ctx = h;
 	return 0;
 }
@@ -268,9 +289,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/crypto_backend/crypto_nettle.c

@@ -1,8 +1,8 @@
 /*
  * Nettle crypto backend implementation
  *
- * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2014, Milan Broz
+ * Copyright (C) 2011-2017 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -30,9 +30,9 @@
 static char *version = "Nettle";
 
 typedef void (*init_func) (void *);
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
 
 struct hash_alg {
 	const char *name;

lib/crypto_backend/crypto_nss.c

@@ -1,8 +1,8 @@
 /*
  * NSS crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_openssl.c

@@ -1,8 +1,8 @@
 /*
  * OPENSSL crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -38,23 +38,79 @@
 static int crypto_backend_initialised = 0;
 
 struct crypt_hash {
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
 
 struct crypt_hmac {
-	HMAC_CTX md;
+	HMAC_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
 
+/*
+ * Compatible wrappers for OpenSSL < 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+static void openssl_backend_init(void)
+{
+	OpenSSL_add_all_algorithms();
+}
+
+static const char *openssl_backend_version(void)
+{
+	return SSLeay_version(SSLEAY_VERSION);
+}
+
+static EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+	EVP_MD_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		EVP_MD_CTX_init(md);
+
+	return md;
+}
+
+static void EVP_MD_CTX_free(EVP_MD_CTX *md)
+{
+	EVP_MD_CTX_cleanup(md);
+	free(md);
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		HMAC_CTX_init(md);
+
+	return md;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *md)
+{
+	HMAC_CTX_cleanup(md);
+	free(md);
+}
+#else
+static void openssl_backend_init(void)
+{
+}
+
+static const char *openssl_backend_version(void)
+{
+    return OpenSSL_version(OPENSSL_VERSION);
+}
+#endif
+
 int crypt_backend_init(struct crypt_device *ctx)
 {
 	if (crypto_backend_initialised)
 		return 0;
 
-	OpenSSL_add_all_algorithms();
+	openssl_backend_init();
 
 	crypto_backend_initialised = 1;
 	return 0;
@@ -67,7 +123,7 @@ uint32_t crypt_backend_flags(void)
 
 const char *crypt_backend_version(void)
 {
-	return SSLeay_version(SSLEAY_VERSION);
+	return openssl_backend_version();
 }
 
 /* HASH */
@@ -89,13 +145,21 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 	if (!h)
 		return -ENOMEM;
 
+	h->md = EVP_MD_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	if (EVP_DigestInit(&h->md, h->hash_id) != 1) {
+	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
@@ -107,7 +171,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 static int crypt_hash_restart(struct crypt_hash *ctx)
 {
-	if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1)
+	if (EVP_DigestInit_ex(ctx->md, ctx->hash_id, NULL) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -115,7 +179,7 @@ static int crypt_hash_restart(struct crypt_hash *ctx)
 
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
 {
-	if (EVP_DigestUpdate(&ctx->md, buffer, length) != 1)
+	if (EVP_DigestUpdate(ctx->md, buffer, length) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -129,7 +193,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	if (EVP_DigestFinal_ex(&ctx->md, tmp, &tmp_len) != 1)
+	if (EVP_DigestFinal_ex(ctx->md, tmp, &tmp_len) != 1)
 		return -EINVAL;
 
 	memcpy(buffer, tmp, length);
@@ -146,7 +210,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	EVP_MD_CTX_cleanup(&ctx->md);
+	EVP_MD_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -167,14 +231,20 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	if (!h)
 		return -ENOMEM;
 
+	h->md = HMAC_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		HMAC_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	HMAC_CTX_init(&h->md);
-	HMAC_Init_ex(&h->md, buffer, length, h->hash_id, NULL);
+	HMAC_Init_ex(h->md, buffer, length, h->hash_id, NULL);
 
 	h->hash_len = EVP_MD_size(h->hash_id);
 	*ctx = h;
@@ -183,12 +253,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 
 static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
-	HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL);
+	HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
 }
 
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
 {
-	HMAC_Update(&ctx->md, (const unsigned char *)buffer, length);
+	HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
 	return 0;
 }
 
@@ -200,7 +270,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	HMAC_Final(&ctx->md, tmp, &tmp_len);
+	HMAC_Final(ctx->md, tmp, &tmp_len);
 
 	memcpy(buffer, tmp, length);
 	crypt_backend_memzero(tmp, sizeof(tmp));
@@ -215,7 +285,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	HMAC_CTX_cleanup(&ctx->md);
+	HMAC_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -250,7 +320,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		return -EINVAL;
 
 	if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
-	    (unsigned char *)salt, (int)salt_length,
+	    (const unsigned char *)salt, (int)salt_length,
             (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 		return -EINVAL;
 

lib/crypto_backend/crypto_storage.c

@@ -2,7 +2,7 @@
  * Generic wrapper for storage encryption modes and Initial Vectors
  * (reimplementation of some functions from Linux dm-crypt kernel)
  *
- * Copyright (C) 2014, Milan Broz
+ * Copyright (C) 2014-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/pbkdf2_generic.c

@@ -4,8 +4,8 @@
  * Copyright (C) 2004 Free Software Foundation
  *
  * cryptsetup related changes
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/pbkdf_check.c

@@ -1,7 +1,7 @@
 /*
  * PBKDF performance check
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -71,7 +71,7 @@ int crypt_pbkdf_check(const char *kdf, const char *hash,
 		return -ENOMEM;
 
 	iterations = 1 << 15;
-	while (ms < 500) {
+	while (1) {
 		if (getrusage(RUSAGE_SELF, &rstart) < 0) {
 			r = -EINVAL;
 			goto out;

lib/internal.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -57,8 +57,8 @@ struct volume_key {
 	char key[];
 };
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key);
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength);
 void crypt_free_volume_key(struct volume_key *vk);
 
 /* Device backend */
@@ -75,6 +75,9 @@ int device_block_size(struct device *device);
 int device_read_ahead(struct device *device, uint32_t *read_ahead);
 int device_size(struct device *device, uint64_t *size);
 int device_open(struct device *device, int flags);
+void device_disable_direct_io(struct device *device);
+int device_is_identical(struct device *device1, struct device *device2);
+
 
 enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
 int device_block_adjust(struct crypt_device *cd,

lib/libcryptsetup.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -752,6 +752,12 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
 /** use submit_from_crypt_cpus for dm-crypt */
 #define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
+/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
+#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8)
+/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
+#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
+/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
+#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
 
 
 /**

lib/libdevmapper.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -159,6 +159,15 @@ static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
 {
 	if (verity_maj > 0)
 		_dm_crypt_flags |= DM_VERITY_SUPPORTED;
+	else
+		return;
+	/*
+	 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
+	 * ignore_zero_blocks since 1.3 (kernel 4.5)
+	 * (but some dm-verity targets 1.2 don't support it)
+	 */
+	if (_dm_satisfies_version(1, 3, verity_maj, verity_min))
+		_dm_crypt_flags |= DM_VERITY_ON_CORRUPTION_SUPPORTED;
 
 	log_dbg("Detected dm-verity version %i.%i.%i.",
 		verity_maj, verity_min, verity_patch);
@@ -357,14 +366,35 @@ out:
 
 /* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity */
 static char *get_dm_verity_params(struct crypt_params_verity *vp,
-				   struct crypt_dm_active_device *dmd)
+				   struct crypt_dm_active_device *dmd, uint32_t flags)
 {
-	int max_size, r;
+	int max_size, r, num_options = 0;
 	char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
+	char features[256];
 
 	if (!vp || !dmd)
 		return NULL;
 
+	/* These flags are not compatible */
+	if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) &&
+	    (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION))
+		flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+
+	if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
+		num_options++;
+
+	if (num_options)
+		snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
+		(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
+		(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
+		(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "");
+	else
+		*features = '\0';
+
 	hexroot = crypt_safe_alloc(dmd->u.verity.root_hash_size * 2 + 1);
 	if (!hexroot)
 		goto out;
@@ -388,12 +418,12 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
 		goto out;
 
 	r = snprintf(params, max_size,
-		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s",
+		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s %s",
 		     vp->hash_type, device_block_path(dmd->data_device),
 		     device_block_path(dmd->u.verity.hash_device),
 		     vp->data_block_size, vp->hash_block_size,
 		     vp->data_size, dmd->u.verity.hash_offset,
-		     vp->hash_name, hexroot, hexsalt);
+		     vp->hash_name, hexroot, hexsalt, features);
 	if (r < 0 || r >= max_size) {
 		crypt_safe_free(params);
 		params = NULL;
@@ -434,7 +464,7 @@ static int _dm_simple(int task, const char *name, int udev_wait)
 	if (udev_wait)
 		(void)_dm_udev_wait(cookie);
 
-      out:
+out:
 	dm_task_destroy(dmt);
 	return r;
 }
@@ -591,9 +621,6 @@ static int _dm_create_device(const char *name, const char *type,
 
 		if (!dm_task_set_uuid(dmt, dev_uuid))
 			goto out_no_removal;
-
-		if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
-			goto out_no_removal;
 	}
 
 	if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt))
@@ -610,6 +637,9 @@ static int _dm_create_device(const char *name, const char *type,
 	    !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG))
 		goto out_no_removal;
 #endif
+	/* do not set cookie for DM_DEVICE_RELOAD task */
+	if (!reload && _dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
+		goto out_no_removal;
 
 	if (!dm_task_run(dmt))
 		goto out_no_removal;
@@ -676,7 +706,7 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (dmd->target == DM_CRYPT)
 		table_params = get_dm_crypt_params(dmd, dmd_flags);
 	else if (dmd->target == DM_VERITY)
-		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd);
+		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd, dmd_flags);
 
 	r = _dm_create_device(name, type, dmd->data_device, dmd_flags,
 			      dmd->uuid, dmd->size, table_params, reload);
@@ -696,7 +726,13 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (r == -EINVAL &&
 	    dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
 	    !(dm_flags() & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
-		log_err(cd, _("Requested dmcrypt performance options are not supported.\n"));
+		log_err(cd, _("Requested dm-crypt performance options are not supported.\n"));
+
+	if (r == -EINVAL && dmd_flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+					  CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+					  CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) &&
+	    !(dm_flags() & DM_VERITY_ON_CORRUPTION_SUPPORTED))
+		log_err(cd, _("Requested dm-verity data corruption handling options are not supported.\n"));
 
 	crypt_safe_free(table_params);
 	dm_exit_context();
@@ -893,7 +929,7 @@ static int _dm_query_crypt(uint32_t get_flags,
 				return -EINVAL;
 		}
 
-		/* All parameters shold be processed */
+		/* All parameters should be processed */
 		if (params)
 			return -EINVAL;
 	}
@@ -936,7 +972,8 @@ static int _dm_query_verity(uint32_t get_flags,
 	uint32_t val32;
 	uint64_t val64;
 	ssize_t len;
-	char *str, *str2;
+	char *str, *str2, *arg;
+	unsigned int i;
 	int r;
 
 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
@@ -1032,8 +1069,6 @@ static int _dm_query_verity(uint32_t get_flags,
 
 	/* salt */
 	str = strsep(&params, " ");
-	if (params)
-		return -EINVAL;
 	if (vp) {
 		if (!strcmp(str, "-")) {
 			vp->salt_size = 0;
@@ -1047,6 +1082,33 @@ static int _dm_query_verity(uint32_t get_flags,
 		}
 	}
 
+	/* Features section, available since verity target version 1.3 */
+	if (params) {
+		/* Number of arguments */
+		val64 = strtoull(params, &params, 10);
+		if (*params != ' ')
+			return -EINVAL;
+		params++;
+
+		for (i = 0; i < val64; i++) {
+			if (!params)
+				return -EINVAL;
+			arg = strsep(&params, " ");
+			if (!strcasecmp(arg, "ignore_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+			else if (!strcasecmp(arg, "restart_on_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+			else if (!strcasecmp(arg, "ignore_zero_blocks"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+			else /* unknown option */
+				return -EINVAL;
+		}
+
+		/* All parameters should be processed */
+		if (params)
+			return -EINVAL;
+	}
+
 	return 0;
 }
 

lib/loopaes/loopaes.c

@@ -1,8 +1,8 @@
 /*
  * loop-AES compatible volume handling
  *
- * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2013, Milan Broz
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/loopaes/loopaes.h

@@ -1,8 +1,8 @@
 /*
  * loop-AES compatible volume handling
  *
- * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2013, Milan Broz
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/luks1/af.c

@@ -2,7 +2,7 @@
  * AFsplitter - Anti forensic information splitter
  *
  * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
  *
  * AFsplitter diffuses information over a large stripe of data,
  * therefor supporting secure data destruction.

lib/luks1/af.h

@@ -2,7 +2,7 @@
  * AFsplitter - Anti forensic information splitter
  *
  * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
  *
  * AFsplitter diffuses information over a large stripe of data,
  * therefor supporting secure data destruction.

lib/luks1/keyencryption.c

@@ -2,8 +2,8 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks1/keymanage.c

@@ -2,8 +2,8 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2013-2014, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2013-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -62,7 +62,7 @@ int LUKS_keyslot_area(struct luks_phdr *hdr,
 	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 		return -EINVAL;
 
-	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
 	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
 
 	return 0;
@@ -206,7 +206,6 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 		r = -EIO;
 		goto out;
 	}
-	close(devfd);
 
 	r = 0;
 out:
@@ -260,6 +259,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
@@ -306,6 +306,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	/* Be sure to reload new data */
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
@@ -545,6 +546,16 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (!r)
 		r = LUKS_check_device_size(ctx, hdr->keyBytes);
 
+	/*
+	 * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
+	 * Disable direct-io to avoid possible IO errors if underlying device
+	 * has bigger sector size.
+	 */
+	if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
+		log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
+		device_disable_direct_io(device);
+	}
+
 	close(devfd);
 	return r;
 }
@@ -674,9 +685,9 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 	/* Set Magic */
 	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
 	header->version=1;
-	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
-	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
-	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L);
+	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
+	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
+	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
 
 	header->keyBytes=vk->keylength;
 

lib/luks1/luks.h

@@ -2,7 +2,7 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/random.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup kernel RNG access functions
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -28,6 +28,10 @@
 #include "libcryptsetup.h"
 #include "internal.h"
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 static int random_initialised = 0;
 
 #define URANDOM_DEVICE	"/dev/urandom"
@@ -152,13 +156,13 @@ int crypt_random_init(struct crypt_device *ctx)
 
 	/* Used for CRYPT_RND_NORMAL */
 	if(urandom_fd == -1)
-		urandom_fd = open(URANDOM_DEVICE, O_RDONLY);
+		urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
 	if(urandom_fd == -1)
 		goto fail;
 
 	/* Used for CRYPT_RND_KEY */
 	if(random_fd == -1)
-		random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK);
+		random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
 	if(random_fd == -1)
 		goto fail;
 
@@ -234,9 +238,11 @@ void crypt_random_exit(void)
 
 int crypt_random_default_key_rng(void)
 {
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
 		return CRYPT_RNG_RANDOM;
 
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
 		return CRYPT_RNG_URANDOM;
 

lib/setup.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -626,7 +626,7 @@ int crypt_init(struct crypt_device **cd, const char *device)
 
 	dm_backend_init();
 
-	h->iteration_time = 1000;
+	h->iteration_time = DEFAULT_LUKS1_ITER_TIME;
 	h->password_verify = 0;
 	h->tries = 3;
 	h->rng_type = crypt_random_default_key_rng();
@@ -969,7 +969,7 @@ out:
 	if (r < 0) {
 		crypt_free(*cd);
 		*cd = NULL;
-	} else if (!(*cd)->type && name) {
+	} else if (!(*cd)->type) {
 		/* For anonymous device (no header found) remember initialized name */
 		(*cd)->u.none.active_name = strdup(name);
 	}
@@ -1188,6 +1188,12 @@ static int _crypt_format_verity(struct crypt_device *cd,
 	} else
 		cd->u.verity.hdr.data_size = params->data_size;
 
+	if (device_is_identical(crypt_metadata_device(cd), crypt_data_device(cd)) &&
+	   (cd->u.verity.hdr.data_size * params->data_block_size) > params->hash_area_offset) {
+		log_err(cd, _("Data area overlaps with hash area.\n"));
+		return -EINVAL;
+	}
+
 	hash_size = crypt_hash_size(params->hash_name);
 	if (hash_size <= 0) {
 		log_err(cd, _("Hash algorithm %s not supported.\n"),
@@ -2215,7 +2221,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
 		}
 
 		r = VERITY_activate(cd, name, volume_key, volume_key_size,
-				    &cd->u.verity.hdr, CRYPT_ACTIVATE_READONLY);
+				    &cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
 
 		if (r == -EPERM) {
 			free(cd->u.verity.root_hash);
@@ -2366,7 +2372,7 @@ void crypt_set_password_retry(struct crypt_device *cd, int tries)
 
 void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms)
 {
-	log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms);
+	log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
 	cd->iteration_time = iteration_time_ms;
 }
 void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms)

lib/tcrypt/tcrypt.c

@@ -1,8 +1,8 @@
 /*
  * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2015, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -314,12 +314,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
 {
 	char backend_key[TCRYPT_HDR_KEY_LEN];
 	char iv[TCRYPT_HDR_IV_LEN] = {};
-	char mode_name[MAX_CIPHER_LEN];
+	char mode_name[MAX_CIPHER_LEN + 1];
 	struct crypt_cipher *cipher;
 	char *c, *buf = (char*)&hdr->e;
 	int r;
 
 	/* Remove IV if present */
+	mode_name[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode_name, mode, MAX_CIPHER_LEN);
 	c = strchr(mode_name, '-');
 	if (c)
@@ -612,10 +613,10 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 			return -EINVAL;
 
 		r = device_alloc(&base_device, base_device_path);
+		free(base_device_path);
 		if (r < 0)
 			return r;
 		devfd = device_open(base_device, O_RDONLY);
-		free(base_device_path);
 		device_free(base_device);
 	} else
 		devfd = device_open(device, O_RDONLY);
@@ -723,6 +724,9 @@ int TCRYPT_activate(struct crypt_device *cd,
 	if (!algs)
 		return -EINVAL;
 
+	if (hdr->d.sector_size == 0)
+		return -EINVAL;
+
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		dmd.size = 0;
 	else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
@@ -772,7 +776,8 @@ int TCRYPT_activate(struct crypt_device *cd,
 
 	for (i = algs->chain_count; i > 0; i--) {
 		if (i == 1) {
-			strncpy(dm_name, name, sizeof(dm_name));
+			dm_name[sizeof(dm_name)-1] = '\0';
+			strncpy(dm_name, name, sizeof(dm_name)-1);
 			dmd.flags = flags;
 		} else {
 			snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
@@ -914,7 +919,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 			struct tcrypt_phdr *tcrypt_hdr)
 {
 	struct tcrypt_algs *algs;
-	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp;
+	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp;
 	size_t key_size;
 	int r;
 
@@ -928,6 +933,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	if (!tmp)
 		return -EINVAL;
 	*tmp = '\0';
+	mode[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
 
 	key_size = dmd->u.crypt.vk->keylength;

lib/tcrypt/tcrypt.h

@@ -1,8 +1,8 @@
 /*
  * TCRYPT (TrueCrypt-compatible)  header defitinion
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/utils.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -105,9 +105,9 @@ ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count)
 		if (r < bsize)
 			bsize = r;
 
-		r = lseek(fd, -bsize, SEEK_CUR);
-		if (r < 0)
+		if (lseek(fd, -bsize, SEEK_CUR) < 0)
 			goto out;
+
 		memcpy(hangover_buf, (char*)buf + solid, hangover);
 
 		r = write(fd, hangover_buf, bsize);

lib/utils_benchmark.c

@@ -1,8 +1,8 @@
 /*
  * libcryptsetup - cryptsetup library, cipher bechmark
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2013, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_crypt.c

@@ -2,8 +2,8 @@
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -22,6 +22,7 @@
 
 #include <stdlib.h>
 #include <stddef.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
@@ -98,7 +99,7 @@ void *crypt_safe_alloc(size_t size)
 {
 	struct safe_allocation *alloc;
 
-	if (!size)
+	if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data)))
 		return NULL;
 
 	alloc = malloc(size + offsetof(struct safe_allocation, data));
@@ -360,7 +361,7 @@ int crypt_get_key(const char *prompt,
 
 	/* If not requsted otherwise, we limit input to prevent memory exhaustion */
 	if (keyfile_size_max == 0) {
-		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024;
+		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
 		unlimited_read = 1;
 	}
 

lib/utils_crypt.h

@@ -2,8 +2,8 @@
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_device.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -50,8 +50,10 @@ static int device_block_size_fd(int fd, size_t *min_size)
 	if (fstat(fd, &st) < 0)
 		return -EINVAL;
 
-	if (S_ISREG(st.st_mode))
+	if (S_ISREG(st.st_mode)) {
 		r = (int)crypt_getpagesize();
+		bsize = r;
+	}
 	else if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
 		r = bsize;
 	else
@@ -417,25 +419,22 @@ out:
 
 static int device_internal_prepare(struct crypt_device *cd, struct device *device)
 {
-	char *loop_device, *file_path = NULL;
+	char *loop_device = NULL, *file_path = NULL;
 	int r, loop_fd, readonly = 0;
 
 	if (device->init_done)
 		return 0;
 
-	log_dbg("Allocating a free loop device.");
-	loop_device = crypt_loop_get_device();
-	if (!loop_device) {
-		if (getuid() || geteuid())
-			log_err(cd, _("Cannot use a loopback device, "
-				      "running as non-root user.\n"));
-		else
-			log_err(cd, _("Cannot find a free loopback device.\n"));
+	if (getuid() || geteuid()) {
+		log_err(cd, _("Cannot use a loopback device, "
+			      "running as non-root user.\n"));
 		return -ENOTSUP;
 	}
 
+	log_dbg("Allocating a free loop device.");
+
 	/* Keep the loop open, dettached on last close. */
-	loop_fd = crypt_loop_attach(loop_device, device->path, 0, 1, &readonly);
+	loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly);
 	if (loop_fd == -1) {
 		log_err(cd, _("Attaching loopback device failed "
 			"(loop device with autoclear flag is required).\n"));
@@ -528,3 +527,23 @@ size_t size_round_up(size_t size, unsigned int block)
 	size_t s = (size + (block - 1)) / block;
 	return s * block;
 }
+
+void device_disable_direct_io(struct device *device)
+{
+	device->o_direct = 0;
+}
+
+int device_is_identical(struct device *device1, struct device *device2)
+{
+	if (device1 == device2)
+		return 1;
+
+	if (!device1 || !device2 || !device_path(device1) || !device_path(device2))
+		return 0;
+
+	/* This should be better check - major/minor for block device etc */
+	if (!strcmp(device_path(device1), device_path(device2)))
+		return 1;
+
+	return 0;
+}

lib/utils_devpath.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2013, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -31,6 +31,9 @@
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include "internal.h"
 
 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
@@ -276,24 +279,30 @@ char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t
 		major(st.st_rdev), minor(st.st_rdev)) < 0)
 		return NULL;
 
-	len = readlink(path, link, sizeof(link) - 1);
-	if (len < 0)
+	dir = opendir(path);
+	if (!dir)
 		return NULL;
 
+	len = readlink(path, link, sizeof(link) - 1);
+	if (len < 0) {
+		closedir(dir);
+		return NULL;
+	}
+
 	/* Get top level disk name for sysfs search */
 	link[len] = '\0';
 	devname = strrchr(link, '/');
-	if (!devname)
+	if (!devname) {
+		closedir(dir);
 		return NULL;
+	}
 	devname++;
 
 	/* DM devices do not use kernel partitions. */
-	if (dm_is_dm_kernel_name(devname))
-		return NULL;
-
-	dir = opendir(path);
-	if (!dir)
+	if (dm_is_dm_kernel_name(devname)) {
+		closedir(dir);
 		return NULL;
+	}
 
 	devname_len = strlen(devname);
 	while((entry = readdir(dir))) {

lib/utils_dm.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -42,6 +42,7 @@ struct device;
 #define DM_TCW_SUPPORTED      (1 << 6)	/* tcw (TCRYPT CBC with whitening) */
 #define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */
 #define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
+#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
 
 uint32_t dm_flags(void);
 

lib/utils_fips.c

@@ -1,7 +1,7 @@
 /*
  * FIPS mode utilities
  *
- * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_fips.h

@@ -1,7 +1,7 @@
 /*
  * FIPS mode utilities
  *
- * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_loop.c

@@ -1,8 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -28,6 +29,9 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <linux/loop.h>
 
 #include "utils_loop.h"
@@ -70,7 +74,7 @@ static char *crypt_loop_get_device_old(void)
 	return NULL;
 }
 
-char *crypt_loop_get_device(void)
+static char *crypt_loop_get_device(void)
 {
 	char dev[64];
 	int i, loop_fd;
@@ -96,12 +100,15 @@ char *crypt_loop_get_device(void)
 	return strdup(dev);
 }
 
-int crypt_loop_attach(const char *loop, const char *file, int offset,
+int crypt_loop_attach(char **loop, const char *file, int offset,
 		      int autoclear, int *readonly)
 {
 	struct loop_info64 lo64 = {0};
+	char *lo_file_name;
 	int loop_fd = -1, file_fd = -1, r = 1;
 
+	*loop = NULL;
+
 	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
 	if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) {
 		*readonly = 1;
@@ -110,18 +117,33 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 	if (file_fd < 0)
 		goto out;
 
-	loop_fd = open(loop, *readonly ? O_RDONLY : O_RDWR);
-	if (loop_fd < 0)
-		goto out;
+	while (loop_fd < 0)  {
+		*loop = crypt_loop_get_device();
+		if (!*loop)
+			goto out;
 
-	strncpy((char*)lo64.lo_file_name, file, LO_NAME_SIZE);
+		loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
+		if (loop_fd < 0)
+			goto out;
+
+		if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
+			if (errno != EBUSY)
+				goto out;
+			free(*loop);
+			*loop = NULL;
+
+			close(loop_fd);
+			loop_fd = -1;
+		}
+	}
+
+	lo_file_name = (char*)lo64.lo_file_name;
+	lo_file_name[LO_NAME_SIZE-1] = '\0';
+	strncpy(lo_file_name, file, LO_NAME_SIZE-1);
 	lo64.lo_offset = offset;
 	if (autoclear)
 		lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;
 
-	if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0)
-		goto out;
-
 	if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) {
 		(void)ioctl(loop_fd, LOOP_CLR_FD, 0);
 		goto out;
@@ -143,6 +165,10 @@ out:
 		close(loop_fd);
 	if (file_fd >= 0)
 		close(file_fd);
+	if (r && *loop) {
+		free(*loop);
+		*loop = NULL;
+	}
 	return r ? -1 : loop_fd;
 }
 

lib/utils_loop.h

@@ -1,8 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -24,10 +24,9 @@
 
 /* loopback device helpers */
 
-char *crypt_loop_get_device(void);
 char *crypt_loop_backing_file(const char *loop);
 int crypt_loop_device(const char *loop);
-int crypt_loop_attach(const char *loop, const char *file, int offset,
+int crypt_loop_attach(char **loop, const char *file, int offset,
 		      int autoclear, int *readonly);
 int crypt_loop_detach(const char *loop);
 int crypt_loop_resize(const char *loop);

lib/utils_wipe.c

@@ -2,8 +2,8 @@
  * utils_wipe - wipe a device
  *
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -29,6 +29,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <fcntl.h>
 
 #include "libcryptsetup.h"
@@ -128,7 +131,7 @@ int crypt_wipe(struct device *device,
 	ssize_t written;
 
 	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
-		log_dbg("Unsuported wipe size for device %s: %ld.",
+		log_dbg("Unsupported wipe size for device %s: %ld.",
 			device_path(device), (unsigned long)size);
 		return -EINVAL;
 	}
@@ -183,7 +186,7 @@ int crypt_wipe(struct device *device,
 			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
 			break;
 		default:
-			log_dbg("Unsuported wipe type requested: (%d)", type);
+			log_dbg("Unsupported wipe type requested: (%d)", type);
 			written = -1;
 	}
 

lib/verity/verity.c

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -156,6 +156,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
+	char *algorithm;
 	uuid_t uuid;
 	int r, devfd = 0;
 
@@ -187,7 +188,9 @@ int VERITY_write_sb(struct crypt_device *cd,
 	sb.hash_block_size = cpu_to_le32(params->hash_block_size);
 	sb.salt_size       = cpu_to_le16(params->salt_size);
 	sb.data_blocks     = cpu_to_le64(params->data_size);
-	strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm));
+	algorithm = (char *)sb.algorithm;
+	algorithm[sizeof(sb.algorithm)-1] = '\0';
+	strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1);
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));
 

lib/verity/verity.h

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/verity_hash.c

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/volumekey.c

@@ -2,7 +2,7 @@
  * cryptsetup volume key implementation
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2017, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -20,22 +20,31 @@
  */
 
 #include <string.h>
+#include <stdint.h>
 #include <stdlib.h>
 
 #include "internal.h"
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key)
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
 {
-	struct volume_key *vk = malloc(sizeof(*vk) + keylength);
+	struct volume_key *vk;
 
+	if (keylength > (SIZE_MAX - sizeof(*vk)))
+		return NULL;
+
+	vk = malloc(sizeof(*vk) + keylength);
 	if (!vk)
 		return NULL;
 
 	vk->keylength = keylength;
-	if (key)
-		memcpy(&vk->key, key, keylength);
-	else
-		crypt_memzero(&vk->key, keylength);
+
+	/* keylength 0 is valid => no key */
+	if (vk->keylength) {
+		if (key)
+			memcpy(&vk->key, key, keylength);
+		else
+			crypt_memzero(&vk->key, keylength);
+	}
 
 	return vk;
 }
@@ -49,7 +58,7 @@ void crypt_free_volume_key(struct volume_key *vk)
 	}
 }
 
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength)
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength)
 {
 	int r;
 	struct volume_key *vk;

man/cryptsetup-reencrypt.8

@@ -1,4 +1,4 @@
-.TH CRYPTSETUP-REENCRYPT "8" "January 2015" "cryptsetup-reencrypt" "Maintenance Commands"
+.TH CRYPTSETUP-REENCRYPT "8" "March 2017" "cryptsetup-reencrypt" "Maintenance Commands"
 .SH NAME
 cryptsetup-reencrypt - tool for offline LUKS device re-encryption
 .SH SYNOPSIS
@@ -37,7 +37,8 @@ To start (or continue) re-encryption for <device> use:
 \fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher, \-\-debug,
 \-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom,
 \-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
-\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log]
+\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log,
+\-\-uuid]
 
 To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination
 with \fI\-\-reduce-device-size\fR.
@@ -153,7 +154,7 @@ Use with extreme care - shrinked filesystems are usually unrecoverable.
 
 You cannot shrink device more than by 64 MiB (131072 sectors).
 .TP
-.B "\-\-new, N"
+.B "\-\-new, \-N"
 Create new header (encrypt not yet encrypted device).
 
 This option must be used together with \-\-reduce-device-size.
@@ -180,6 +181,12 @@ log files as well.
 Update log file after every block write. This can slow down reencryption
 but will minimize data loss in the case of system crash.
 .TP
+.B "\-\-uuid" \fI<uuid>\fR
+Use only while resuming an interrupted decryption process (see \-\-decrypt).
+
+To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new]
+of the interrupted decryption process.
+.TP
 .B "\-\-batch-mode, \-q"
 Suppresses all warnings and reencryption progress output.
 .TP
@@ -225,9 +232,9 @@ Please attach the output of the failed command with the
 .SH AUTHORS
 Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2015 Milan Broz
+Copyright \(co 2012-2017 Milan Broz
 .br
-Copyright \(co 2012-2013 Red Hat, Inc.
+Copyright \(co 2012-2017 Red Hat, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

man/cryptsetup.8

@@ -1,4 +1,4 @@
-.TH CRYPTSETUP "8" "December 2013" "cryptsetup" "Maintenance Commands"
+.TH CRYPTSETUP "8" "March 2017" "cryptsetup" "Maintenance Commands"
 .SH NAME
 cryptsetup - manage plain dm-crypt and LUKS encrypted volumes
 .SH SYNOPSIS
@@ -107,10 +107,15 @@ Reports the status for the mapping <name>.
 .IP
 Resizes an active mapping <name>.
 
-If \-\-size (in sectors) is not specified, the size of the
-underlying block device is used. Note that this does not
-change the raw device geometry, it just changes how many
-sectors of the raw device are represented in the mapped device.
+If \-\-size (in sectors) is not specified, the size is computed
+from the underlying device. For LUKS it is the size of the
+underlying device without the area reserved for LUKS header
+(see data payload offset in \fBluksDump\fR command).
+For plain crypt device the whole device size is used.
+
+Note that this does not change the raw device geometry, it just
+changes how many sectors of the raw device are represented
+in the mapped device.
 .SH PLAIN MODE
 Plain dm-crypt encrypts the device sector-by-sector with a
 single, non-salted hash of the passphrase. No checks
@@ -253,7 +258,7 @@ as positional argument or via \-\-key-file.
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key\-file), batch-mode (\-q) will be implicitely
+to \-\-key\-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
@@ -286,8 +291,9 @@ inaccessible.
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
-Wipe the key-slot number <key slot> from the LUKS device. A remaining
-passphrase must be supplied, either interactively or via \-\-key-file.
+Wipe the key-slot number <key slot> from the LUKS device. Except running
+in batch-mode (\-q) a remaining passphrase must be supplied,
+either interactively or via \-\-key-file.
 This command can remove the last remaining key-slot, but requires
 an interactive confirmation when doing so. Removing the last
 passphrase makes a LUKS container permanently inaccessible.
@@ -297,11 +303,16 @@ passphrase makes a LUKS container permanently inaccessible.
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key-file), batch-mode (\-q) will be implicitely
+to \-\-key-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
 inaccessible.
+
+\fBNOTE:\fR If there is no passphrase provided (on stdin or through
+\-\-key-file argument) and batch-mode (\-q) is active, the
+key-slot is removed without any other warning.
+
 .PP
 \fIerase\fR <device>
 .br
@@ -517,7 +528,7 @@ to be erased to prevent further access. Use this option carefully.
 The keyfile parameter allows combination of file content with the
 passphrase and can be repeated.
 .PP
-See also \fBhttp://www.truecrypt.org\fR for more information regarding
+See also \fBhttps://en.wikipedia.org/wiki/TrueCrypt\fR for more information regarding
 TrueCrypt.
 
 Please note that cryptsetup does not use TrueCrypt code, please report
@@ -593,7 +604,7 @@ The current default in the distributed sources is
 "aes-cbc-essiv:sha256" for plain dm-crypt and
 "aes-xts-plain64" for LUKS.
 
-If a hash is part of the cipher spefification, then it is
+If a hash is part of the cipher specification, then it is
 used as part of the IV generation. For example, ESSIV
 needs a hash function, while "plain64" does not and
 hence none is specified.
@@ -726,7 +737,7 @@ All other LUKS actions will use the key-size specified in the LUKS header.
 Use \fIcryptsetup \-\-help\fR to show the compiled-in defaults.
 .TP
 .B "\-\-size, \-b <number of 512 byte sectors>"
-Force the size of the underlying device in sectors of 512 bytes.
+Set the size of the device in sectors of 512 bytes.
 This option is only relevant for the \fIopen\fR and \fIresize\fR
 actions.
 .TP
@@ -1065,9 +1076,9 @@ Copyright \(co 2004 Jana Saout
 .br
 Copyright \(co 2004-2006 Clemens Fruhwirth
 .br
-Copyright \(co 2009-2015 Red Hat, Inc.
+Copyright \(co 2009-2017 Red Hat, Inc.
 .br
-Copyright \(co 2009-2015 Milan Broz
+Copyright \(co 2009-2017 Milan Broz
 .br
 Copyright \(co 2012-2014 Arno Wagner
 

man/veritysetup.8

@@ -1,4 +1,4 @@
-.TH VERITYSETUP "8" "December 2013" "veritysetup" "Maintenance Commands"
+.TH VERITYSETUP "8" "March 2017" "veritysetup" "Maintenance Commands"
 .SH NAME
 veritysetup - manage dm-verity (block level verification) volumes
 .SH SYNOPSIS
@@ -37,7 +37,8 @@ Creates a mapping with <name> backed by device <data_device> and using
 
 The <root_hash> is a hexadecimal string.
 
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
+\-\-ignore-corruption or \-\-restart-on-corruption, \-\-ignore-zero-blocks]
 
 If option \-\-no-superblock is used, you have to use as the same options
 as in initial format operation.
@@ -82,7 +83,7 @@ Create or use dm-verity without permanent on-disk superblock.
 .TP
 .B "\-\-format=number"
 Specifies the hash version type.
-Format type 0 is original Chrome OS verion. Format type 1 is current version.
+Format type 0 is original Chrome OS version. Format type 1 is current version.
 .TP
 .B "\-\-data-block-size=bytes"
 Used block size for the data device.
@@ -110,14 +111,63 @@ Use the provided UUID for format command instead of generating new one.
 The UUID must be provided in standard UUID format,
 e.g. 12345678-1234-1234-1234-123456789abc.
 .TP
+.B "\-\-ignore-corruption", "\-\-restart-on-corruption"
+Defines what to do if data integrity problem is detected (data corruption).
+
+Without these options kernel fails the IO operation with I/O error.
+With \-\-ignore-corruption option the corruption is only logged.
+With \-\-restart-on-corruption the kernel is restarted immediatelly.
+(You have to provide way how to avoid restart loops.)
+
+\fBWARNING:\fR Use these options only for very specific cases.
+These options are available since Linux kernel version 4.1.
+.TP
+.B "\-\-ignore-zero-blocks"
+Instruct kernel to not verify blocks that are expected to contain zeroes
+and always directly return zeroes instead.
+
+\fBWARNING:\fR Use this option only in very specific cases.
+This option is available since Linux kernel version 4.5.
+.TP
+.B "\-\-hash=hash"
+Hash algorithm for dm-verity. For default see \-\-help option.
+.TP
 .B "\-\-version"
 Show the program version.
 .SH RETURN CODES
 Veritysetup returns 0 on success and a non-zero value on error.
 
-Error codes are: 1 wrong parameters, 2 no permission,
-3 out of memory, 4 wrong device specified, 5 device already exists
-or device is busy.
+Error codes are:
+    1 wrong parameters
+    2 no permission
+    3 out of memory
+    4 wrong device specified
+    5 device already exists or device is busy.
+
+.SH EXAMPLES
+.B "veritysetup \-\-data-blocks=256 format <data_device> <hash_device>"
+
+Calculates and stores verification data on hash_device for the first 256 blocks (of block-size).
+If hash_device does not exist, it is created (as file image).
+
+.B "veritysetup format <data_device> <hash_device>"
+
+Calculates and stores verification data on hash_device for the whole data_device.
+
+.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 format <device> <device>"
+
+Verification data (hashes) is stored on the same device as data (starting at hash-offset).
+Hash-offset must be greater than number of blocks in data-area.
+
+.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 create test-device <device> <device> <root_hash>"
+
+Acivatees the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same
+as in the format command. The <root_hash> was calculated in format command.
+
+.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 verify <data_device> <hash_device> <root_hash>"
+
+Verifies device without activation (in userspace).
+
 .SH REPORTING BUGS
 Report bugs, including ones in the documentation, on
 the cryptsetup mailing list at <dm-crypt@saout.de>
@@ -130,9 +180,9 @@ The first implementation of veritysetup was written by Chrome OS authors.
 This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
 and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2013 Red Hat, Inc.
+Copyright \(co 2012-2017 Red Hat, Inc.
 .br
-Copyright \(co 2012-2014 Milan Broz
+Copyright \(co 2012-2017 Milan Broz
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

misc/dracut_90reencrypt/README

@@ -11,9 +11,11 @@ e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
 will be reencrypted (default is whole device).
 (Name is kernel name of device.)
 
-Also, you may specify keyslot which you want to use for reencryption,
-rd.luks.reencrypt_keyslot=<keyslot_number>. Bear in mind that if you
-use this option, all other keyslots will be deactivated.
+If there's more than single active keyslot in the target luks device
+you're required to select one keyslot explicitly for reencryption via
+rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
+if you use this option, all other keyslots will get deactivated in the
+process.
 
 Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
 can be used to read password for specific keyslot from device containing

misc/dracut_90reencrypt/module-setup.sh

@@ -24,6 +24,8 @@ install() {
 
     dracut_install cryptsetup-reencrypt
 
+    # moddir variable is assigned in dracut general shell lib
+    # shellcheck disable=SC2154
     inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
     inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
 }

misc/dracut_90reencrypt/reencrypt.sh

@@ -39,7 +39,8 @@ reenc_readkey() {
 }
 
 reenc_run() {
-    local cwd=$(pwd)
+    local cwd
+    cwd=$(pwd)
     local _prompt="LUKS password for REENCRYPTING $device"
     cd /tmp
     if [ "$1" = "none" ] ; then

po/LINGUAS

@@ -8,6 +8,7 @@ id
 it
 nl
 pl
+pt_BR
 sr
 sv
 uk

po/fi.po

@@ -13,6 +13,7 @@ msgstr ""
 "Last-Translator: Jorma Karvonen <karvonen.jorma@gmail.com>\n"
 "Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
 "Language: fi\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

po/id.po

@@ -11,6 +11,7 @@ msgstr ""
 "PO-Revision-Date: 2010-01-27 07:30+0700\n"
 "Last-Translator: Arif E. Nugroho <arif_endro@yahoo.com>\n"
 "Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=ISO-8859-1\n"
 "Content-Transfer-Encoding: 8bit\n"

python/pycryptsetup-test.py

@@ -2,7 +2,7 @@
 #
 # Python bindings to libcryptsetup test
 #
-# Copyright (C) 2011-2014, Red Hat, Inc. All rights reserved.
+# Copyright (C) 2011-2017, Red Hat, Inc. All rights reserved.
 #
 # This file is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -74,7 +74,7 @@ r =  c.isLuks()
 print("isLuks  :", r)
 c.askyes(message = "Is there anybody out there?")
 c.log(priority = pycryptsetup.CRYPT_LOG_ERROR, message = "Nobody there...\n")
-c.luksFormat(cipher = "aes", cipherMode= "xts-plain64", keysize = 512)
+c.luksFormat(cipher = "aes", cipherMode= "xts-plain64", keysize = 512, hashMode = "sha256")
 print("isLuks  :", c.isLuks())
 print("luksUUID:", c.luksUUID())
 print("addKeyVK:", c.addKeyByVolumeKey(newPassphrase = PASSWORD, slot = 2))

python/pycryptsetup.c

@@ -1,7 +1,7 @@
 /*
  * Python bindings to libcryptsetup
  *
- * Copyright (C) 2009-2014, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
  * Written by Martin Sivak
  *
  * This file is free software; you can redistribute it and/or
@@ -413,22 +413,26 @@ static PyObject *CryptSetup_Info(CryptSetupObject* self, PyObject *args, PyObjec
 static char
 CryptSetup_luksFormat_HELP[] =
 "Format device to enable LUKS\n\n\
-  luksFormat(cipher = 'aes', cipherMode = 'cbc-essiv:sha256', keysize = 256)\n\n\
+  luksFormat(cipher = 'aes', cipherMode = 'cbc-essiv:sha256', keysize = 256, hashMode = 'sha256')\n\n\
   cipher - cipher specification, e.g. aes, serpent\n\
   cipherMode - cipher mode specification, e.g. cbc-essiv:sha256, xts-plain64\n\
-  keysize - key size in bits";
+  keysize - key size in bits\n\
+  hashMode - hash specification, e.g. sha256";
 
 static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static const char *kwlist[] = {"cipher", "cipherMode", "keysize", NULL};
-	char *cipher_mode = NULL, *cipher = NULL;
-	int keysize = 256;
+	static const char *kwlist[] = {"cipher", "cipherMode", "keysize", "hashMode", NULL};
+	char *cipher_mode = NULL, *cipher = NULL, *hashMode = NULL;
+	int keysize = DEFAULT_LUKS1_KEYBITS;
 	PyObject *keysize_object = NULL;
+	struct crypt_params_luks1 params = {};
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzO", CONST_CAST(char**)kwlist,
-					&cipher, &cipher_mode, &keysize_object))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOz", CONST_CAST(char**)kwlist,
+					&cipher, &cipher_mode, &keysize_object,
+					&hashMode))
 		return NULL;
 
+	params.hash = hashMode;
 	if (!keysize_object || keysize_object == Py_None) {
 		/* use default value */
 	} else if (!PyInt_Check(keysize_object)) {
@@ -443,10 +447,10 @@ static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, P
 	} else
 		keysize = PyInt_AsLong(keysize_object);
 
-	// FIXME use #defined defaults
 	return PyObjectResult(crypt_format(self->device, CRYPT_LUKS1,
-				cipher ?: "aes", cipher_mode ?: "cbc-essiv:sha256",
-				NULL, NULL, keysize / 8, NULL));
+				cipher ?: DEFAULT_LUKS1_CIPHER,
+				cipher_mode ?: DEFAULT_LUKS1_MODE,
+				NULL, NULL, keysize / 8, &params));
 }
 
 static char
@@ -640,7 +644,7 @@ static char
 CryptSetup_iterationTime_HELP[] =
 "Set iteration time\n\n\
   iterationTime(time_ms)\n\n\
-  time_ms - time in miliseconds";
+  time_ms - time in milliseconds";
 
 static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {

src/Makefile.am

@@ -77,7 +77,8 @@ cryptsetup_reencrypt_SOURCES = \
 	cryptsetup_reencrypt.c			\
 	cryptsetup.h
 
-cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD)
+cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) \
+	@UUID_LIBS@
 cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS)
 
 sbin_PROGRAMS += cryptsetup-reencrypt

src/cryptsetup.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -28,6 +28,7 @@ static const char *opt_hash = NULL;
 static int opt_verify_passphrase = 0;
 
 static const char *opt_key_file = NULL;
+static const char *opt_keyfile_stdin = NULL;
 static int opt_keyfiles_count = 0;
 static const char *opt_keyfiles[MAX_KEYFILES];
 
@@ -239,11 +240,14 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
 {
 	int r, tries = opt_tries, eperm = 0;
 
+	if (opt_keyfile_stdin)
+		tries = 1;
+
 	do {
 		/* TCRYPT header is encrypted, get passphrase now */
 		r = tools_get_key(_("Enter passphrase: "),
 				  CONST_CAST(char**)&params->passphrase,
-				  &params->passphrase_size, 0, 0, NULL, opt_timeout,
+				  &params->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout,
 				 _verify_passphrase(0), 0, cd);
 		if (r < 0)
 			continue;
@@ -467,7 +471,7 @@ static int action_status(void)
 		log_std("  mode:    %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
 					   "readonly" : "read/write");
 		if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS|
-				 CRYPT_ACTIVATE_ALLOW_DISCARDS|
+				 CRYPT_ACTIVATE_SAME_CPU_CRYPT|
 				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS))
 			log_std("  flags:   %s%s%s\n",
 				(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "",
@@ -827,7 +831,8 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 	int i, r;
 
 	ki = crypt_keyslot_status(cd, key_slot);
-	if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL))
+	if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file &&
+	    msg_last && !yesDialog(msg_last, NULL))
 		return -EPERM;
 
 	r = tools_get_key(msg_pass, &password, &passwordLen,
@@ -854,6 +859,10 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 		}
 	}
 
+	/* Handle inactive keyslots the same as bad password here */
+	if (r == -ENOENT)
+		r = -EPERM;
+
 	if (r == -EPERM)
 		log_err(_("No key available with this passphrase.\n"));
 out:
@@ -887,7 +896,7 @@ static int action_luksKillSlot(void)
 		goto out;
 	}
 
-	if (!opt_batch_mode) {
+	if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) {
 		r = verify_keyslot(cd, opt_key_slot,
 			_("This is the last keyslot. Device will become unusable after purging this key."),
 			_("Enter any remaining passphrase: "),
@@ -1372,7 +1381,7 @@ static struct action_type {
 	{ "close",        action_close,        1, 1, N_("<name>"), N_("close device (remove mapping)") },
 	{ "resize",       action_resize,       1, 1, N_("<name>"), N_("resize active device") },
 	{ "status",       action_status,       1, 0, N_("<name>"), N_("show device status") },
-	{ "benchmark",    action_benchmark,    0, 0, N_("<name>"), N_("benchmark cipher") },
+	{ "benchmark",    action_benchmark,    0, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
 	{ "repair",       action_luksRepair,   1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
 	{ "erase",        action_luksErase ,   1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
 	{ "luksFormat",   action_luksFormat,   1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
@@ -1529,7 +1538,7 @@ int main(int argc, const char **argv)
 	poptContext popt_context;
 	struct action_type *action;
 	const char *aname;
-	int r;
+	int r, total_keyfiles = 0;
 
 	crypt_set_log_callback(NULL, tool_log, NULL);
 
@@ -1543,11 +1552,15 @@ int main(int argc, const char **argv)
 
 	while((r = poptGetNextOpt(popt_context)) > 0) {
 		unsigned long long ull_value;
-		char *endp;
+		char *endp, *kf;
 
 		if (r == 5) {
-			if (opt_keyfiles_count < MAX_KEYFILES)
-				opt_keyfiles[opt_keyfiles_count++] = poptGetOptArg(popt_context);
+			kf = poptGetOptArg(popt_context);
+			if (tools_is_stdin(kf))
+				opt_keyfile_stdin = kf;
+			else if (opt_keyfiles_count < MAX_KEYFILES)
+				opt_keyfiles[opt_keyfiles_count++] = kf;
+			total_keyfiles++;
 			continue;
 		}
 
@@ -1699,6 +1712,10 @@ int main(int argc, const char **argv)
 		      _("Negative number for option not permitted."),
 		      poptGetInvocationName(popt_context));
 
+	if (total_keyfiles > 1 && strcmp(opt_type, "tcrypt"))
+		usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_random && opt_urandom)
 		usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
 		      poptGetInvocationName(popt_context));

src/cryptsetup.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

src/cryptsetup_reencrypt.c

@@ -1,8 +1,8 @@
 /*
  * cryptsetup-reencrypt - crypt utility for offline re-encryption
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2015, Milan Broz All rights reserved.
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -24,6 +24,7 @@
 #include <sys/time.h>
 #include <linux/fs.h>
 #include <arpa/inet.h>
+#include <uuid/uuid.h>
 
 #define PACKAGE_REENC "crypt_reencrypt"
 
@@ -33,6 +34,7 @@
 static const char *opt_cipher = NULL;
 static const char *opt_hash = NULL;
 static const char *opt_key_file = NULL;
+static const char *opt_uuid = NULL;
 static long opt_keyfile_size = 0;
 static long opt_keyfile_offset = 0;
 static int opt_iteration_time = 1000;
@@ -68,6 +70,7 @@ struct reenc_ctx {
 	uint64_t device_offset;
 	uint64_t device_shift;
 
+	int stained:1;
 	int in_progress:1;
 	enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
 	enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;
@@ -148,7 +151,7 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 				rc->device);
 			return -EBUSY;
 		}
-		log_err(_("Cannot open device %s\n"), rc->device);
+		log_err(_("Cannot open device %s.\n"), rc->device);
 		return -EINVAL;
 	}
 
@@ -179,11 +182,6 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 		log_verbose(_("Marking LUKS device %s unusable.\n"), rc->device);
 		memcpy(buf, NOMAGIC, MAGIC_L);
 		r = 0;
-	} else if (set_magic == MAKE_USABLE && !memcmp(buf, NOMAGIC, MAGIC_L) &&
-		   version == 1) {
-		log_verbose(_("Marking LUKS device %s usable.\n"), rc->device);
-		memcpy(buf, MAGIC, MAGIC_L);
-		r = 0;
 	} else if (set_magic == CHECK_UNUSABLE && version == 1) {
 		r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0;
 		if (!r)
@@ -200,6 +198,8 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 			log_err(_("Cannot write device %s.\n"), rc->device);
 			r = -EIO;
 		}
+		if (s > 0 && set_magic == MAKE_UNUSABLE)
+			rc->stained = 1;
 	} else
 		log_dbg("LUKS signature check failed for %s.", rc->device);
 out:
@@ -370,6 +370,7 @@ static int open_log(struct reenc_ctx *rc)
 	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
 	if (rc->log_fd != -1) {
 		log_dbg("Created LUKS reencryption log file %s.", rc->log_file);
+		rc->stained = 0;
 	} else if (errno == EEXIST) {
 		log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
 		rc->log_fd = open(rc->log_file, O_RDWR|flags);
@@ -653,8 +654,10 @@ static int restore_luks_header(struct reenc_ctx *rc)
 	crypt_free(cd);
 	if (r)
 		log_err(_("Cannot restore LUKS header on device %s.\n"), rc->device);
-	else
+	else {
 		log_verbose(_("LUKS header on device %s restored.\n"), rc->device);
+		rc->stained = 0;
+	}
 	return r;
 }
 
@@ -791,6 +794,9 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 	if (write_log(rc) < 0)
 		return -EIO;
 
+	/* dirty the device during ENCRYPT mode */
+	rc->stained = 1;
+
 	while (!quit && rc->device_offset) {
 		if (rc->device_offset < block_size) {
 			working_offset = 0;
@@ -955,6 +961,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL;
 	int r;
+	uuid_t device_uuid;
 
 	log_dbg("Initialising UUID.");
 
@@ -963,6 +970,16 @@ static int initialize_uuid(struct reenc_ctx *rc)
 		return 0;
 	}
 
+	if (opt_decrypt && opt_uuid) {
+		r = uuid_parse(opt_uuid, device_uuid);
+		if (!r)
+			rc->device_uuid = strdup(opt_uuid);
+		else
+			log_err(_("Provided UUID is invalid.\n"));
+
+		return r;
+	}
+
 	/* Try to load LUKS from device */
 	if ((r = crypt_init(&cd, rc->device)))
 		return r;
@@ -979,7 +996,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 }
 
 static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
-			    const char *msg, int slot_to_check, int check)
+			    const char *msg, int slot_to_check, int check, int verify)
 {
 	char *password;
 	int r = -EINVAL, retry_count;
@@ -990,11 +1007,15 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
 		set_int_handler(0);
 		r = crypt_get_key(msg, &password, &passwordLen,
 			0, 0, NULL /*opt_key_file*/,
-			0, 0, cd);
+			0, verify, cd);
 		if (r < 0)
 			return r;
-		if (quit)
+		if (quit) {
+			crypt_safe_free(password);
+			password = NULL;
+			passwordLen = 0;
 			return -EAGAIN;
+		}
 
 		/* library uses sigint internally, until it is fixed...*/
 		set_int_block(1);
@@ -1077,7 +1098,7 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	log_dbg("Passhrases initialization.");
 
 	if (rc->reencrypt_mode == ENCRYPT && !rc->in_progress) {
-		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0);
+		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0, 1);
 		return r > 0 ? 0 : r;
 	}
 
@@ -1099,14 +1120,14 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	} else if (rc->in_progress ||
 		   opt_key_slot != CRYPT_ANY_SLOT ||
 		   rc->reencrypt_mode == DECRYPT) {
-		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1);
+		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1, 0);
 	} else for (i = 0; i < MAX_SLOT; i++) {
 		ki = crypt_keyslot_status(cd, i);
 		if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
 			continue;
 
 		snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), i);
-		r = init_passphrase1(rc, cd, msg, i, 1);
+		r = init_passphrase1(rc, cd, msg, i, 1, 0);
 		if (r < 0)
 			break;
 	}
@@ -1119,7 +1140,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 {
 	log_dbg("Initialising reencryption context.");
 
-	rc->log_fd =-1;
+	rc->log_fd = -1;
 
 	if (!(rc->device = strndup(device, PATH_MAX)))
 		return -ENOMEM;
@@ -1159,6 +1180,12 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 	}
 
 	if (!rc->in_progress) {
+		if (opt_uuid) {
+			log_err(_("No decryption in progress, provided UUID can "
+			"be used only to resume suspended decryption process.\n"));
+			return -EINVAL;
+		}
+
 		if (!opt_reduce_size)
 			rc->reencrypt_direction = FORWARD;
 		else {
@@ -1186,10 +1213,7 @@ static void destroy_context(struct reenc_ctx *rc)
 	close_log(rc);
 	remove_headers(rc);
 
-	if ((rc->reencrypt_direction == FORWARD &&
-	     rc->device_offset == rc->device_size) ||
-	    (rc->reencrypt_direction == BACKWARD &&
-	     (rc->device_offset == 0 || rc->device_offset == (uint64_t)~0))) {
+	if (!rc->stained) {
 		unlink(rc->log_file);
 		unlink(rc->header_file_org);
 		unlink(rc->header_file_new);
@@ -1205,7 +1229,9 @@ static void destroy_context(struct reenc_ctx *rc)
 static int run_reencrypt(const char *device)
 {
 	int r = -EINVAL;
-	static struct reenc_ctx rc = {};
+	static struct reenc_ctx rc = {
+		.stained = 1
+	};
 
 	if (initialize_context(&rc, device))
 		goto out;
@@ -1231,7 +1257,7 @@ static int run_reencrypt(const char *device)
 				goto out;
 		}
 	} else {
-		if ((r = initialize_passphrase(&rc, rc.header_file_new)))
+		if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new)))
 			goto out;
 	}
 
@@ -1248,6 +1274,8 @@ static int run_reencrypt(const char *device)
 	// FIXME: fix error path above to not skip this
 	if (rc.reencrypt_mode != DECRYPT)
 		r = restore_luks_header(&rc);
+	else
+		rc.stained = 0;
 out:
 	destroy_context(&rc);
 	return r;
@@ -1301,6 +1329,7 @@ int main(int argc, const char **argv)
 		{ "device-size",       '\0', POPT_ARG_STRING, &opt_device_size_str,     0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
 		{ "new",               'N',  POPT_ARG_NONE, &opt_new,                   0, N_("Create new header on not encrypted device."), NULL },
 		{ "decrypt",           '\0', POPT_ARG_NONE, &opt_decrypt,               0, N_("Permanently decrypt device (remove encryption)."), NULL },
+		{ "uuid",              '\0', POPT_ARG_STRING, &opt_uuid,                0, N_("The uuid used to resume decryption."), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
@@ -1401,6 +1430,10 @@ int main(int argc, const char **argv)
 		usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."),
 		      poptGetInvocationName(popt_context));
 
+	if (opt_uuid && !opt_decrypt)
+		usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

src/utils_password.c

@@ -1,8 +1,8 @@
 /*
  * Password quality check wrapper
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

src/utils_tools.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -206,7 +206,7 @@ const char *uuid_or_device(const char *spec)
 		strcpy(device, "/dev/disk/by-uuid/");
 		ptr = &device[strlen(device)];
 		i = uuid_len;
-		while ((s = spec[i++]) && i < PATH_MAX) {
+		while ((s = spec[i++]) && i < (PATH_MAX - 13)) {
 			if (!isxdigit(s) && s != '-')
 				return spec; /* Bail it out */
 			if (isalpha(s))
@@ -319,7 +319,7 @@ int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
 	}
 
 	tmp = *size * mult;
-	if ((tmp / *size) != mult) {
+	if (*size && (tmp / *size) != mult) {
 		log_dbg("Device size overflow.");
 		return -EINVAL;
 	}

src/veritysetup.c

@@ -1,8 +1,8 @@
 /*
  * veritysetup - setup cryptographic volumes for dm-verity
  *
- * Copyright (C) 2012-2013, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2013, Milan Broz
+ * Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2017, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -33,6 +33,9 @@ static uint64_t data_blocks = 0;
 static const char *salt_string = NULL;
 static uint64_t hash_offset = 0;
 static const char *opt_uuid = NULL;
+static int opt_restart_on_corruption = 0;
+static int opt_ignore_corruption = 0;
+static int opt_ignore_zero_blocks = 0;
 
 static int opt_version_mode = 0;
 
@@ -127,6 +130,13 @@ static int _activate(const char *dm_device,
 	if ((r = crypt_init(&cd, hash_device)))
 		goto out;
 
+	if (opt_ignore_corruption)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+	if (opt_restart_on_corruption)
+		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+	if (opt_ignore_zero_blocks)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+
 	if (use_superblock) {
 		params.flags = flags;
 		params.hash_area_offset = hash_offset;
@@ -273,6 +283,14 @@ static int action_status(int arg)
 		}
 		log_std("  hash offset: %" PRIu64 " sectors\n",
 			vp.hash_area_offset * vp.hash_block_size / 512);
+
+		if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+				 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+				 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS))
+			log_std("  flags:       %s%s%s\n",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks" : "");
 	}
 out:
 	crypt_free(cd);
@@ -383,6 +401,9 @@ int main(int argc, const char **argv)
 		{ "hash",            'h',  POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
 		{ "salt",            's',  POPT_ARG_STRING, &salt_string,    0, N_("Salt"), N_("hex string") },
 		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use."), NULL },
+		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
+		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
+		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
 		POPT_TABLEEND
 	};
 
@@ -468,6 +489,16 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 	}
 
+	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "create"))
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for create operation.\n"),
+		poptGetInvocationName(popt_context));
+
+	if (opt_ignore_corruption && opt_restart_on_corruption)
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

tests/align-test

@@ -14,8 +14,10 @@ cleanup() {
 	    rmdir $MNT_DIR 2>/dev/null
 	fi
 	[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove $DEV_STACKED >/dev/null 2>&1
+	# FIXME scsi_debug sometimes in-use here
+	sleep 1
 	rmmod scsi_debug 2>/dev/null
-	sleep 2
+	sleep 1
 }
 
 fail()
@@ -141,7 +143,7 @@ cleanup
 
 echo "# Create enterprise-class 4K drive"
 echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format 256 4096
 format 256 2560 8
 format 128 2048
@@ -187,7 +189,7 @@ format_null 512 4096 2048
 cleanup
 
 echo "# Offset check: 4096B sector drive"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format_null  64 2048    0 8:72:136:200:264:328:392:456
 format_null  64  520    1
 format_null  64  520    8
@@ -213,7 +215,7 @@ cleanup
 echo "# Create enterprise-class 4K drive with fs and LUKS images."
 # loop device here presents 512 block but images have 4k block
 # cryptsetup should properly use 4k block on direct-io
-add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
 for file in $(ls img_fs_*.img.bz2) ; do
     echo "Format using fs image $file."
     bzip2 -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"

tests/api-test.c

@@ -417,16 +417,8 @@ static int _setup(void)
 	if (_system(cmd, 1))
 		return 1;
 
-	if (!THE_LOOP_DEV)
-		THE_LOOP_DEV = crypt_loop_get_device();
-	if (!THE_LOOP_DEV) {
-		printf("Cannot find free loop device.\n");
-		return 1;
-	}
-	if (crypt_loop_device(THE_LOOP_DEV)) {
-		fd = crypt_loop_attach(THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
-		close(fd);
-	}
+	fd = crypt_loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
+	close(fd);
 
 	tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
 	if ((fd=mkstemp(tmp_file_1)) == -1) {
@@ -441,34 +433,15 @@ static int _setup(void)
 
 	_system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
 	_system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
-	if (!DEVICE_1)
-		DEVICE_1 = crypt_loop_get_device();
-	if (!DEVICE_1) {
-		printf("Cannot find free loop device.\n");
-		return 1;
-	}
-	if (crypt_loop_device(DEVICE_1)) {
-		_system(" [ ! -e " IMAGE1 " ] && bzip2 -dk " IMAGE1 ".bz2", 1);
-		fd = crypt_loop_attach(DEVICE_1, IMAGE1, 0, 0, &ro);
-		close(fd);
-	}
-	if (!DEVICE_2)
-		DEVICE_2 = crypt_loop_get_device();
-	if (!DEVICE_2) {
-		printf("Cannot find free loop device.\n");
-		return 1;
-	}
-	if (crypt_loop_device(DEVICE_2)) {
-		_system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4 2>/dev/null", 1);
-		fd = crypt_loop_attach(DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
-		close(fd);
-	}
-	if (!DEVICE_3)
-		DEVICE_3 = crypt_loop_get_device();
-	if (!DEVICE_3) {
-		printf("Cannot find free loop device.\n");
-		return 1;
-	}
+
+	_system(" [ ! -e " IMAGE1 " ] && bzip2 -dk " IMAGE1 ".bz2", 1);
+	fd = crypt_loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
+	close(fd);
+
+	_system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4 2>/dev/null", 1);
+	fd = crypt_loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
+	close(fd);
+
 	/* Keymaterial offset is less than 8 sectors */
 	_system(" [ ! -e " EVL_HEADER_1 " ] && bzip2 -dk " EVL_HEADER_1 ".bz2", 1);
 	/* keymaterial offset aims into payload area */
@@ -1522,7 +1495,7 @@ static void LuksHeaderBackup(void)
 	crypt_free(cd);
 
 	// exercise luksOpen using backup header on block device
-	fd = crypt_loop_attach(DEVICE_3, BACKUP_FILE, 0, 0, &ro);
+	fd = crypt_loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro);
 	close(fd);
 	OK_(fd < 0);
 	OK_(crypt_init(&cd, DEVICE_3));
@@ -1808,6 +1781,8 @@ static void VerityTest(void)
 	/* hash fail */
 	root_hash[1] = ~root_hash[1];
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	/* Be sure there was some read activity to mark device corrupted. */
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));
@@ -1816,6 +1791,7 @@ static void VerityTest(void)
 	/* data fail */
 	OK_(crypt_set_data_device(cd, DEVICE_1));
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));

tests/compat-test

@@ -327,6 +327,8 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
 echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d - $KEY2 || fail
 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
 
 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
@@ -355,6 +357,12 @@ $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
+# if password or keyfile is provided, batch mode must not suppress it
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
 # kill slot using passphrase from 1
 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail

tests/luks1-compat-test

@@ -61,7 +61,7 @@ if [ $(id -u) != 0 ]; then
 fi
 
 test_required
-[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner
 
 echo "ACTIVATION FS UUID CHECK"
 for file in $(ls $TST_DIR/luks1_*) ; do

tests/tcrypt-compat-test

@@ -67,7 +67,7 @@ function test_required()
 test_required
 export LANG=C
 
-[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2 --no-same-owner
 
 echo "HEADER CHECK"
 for file in $(ls $TST_DIR/[tv]c_*) ; do

tests/verity-compat-test

@@ -55,6 +55,18 @@ function check_exists()
 	[ -b /dev/mapper/$DEV_NAME ] || fail
 }
 
+function check_version()
+{
+        VER_STR=$(dmsetup targets | grep verity | cut -f 3 -dv)
+        VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+        VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+
+        # option supported in 1.3
+        test $VER_MAJ -gt 1 && return 0
+        test $VER_MIN -ge 3 && return 0
+        return 1
+}
+
 function compare_out() # $1 what, $2 expected
 {
 	OPT=$(grep -v "^#" $DEV_OUT | grep -i "$1" | sed -e s/.*\:\ // )
@@ -78,7 +90,7 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	if [ $sb == yes ] ; then
 		VERIFY_PARAMS=""
 	else
-		FORMAT_PAFAMS="$FORMAT_PARAMS --no-superlock"
+		FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
 		VERIFY_PARAMS=$FORMAT_PARAMS
 	fi
 
@@ -132,6 +144,21 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	done
 }
 
+function check_option() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, $6 CLI option, $7 status option
+{
+	DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
+	FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
+
+	echo -n "Option $6 "
+	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >/dev/null 2>&1 || fail
+	$VERITYSETUP create $DEV_NAME $DEV_PARAMS $2 $6 >/dev/null 2>&1 || fail
+	check_exists
+	$VERITYSETUP status $DEV_NAME 2>/dev/null | grep flags | grep -q $7 || fail
+	dmsetup table $DEV_NAME 2>/dev/null | grep -q $7 || fail
+	$VERITYSETUP remove $DEV_NAME >/dev/null 2>&1 || fail
+	echo "[OK]"
+}
+
 function valgrind_setup()
 {
 	which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
@@ -144,6 +171,31 @@ function valgrind_run()
 	INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${VERITYSETUP} "$@"
 }
 
+function checkOffsetBug() # $1 size, $2 hash-offset, $3 data-blocks
+{
+	echo -n "Size :: $1 B | Hash-offset :: $2 blocks | Data-blocks :: $3 "
+	dd if=/dev/zero of=$IMG bs=1 count=0 seek=$1 >/dev/null 2>&1
+	$VERITYSETUP --data-blocks=$3 --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1 || fail "Test [hash-offset greater than 2G] failed"
+	echo "[OK]"
+	remove_mapping
+}
+function checkOverlapBug() # $1 size, $2 hash-offset, $3 data-blocks
+{
+	echo -n "Size :: $1 B | Hash-offset :: $2 blocks | "
+
+	dd if=/dev/zero of=$IMG bs=1 count=0 seek=$1 >/dev/null 2>&1
+	if [ -z $3 ] ; then
+	  # veritysetup must fail
+	  $VERITYSETUP --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1 && fail "Test [overlap with option \"--data-blocks\" not entered] failed"
+	else
+	  $VERITYSETUP --data-blocks=$3 --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1 || fail "Test [overlap with option \"--data-blocks\" entered] failed"
+	  RET=$?
+	  [ "$3" -gt "$(($2 / 4096))" ] && [ "$RET" -eq "0" ] && fail "Test [overlap - hash-offset in data area] failed"
+	fi
+	echo "[OK]"
+	remove_mapping
+}
+
 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
 [ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped."
 
@@ -181,5 +233,25 @@ check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4
 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
 
+
+if check_version ; then
+	echo "Verity data corruption options test."
+	SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
+	HASH=9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
+	prepare 8192 1024
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption" "ignore_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--restart-on-corruption" "restart_on_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-zero-blocks" "ignore_zero_blocks"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption --ignore-zero-blocks" "ignore_corruption"
+fi
+
+echo "Veritysetup [hash-offset bigger than 2G works] "
+checkOffsetBug 3000000000 2499997696 256
+checkOffsetBug 10000000000 8000000000 128
+
+echo "Veritysetup [overlap-detection] "
+checkOverlapBug 2097152 1433600
+checkOverlapBug 2097152 1433600 350
+
 remove_mapping
 exit 0