Version 2.3.2.

accurately now.

.gitlab/issue_templates/Bug.md

@@ -0,0 +1,15 @@
+### Issue description
+<!-- Please, shortly describe the issue here. -->
+
+### Steps for reproducing the issue
+<!-- How it can be reproduced? Include all important steps. -->
+
+### Additional info
+<!-- Please mention what distribution you are using. -->
+
+### Debug log
+<!-- Paste a debug log of the failing command (add --debug option) between the markers below (to keep raw debug format).-->
+```
+Output with --debug option:
+
+```

.gitlab/issue_templates/Documentation.md

@@ -0,0 +1,5 @@
+### Documentation issue
+<!-- Please, shortly describe the issue in documentation here. -->
+
+### Additional info
+<!-- Please mention what cryptsetup version you are using. -->

.gitlab/issue_templates/Feature.md

@@ -0,0 +1,5 @@
+### New feature description
+<!-- Please, shortly describe the requested feature here. -->
+
+### Additional info
+<!-- Please mention what distribution and cryptsetup version you are using. -->

README.md

@@ -6,7 +6,7 @@ What the ...?
 on the [DMCrypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.
 
 These include **plain** **dm-crypt** volumes, **LUKS** volumes, **loop-AES**,
-**TrueCrypt** (including **VeraCrypt** extension) and BitLocker formats.
+**TrueCrypt** (including **VeraCrypt** extension) and **BitLocker** formats.
 
 The project also includes a **veritysetup** utility used to conveniently setup
 [DMVerity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) block integrity checking kernel module
@@ -44,22 +44,19 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest testing cryptsetup version is 2.3.0-rc0**
-  * [cryptsetup-2.3.0-rc0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.0-rc0.tar.xz)
-  * Signature [cryptsetup-2.3.0-rc0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.0-rc0.tar.sign)
+**The latest stable cryptsetup version is 2.3.1**
+  * [cryptsetup-2.3.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.xz)
+  * Signature [cryptsetup-2.3.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.3.0-rc0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.0-rc0-ReleaseNotes).
-
-**The latest stable cryptsetup version is 2.2.2**
-  * [cryptsetup-2.2.2.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.xz)
-  * Signature [cryptsetup-2.2.2.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.sign)
-    _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.2.2 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/v2.2.2-ReleaseNotes).
+  * [Cryptsetup 2.3.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.1-ReleaseNotes).
 
 Previous versions
- * [Version 2.2.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.1.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.1.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/v2.2.0-ReleaseNotes).
+ * [Version 2.3.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.0.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.0.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.0-ReleaseNotes).
+ * [Version 2.2.2](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/v2.2.2-ReleaseNotes).
  * [Version 2.0.6](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.xz) -
    [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.sign) -
    [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.6-ReleaseNotes).

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.3.0])
+AC_INIT([cryptsetup],[2.3.2])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@ -33,6 +33,7 @@ AC_PROG_MAKE_SET
 AC_ENABLE_STATIC(no)
 LT_INIT
 PKG_PROG_PKG_CONFIG
+AM_ICONV
 
 dnl ==========================================================================
 dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
@@ -59,6 +60,12 @@ AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
 	sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
+AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
+[[
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+]])
 
 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
@@ -348,6 +355,7 @@ AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([dm_task_deferred_remove], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([dm_device_has_mounted_fs], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([dm_device_has_holders], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_device_get_name], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([DM_DEVICE_GET_TARGET_VERSION], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
 if test "x$enable_udev" = xyes; then

docs/v2.3.1-ReleaseNotes

@@ -0,0 +1,45 @@
+Cryptsetup 2.3.1 Release Notes
+==============================
+Stable bug-fix release.
+
+All users of cryptsetup 2.x should upgrade to this version.
+
+Changes since version 2.3.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Support VeraCrypt 128 bytes passwords.
+  VeraCrypt now allows passwords of maximal length 128 bytes
+  (compared to legacy TrueCrypt where it was limited by 64 bytes).
+
+* Strip extra newline from BitLocker recovery keys
+  There might be a trailing newline added by the text editor when
+  the recovery passphrase was passed using the --key-file option.
+
+* Detect separate libiconv library.
+  It should fix compilation issues on distributions with iconv
+  implemented in a separate library.
+
+* Various fixes and workarounds to build on old Linux distributions.
+
+* Split lines with hexadecimal digest printing for large key-sizes.
+
+* Do not wipe the device with no integrity profile.
+  With --integrity none we performed useless full device wipe.
+
+* Workaround for dm-integrity kernel table bug.
+  Some kernels show an invalid dm-integrity mapping table
+  if superblock contains the "recalculate" bit. This causes
+  integritysetup to not recognize the dm-integrity device.
+  Integritysetup now specifies kernel options such a way that
+  even on unpatched kernels mapping table is correct.
+
+* Print error message if LUKS1 keyslot cannot be processed.
+  If the crypto backend is missing support for hash algorithms
+  used in PBKDF2, the error message was not visible.
+
+* Properly align LUKS2 keyslots area on conversion.
+  If the LUKS1 payload offset (data offset) is not aligned
+  to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
+
+* Validate LUKS2 earlier on conversion to not corrupt the device
+  if binary keyslots areas metadata are not correct.

docs/v2.3.2-ReleaseNotes

@@ -0,0 +1,42 @@
+Cryptsetup 2.3.2 Release Notes
+==============================
+Stable bug-fix release.
+
+All users of cryptsetup 2.x should upgrade to this version.
+
+Changes since version 2.3.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Support compilation with json-c library version 0.14.
+
+* Update FAQ document for some LUKS2 specific information.
+
+* Add option to dump content of LUKS2 unbound keyslot:
+    cryptsetup luksDump --unbound -S <slot> <device>
+  or optionally with --master-key-file option.
+
+  The slot number --key-slot (-S) option is mandatory here.
+
+  An unbound keyslot store a key is that is not assigned to data
+  area on disk (LUKS2 allows to store arbitrary keys).
+
+* Rephrase some error messages and remove redundant end-of-lines.
+
+* Add support for discards (TRIM) for standalone dm-integrity devices.
+  Linux kernel 5.7 adds support for optional discard/TRIM operation
+  over dm-integrity devices.
+
+  It is now supported through --allow-discards integritysetup option.
+  Note you need to add this flag in all activation calls.
+
+  Note that this option cannot be used for LUKS2 authenticated encryption
+  (that uses dm-integrity for storing additional per-sector metadata).
+
+* Fix cryptsetup-reencrypt to work on devices that do not allow
+  direct-io device access.
+
+* Fix a crash in the BitLocker-compatible code error path.
+
+* Fix Veracrypt compatible support for longer (>64 bytes) passphrases.
+  It allows some older images to be correctly opened again.
+  The issue was introduced in version 2.3.1.

lib/Makemodule.am

@@ -40,6 +40,7 @@ libcryptsetup_la_LIBADD = \
 	@LIBARGON2_LIBS@	\
 	@JSON_C_LIBS@		\
 	@BLKID_LIBS@		\
+	$(LTLIBICONV)		\
 	libcrypto_backend.la	\
 	libutils_io.la
 
@@ -76,7 +77,7 @@ libcryptsetup_la_SOURCES = \
 	lib/base64.h			\
 	lib/base64.c			\
 	lib/integrity/integrity.h	\
-	lib/integrity/integrity.c       \
+	lib/integrity/integrity.c	\
 	lib/loopaes/loopaes.h		\
 	lib/loopaes/loopaes.c		\
 	lib/tcrypt/tcrypt.h		\
@@ -92,7 +93,7 @@ libcryptsetup_la_SOURCES = \
 	lib/verity/verity.h		\
 	lib/verity/rs_encode_char.c	\
 	lib/verity/rs_decode_char.c	\
-	lib/verity/rs.h                 \
+	lib/verity/rs.h		\
 	lib/luks2/luks2_disk_metadata.c	\
 	lib/luks2/luks2_json_format.c	\
 	lib/luks2/luks2_json_metadata.c	\

lib/bitlk/bitlk.c

@@ -22,7 +22,6 @@
 
 #include <errno.h>
 #include <string.h>
-#include <fcntl.h>
 #include <uuid/uuid.h>
 #include <time.h>
 #include <iconv.h>
@@ -291,7 +290,7 @@ static int passphrase_to_utf16(struct crypt_device *cd, char *input, size_t inle
 		*out = outbuf;
 	} else {
 		*out = NULL;
-		free(outbuf);
+		crypt_safe_free(outbuf);
 		log_dbg(cd, "Failed to convert passphrase: %s", strerror(errno));
 		r = -errno;
 	}
@@ -789,8 +788,14 @@ static int get_recovery_key(struct crypt_device *cd,
 	    - 8 groups of 6 divided by '-'
 	    - each part is a number dividable by 11
 	*/
-	if (passwordLen != BITLK_RECOVERY_KEY_LEN)
-		return 0;
+	if (passwordLen != BITLK_RECOVERY_KEY_LEN) {
+                if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') {
+                        /* looks like a recovery key with an extra newline, possibly from a key file */
+                        passwordLen--;
+                        log_dbg(cd, "Possible extra EOL stripped from the recovery key.");
+                } else
+                        return 0;
+        }
 
 	for (i = BITLK_RECOVERY_PART_LEN; i < passwordLen; i += BITLK_RECOVERY_PART_LEN + 1) {
 		if (password[i] != '-')

lib/crypto_backend/cipher_check.c

@@ -23,6 +23,10 @@
 #include <time.h>
 #include "crypto_backend_internal.h"
 
+#ifndef CLOCK_MONOTONIC_RAW
+#define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC
+#endif
+
 /*
  * This is not simulating storage, so using disk block causes extreme overhead.
  * Let's use some fixed block size where results are more reliable...

lib/crypto_backend/cipher_generic.c

@@ -51,6 +51,7 @@ static const struct cipher_alg cipher_algs[] = {
 	{ "paes",        NULL, 16,  true }, /* protected AES, s390 wrapped key scheme */
 	{ "xchacha12,aes", "adiantum", 32, false },
 	{ "xchacha20,aes", "adiantum", 32, false },
+	{ "sm4",         NULL, 16, false },
 	{ NULL,          NULL,  0, false }
 };
 
@@ -72,7 +73,13 @@ int crypt_cipher_ivsize(const char *name, const char *mode)
 {
 	const struct cipher_alg *ca = _get_alg(name, mode);
 
-	return ca ? ca->blocksize : -EINVAL;
+	if (!ca)
+		return -EINVAL;
+
+	if (mode && !strcasecmp(mode, "ecb"))
+		return 0;
+
+	return ca->blocksize;
 }
 
 int crypt_cipher_wrapped_key(const char *name, const char *mode)

lib/crypto_backend/crypto_backend.h

@@ -26,13 +26,12 @@
 #include <stddef.h>
 #include <string.h>
 
-struct crypt_device;
 struct crypt_hash;
 struct crypt_hmac;
 struct crypt_cipher;
 struct crypt_storage;
 
-int crypt_backend_init(struct crypt_device *ctx);
+int crypt_backend_init(void);
 void crypt_backend_destroy(void);
 
 #define CRYPT_BACKEND_KERNEL (1 << 0)	/* Crypto uses kernel part, for benchmark */

lib/crypto_backend/crypto_gcrypt.c

@@ -89,7 +89,7 @@ static void crypt_hash_test_whirlpool_bug(void)
 		crypto_backend_whirlpool_bug = 1;
 }
 
-int crypt_backend_init(struct crypt_device *ctx)
+int crypt_backend_init(void)
 {
 	if (crypto_backend_initialised)
 		return 0;

lib/crypto_backend/crypto_kernel.c

@@ -110,7 +110,7 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op
 	return 0;
 }
 
-int crypt_backend_init(struct crypt_device *ctx)
+int crypt_backend_init(void)
 {
 	struct utsname uts;
 	struct sockaddr_alg sa = {

lib/crypto_backend/crypto_nettle.c

@@ -213,7 +213,7 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }
 
-int crypt_backend_init(struct crypt_device *ctx)
+int crypt_backend_init(void)
 {
 	return 0;
 }

lib/crypto_backend/crypto_nss.c

@@ -75,7 +75,7 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }
 
-int crypt_backend_init(struct crypt_device *ctx)
+int crypt_backend_init(void)
 {
 	if (crypto_backend_initialised)
 		return 0;

lib/crypto_backend/crypto_openssl.c

@@ -121,7 +121,7 @@ static const char *openssl_backend_version(void)
 }
 #endif
 
-int crypt_backend_init(struct crypt_device *ctx)
+int crypt_backend_init(void)
 {
 	if (crypto_backend_initialised)
 		return 0;

lib/crypto_backend/pbkdf_check.c

@@ -27,6 +27,10 @@
 #include <sys/resource.h>
 #include "crypto_backend.h"
 
+#ifndef CLOCK_MONOTONIC_RAW
+#define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC
+#endif
+
 #define BENCH_MIN_MS 250
 #define BENCH_MIN_MS_FAST 10
 #define BENCH_PERCENT_ATLEAST 95

lib/integrity/integrity.c

@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <fcntl.h>
 #include <uuid/uuid.h>
 
 #include "integrity.h"
@@ -213,7 +212,7 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd,
 		       struct volume_key *journal_crypt_key,
 		       struct volume_key *journal_mac_key,
 		       struct crypt_dm_active_device *dmd,
-		       uint32_t flags)
+		       uint32_t flags, uint32_t sb_flags)
 {
 	int r;
 
@@ -224,6 +223,10 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd,
 		.flags = flags,
 	};
 
+	/* Workaround for kernel dm-integrity table bug */
+	if (sb_flags & SB_FLAG_RECALCULATING)
+		dmd->flags |= CRYPT_ACTIVATE_RECALCULATE;
+
 	r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd),
 				   crypt_get_data_offset(cd) * SECTOR_SIZE, &dmd->size);
 	if (r < 0)
@@ -287,7 +290,8 @@ int INTEGRITY_activate(struct crypt_device *cd,
 		       uint32_t flags, uint32_t sb_flags)
 {
 	struct crypt_dm_active_device dmd = {};
-	int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key, journal_mac_key, &dmd, flags);
+	int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key,
+					    journal_mac_key, &dmd, flags, sb_flags);
 
 	if (r < 0)
 		return r;

lib/integrity/integrity.h

@@ -91,7 +91,7 @@ int INTEGRITY_create_dmd_device(struct crypt_device *cd,
 		       struct volume_key *journal_crypt_key,
 		       struct volume_key *journal_mac_key,
 		       struct crypt_dm_active_device *dmd,
-		       uint32_t flags);
+		       uint32_t flags, uint32_t sb_flags);
 
 int INTEGRITY_activate_dmd_device(struct crypt_device *cd,
 		       const char *name,

lib/internal.h

@@ -30,6 +30,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <inttypes.h>
+#include <fcntl.h>
 
 #include "nls.h"
 #include "bitops.h"
@@ -77,6 +78,10 @@
 		*_py = NULL; \
 	} while (0)
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 struct crypt_device;
 struct luks2_reenc_context;
 

lib/libdevmapper.c

@@ -27,7 +27,6 @@
 #include <dirent.h>
 #include <errno.h>
 #include <libdevmapper.h>
-#include <fcntl.h>
 #include <linux/fs.h>
 #include <uuid/uuid.h>
 #include <sys/stat.h>
@@ -231,6 +230,9 @@ static void _dm_set_integrity_compat(struct crypt_device *cd,
 	if (_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch))
 		_dm_flags |= DM_INTEGRITY_FIX_PADDING_SUPPORTED;
 
+	if (_dm_satisfies_version(1, 6, 0, integrity_maj, integrity_min, integrity_patch))
+		_dm_flags |= DM_INTEGRITY_DISCARDS_SUPPORTED;
+
 	_dm_integrity_checked = true;
 }
 
@@ -901,6 +903,12 @@ static char *get_dm_integrity_params(const struct dm_target *tgt, uint32_t flags
 		strncat(features, feature, sizeof(features) - strlen(features) - 1);
 	}
 
+	if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) {
+		num_options++;
+		snprintf(feature, sizeof(feature), "allow_discards ");
+		strncat(features, feature, sizeof(features) - strlen(features) - 1);
+	}
+
 	if (tgt->u.integrity.meta_device) {
 		num_options++;
 		snprintf(feature, sizeof(feature), "meta_device:%s ",
@@ -1633,6 +1641,10 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	    !(dmt_flags & DM_INTEGRITY_RECALC_SUPPORTED))
 		log_err(cd, _("Requested automatic recalculation of integrity tags is not supported."));
 
+	if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
+	    !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED))
+		log_err(cd, _("Discard/TRIM is not supported."));
+
 	if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) &&
 	    !(dmt_flags & DM_INTEGRITY_BITMAP_SUPPORTED))
 		log_err(cd, _("Requested dm-integrity bitmap mode is not supported."));
@@ -1665,6 +1677,9 @@ int dm_reload_device(struct crypt_device *cd, const char *name,
 		if ((dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
 		    !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & DM_DISCARDS_SUPPORTED))
 			log_err(cd, _("Discard/TRIM is not supported."));
+		if ((dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
+		    !dm_flags(cd, DM_INTEGRITY, &dmt_flags) && !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED))
+			log_err(cd, _("Discard/TRIM is not supported."));
 	}
 
 	if (!r && resume)
@@ -2398,6 +2413,8 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 				*act_flags |= CRYPT_ACTIVATE_RECALCULATE;
 			} else if (!strcmp(arg, "fix_padding")) {
 				tgt->u.integrity.fix_padding = true;
+			} else if (!strcmp(arg, "allow_discards")) {
+				*act_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
 			} else /* unknown option */
 				goto err;
 		}
@@ -2643,6 +2660,7 @@ int dm_query_device(struct crypt_device *cd, const char *name,
 
 static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps, char **names, size_t names_offset, size_t names_length)
 {
+#if HAVE_DECL_DM_DEVICE_GET_NAME
 	struct crypt_dm_active_device dmd;
 	char dmname[PATH_MAX];
 	unsigned i;
@@ -2681,6 +2699,9 @@ static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_
 	}
 
 	return count;
+#else
+	return -EINVAL;
+#endif
 }
 
 int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, char **names, size_t names_length)

lib/loopaes/loopaes.c

@@ -81,7 +81,7 @@ static int hash_keys(struct crypt_device *cd,
 	const char *hash_name;
 	char tweak, *key_ptr;
 	unsigned int i;
-	int r;
+	int r = 0;
 
 	hash_name = hash_override ?: get_hash(key_len_output);
 	tweak = get_tweak(keys_count);

lib/luks1/keyencryption.c

@@ -22,7 +22,6 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <sys/stat.h>
 #include "luks.h"

lib/luks1/keymanage.c

@@ -23,7 +23,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <netinet/in.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -987,8 +986,10 @@ static int LUKS_open_key(unsigned int keyIndex,
 			hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
 			derived_key->key, hdr->keyBytes,
 			hdr->keyblock[keyIndex].passwordIterations, 0, 0);
-	if (r < 0)
+	if (r < 0) {
+		log_err(ctx, _("Cannot open keyslot (using hash %s)."), hdr->hashSpec);
 		goto out;
+	}
 
 	log_dbg(ctx, "Reading key slot %d area.", keyIndex);
 	r = LUKS_decrypt_from_storage(AfKey,

lib/luks2/luks2_internal.h

@@ -23,7 +23,6 @@
 #define _CRYPTSETUP_LUKS2_INTERNAL_H
 
 #include <stdio.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <json-c/json.h>
 
@@ -59,9 +58,9 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
 void hexprint_base64(struct crypt_device *cd, json_object *jobj,
 		     const char *sep, const char *line_sep);
 
-uint64_t json_object_get_uint64(json_object *jobj);
-uint32_t json_object_get_uint32(json_object *jobj);
-json_object *json_object_new_uint64(uint64_t value);
+uint64_t crypt_jobj_get_uint64(json_object *jobj);
+uint32_t crypt_jobj_get_uint32(json_object *jobj);
+json_object *crypt_jobj_new_uint64(uint64_t value);
 
 int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
 void json_object_object_del_by_uint(json_object *jobj, unsigned key);

lib/luks2/luks2_json_format.c

@@ -325,8 +325,8 @@ int LUKS2_generate_hdr(
 
 	json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
 
-	json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+	json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
+	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
 
 	JSON_DBG(cd, hdr->jobj, "Header JSON:");
 	return 0;
@@ -400,6 +400,6 @@ int LUKS2_set_keyslots_size(struct crypt_device *cd,
 	if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
 		return 1;
 
-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
 	return 0;
 }

lib/luks2/luks2_json_metadata.c

@@ -45,11 +45,11 @@ void hexprint_base64(struct crypt_device *cd, json_object *jobj,
 				 &buf, &buf_len))
 		return;
 
-	for (i = 0; i < buf_len / 2; i++)
-		log_std(cd, "%02hhx%s", buf[i], sep);
-	log_std(cd, "\n\t%s", line_sep);
-	for (i = buf_len / 2; i < buf_len; i++)
+	for (i = 0; i < buf_len; i++) {
+		if (i && !(i % 16))
+			log_std(cd, "\n\t%s", line_sep);
 		log_std(cd, "%02hhx%s", buf[i], sep);
+	}
 	log_std(cd, "\n");
 	free(buf);
 }
@@ -219,7 +219,7 @@ int LUKS2_get_default_segment(struct luks2_hdr *hdr)
  * json_type_int needs to be validated first.
  * See validate_json_uint32()
  */
-uint32_t json_object_get_uint32(json_object *jobj)
+uint32_t crypt_jobj_get_uint32(json_object *jobj)
 {
 	return json_object_get_int64(jobj);
 }
@@ -234,21 +234,21 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
 	tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
 	if (*endptr || errno) {
 		*value = 0;
-		return FALSE;
+		return 0;
 	}
 
 	*value = tmp;
-	return TRUE;
+	return 1;
 }
 
-uint64_t json_object_get_uint64(json_object *jobj)
+uint64_t crypt_jobj_get_uint64(json_object *jobj)
 {
 	uint64_t r;
 	json_str_to_uint64(jobj, &r);
 	return r;
 }
 
-json_object *json_object_new_uint64(uint64_t value)
+json_object *crypt_jobj_new_uint64(uint64_t value)
 {
 	/* 18446744073709551615 */
 	char num[21];
@@ -273,9 +273,9 @@ static json_bool numbered(struct crypt_device *cd, const char *name, const char
 	for (i = 0; key[i]; i++)
 		if (!isdigit(key[i])) {
 			log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
-			return FALSE;
+			return 0;
 		}
-	return TRUE;
+	return 1;
 }
 
 json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
@@ -300,7 +300,7 @@ json_bool validate_json_uint32(json_object *jobj)
 	errno = 0;
 	tmp = json_object_get_int64(jobj);
 
-	return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
+	return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
 }
 
 static json_bool validate_keyslots_array(struct crypt_device *cd,
@@ -313,17 +313,17 @@ static json_bool validate_keyslots_array(struct crypt_device *cd,
 		jobj = json_object_array_get_idx(jarr, i);
 		if (!json_object_is_type(jobj, json_type_string)) {
 			log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
-			return FALSE;
+			return 0;
 		}
 
 		if (!json_contains(cd, jobj_keys, "", "Keyslots section",
 				   json_object_get_string(jobj), json_type_object))
-			return FALSE;
+			return 0;
 
 		i++;
 	}
 
-	return TRUE;
+	return 1;
 }
 
 static json_bool validate_segments_array(struct crypt_device *cd,
@@ -336,17 +336,17 @@ static json_bool validate_segments_array(struct crypt_device *cd,
 		jobj = json_object_array_get_idx(jarr, i);
 		if (!json_object_is_type(jobj, json_type_string)) {
 			log_dbg(cd, "Illegal value type in segments array at index %d.", i);
-			return FALSE;
+			return 0;
 		}
 
 		if (!json_contains(cd, jobj_segments, "", "Segments section",
 				   json_object_get_string(jobj), json_type_object))
-			return FALSE;
+			return 0;
 
 		i++;
 	}
 
-	return TRUE;
+	return 1;
 }
 
 static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
@@ -357,10 +357,10 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
 		UNUSED(key);
 		json_object_object_get_ex(val, "segments", &jobj_segments);
 		if (LUKS2_array_jobj(jobj_segments, segment_name))
-			return TRUE;
+			return 1;
 	}
 
-	return FALSE;
+	return 0;
 }
 
 static json_bool validate_intervals(struct crypt_device *cd,
@@ -372,18 +372,18 @@ static json_bool validate_intervals(struct crypt_device *cd,
 	while (i < length) {
 		if (ix[i].offset < 2 * metadata_size) {
 			log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
-			return FALSE;
+			return 0;
 		}
 
 		if (!ix[i].length) {
 			log_dbg(cd, "Area length must be greater than zero.");
-			return FALSE;
+			return 0;
 		}
 
 		if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
 			log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
 				ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
-			return FALSE;
+			return 0;
 		}
 
 		for (j = 0; j < length; j++) {
@@ -393,14 +393,14 @@ static json_bool validate_intervals(struct crypt_device *cd,
 				log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
 					ix[i].offset, ix[i].offset + ix[i].length,
 					ix[j].offset, ix[j].offset + ix[j].length);
-				return FALSE;
+				return 0;
 			}
 		}
 
 		i++;
 	}
 
-	return TRUE;
+	return 1;
 }
 
 static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
@@ -455,7 +455,7 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
 
 	json = json_object_to_json_string_ext(hdr_jobj,
 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
-	json_area_size = json_object_get_uint64(jobj1);
+	json_area_size = crypt_jobj_get_uint64(jobj1);
 	json_size = (uint64_t)strlen(json);
 
 	if (hdr_json_size != json_area_size) {
@@ -543,7 +543,7 @@ static int hdr_validate_crypt_segment(struct crypt_device *cd,
 		return 1;
 	}
 
-	sector_size = json_object_get_uint32(jobj_sector_size);
+	sector_size = crypt_jobj_get_uint32(jobj_sector_size);
 	if (!sector_size || MISALIGNED_512(sector_size)) {
 		log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
 		return 1;
@@ -970,13 +970,16 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
 	return r;
 }
 
-int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr)
+static int hdr_cleanup_and_validate(struct crypt_device *cd, struct luks2_hdr *hdr)
 {
-	/* NOTE: is called before LUKS2 validation routines */
-	/* erase unused digests (no assigned keyslot or segment) */
 	LUKS2_digests_erase_unused(cd, hdr);
 
-	if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
+	return LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN);
+}
+
+int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr)
+{
+	if (hdr_cleanup_and_validate(cd, hdr))
 		return -EINVAL;
 
 	return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false);
@@ -984,11 +987,7 @@ int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr)
 
 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr)
 {
-	/* NOTE: is called before LUKS2 validation routines */
-	/* erase unused digests (no assigned keyslot or segment) */
-	LUKS2_digests_erase_unused(cd, hdr);
-
-	if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
+	if (hdr_cleanup_and_validate(cd, hdr))
 		return -EINVAL;
 
 	return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true);
@@ -1567,7 +1566,7 @@ static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
 		log_std(cd, "  %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : "");
 
 		if (json_object_object_get_ex(val, "key_size", &jobj2))
-			log_std(cd, "\tKey:        %u bits\n", json_object_get_uint32(jobj2) * 8);
+			log_std(cd, "\tKey:        %u bits\n", crypt_jobj_get_uint32(jobj2) * 8);
 
 		log_std(cd, "\tPriority:   %s\n", get_priority_desc(val));
 
@@ -1650,7 +1649,7 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
 			log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
 
 		if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
-			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", json_object_get_uint32(jobj1));
+			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
 
 		if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) &&
 		    json_object_object_get_ex(jobj1, "type", &jobj2))
@@ -1747,7 +1746,7 @@ int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
 			return 0;
 		}
 
-		tmp += json_object_get_uint64(jobj_size);
+		tmp += crypt_jobj_get_uint64(jobj_size);
 	}
 
 	/* impossible, real device size must not be zero */
@@ -2157,7 +2156,12 @@ int LUKS2_activate(struct crypt_device *cd,
 			return -EINVAL;
 		}
 
-		r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags);
+		if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) {
+			log_err(cd, _("Discard/TRIM is not supported."));
+			return -EINVAL;
+		}
+
+		r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags, 0);
 		if (r)
 			return r;
 

lib/luks2/luks2_keyslot.c

@@ -300,11 +300,11 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
 
 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
 		return -EINVAL;
-	*offset = json_object_get_uint64(jobj);
+	*offset = crypt_jobj_get_uint64(jobj);
 
 	if (!json_object_object_get_ex(jobj_area, "size", &jobj))
 		return -EINVAL;
-	*length = json_object_get_uint64(jobj);
+	*length = crypt_jobj_get_uint64(jobj);
 
 	return 0;
 }
@@ -835,8 +835,8 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 
 	/* Area object */
 	jobj_area = json_object_new_object();
-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
 	json_object_object_add(jobj_keyslot, "area", jobj_area);
 
 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);

lib/luks2/luks2_keyslot_luks2.c

@@ -220,7 +220,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
 
 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
 		return -EINVAL;
-	area_offset = json_object_get_uint64(jobj2);
+	area_offset = crypt_jobj_get_uint64(jobj2);
 
 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
 		return -EINVAL;
@@ -313,7 +313,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
 
 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
 		return -EINVAL;
-	area_offset = json_object_get_uint64(jobj2);
+	area_offset = crypt_jobj_get_uint64(jobj2);
 
 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
 		return -EINVAL;
@@ -494,8 +494,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 	/* Area object */
 	jobj_area = json_object_new_object();
 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
 	json_object_object_add(jobj_keyslot, "area", jobj_area);
 
 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
@@ -607,7 +607,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
 	log_std(cd, "\tCipher:     %s\n", json_object_get_string(jobj1));
 
 	json_object_object_get_ex(jobj_area, "key_size", &jobj1);
-	log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
+	log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
 
 	json_object_object_get_ex(jobj_kdf, "type", &jobj1);
 	log_std(cd, "\tPBKDF:      %s\n", json_object_get_string(jobj1));
@@ -617,7 +617,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
 		log_std(cd, "\tHash:       %s\n", json_object_get_string(jobj1));
 
 		json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
-		log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_uint64(jobj1));
+		log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
 	} else {
 		json_object_object_get_ex(jobj_kdf, "time", &jobj1);
 		log_std(cd, "\tTime cost:  %" PRIu64 "\n", json_object_get_int64(jobj1));
@@ -640,10 +640,10 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
 	log_std(cd, "\tAF hash:    %s\n", json_object_get_string(jobj1));
 
 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
 
 	json_object_object_get_ex(jobj_area, "size", &jobj1);
-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
 
 	return 0;
 }

lib/luks2/luks2_keyslot_reenc.c

@@ -67,13 +67,13 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
 
 	if (params->data_shift) {
 		json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
-		json_object_object_add(jobj_area, "shift_size", json_object_new_uint64(params->data_shift << SECTOR_SHIFT));
+		json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
 	} else
 		/* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
 		json_object_object_add(jobj_area, "type", json_object_new_string("none"));
 
-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
 
 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
 	json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
@@ -113,8 +113,8 @@ static int reenc_keyslot_store_data(struct crypt_device *cd,
 	    !json_object_object_get_ex(jobj_area, "size", &jobj_length))
 		return -EINVAL;
 
-	area_offset = json_object_get_uint64(jobj_offset);
-	area_length = json_object_get_uint64(jobj_length);
+	area_offset = crypt_jobj_get_uint64(jobj_offset);
+	area_length = crypt_jobj_get_uint64(jobj_length);
 
 	if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length))
 		return -EINVAL;
@@ -242,14 +242,14 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)
 		log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1));
 	} else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) {
 		json_object_object_get_ex(jobj_area, "shift_size", &jobj1);
-		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", json_object_get_uint64(jobj1));
+		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1));
 	}
 
 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
 
 	json_object_object_get_ex(jobj_area, "size", &jobj1);
-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
 
 	return 0;
 }
@@ -304,7 +304,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
 			return -EINVAL;
 		if (!validate_json_uint32(jobj_sector_size))
 			return -EINVAL;
-		sector_size = json_object_get_uint32(jobj_sector_size);
+		sector_size = crypt_jobj_get_uint32(jobj_sector_size);
 		if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
 			log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
 			return -EINVAL;
@@ -313,7 +313,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
 		if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
 			return -EINVAL;
 
-		shift_size = json_object_get_uint64(jobj_shift_size);
+		shift_size = crypt_jobj_get_uint64(jobj_shift_size);
 		if (!shift_size)
 			return -EINVAL;
 

lib/luks2/luks2_luks1_convert.c

@@ -91,8 +91,8 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
 	}
 	area_size = offs_b - offs_a;
 	json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_size));
+	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
+	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
 	json_object_object_add(keyslot_obj, "area", jobj_area);
 
 	*keyslot_object = keyslot_obj;
@@ -145,7 +145,7 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object
 	/* offset field */
 	number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
 
-	field = json_object_new_uint64(number);
+	field = crypt_jobj_new_uint64(number);
 	if (!field) {
 		json_object_put(segment_obj);
 		return -ENOMEM;
@@ -401,8 +401,9 @@ static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks
 	json_object_object_add(luks1_obj, "config", field);
 
 	json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
-	json_object_object_add(field, "json_size", json_object_new_uint64(json_size));
-	json_object_object_add(field, "keyslots_size", json_object_new_uint64(keyslots_size));
+	json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
+	keyslots_size -= (keyslots_size % 4096);
+	json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
 
 	*luks1_object = luks1_obj;
 	return 0;
@@ -418,8 +419,8 @@ static void move_keyslot_offset(json_object *jobj, int offset_add)
 		UNUSED(key);
 		json_object_object_get_ex(val, "area", &jobj_area);
 		json_object_object_get_ex(jobj_area, "offset", &jobj2);
-		offset = json_object_get_uint64(jobj2) + offset_add;
-		json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
+		offset = crypt_jobj_get_uint64(jobj2) + offset_add;
+		json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
 	}
 }
 
@@ -577,6 +578,12 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 		goto out;
 	}
 
+	/* check future LUKS2 metadata before moving keyslots area */
+	if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) {
+		r = -EINVAL;
+		goto out;
+	}
+
 	if ((r = luks_header_in_use(cd))) {
 		if (r > 0)
 			r = -EBUSY;
@@ -586,6 +593,14 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 	// move keyslots 4k -> 32k offset
 	buf_offset = 2 * LUKS2_HDR_16K_LEN;
 	buf_size   = luks1_size - LUKS_ALIGN_KEYSLOTS;
+
+	/* check future LUKS2 keyslots area is at least as large as LUKS1 keyslots area */
+	if (buf_size > LUKS2_keyslots_size(hdr2->jobj)) {
+		log_err(cd, _("Unable to move keyslot area. LUKS2 keyslots area too small."));
+		r = -EINVAL;
+		goto out;
+	}
+
 	if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
 		log_err(cd, _("Unable to move keyslot area."));
 		goto out;
@@ -749,7 +764,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 				return -EINVAL;
 			if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
 				return -EINVAL;
-			offset = json_object_get_uint64(jobj1);
+			offset = crypt_jobj_get_uint64(jobj1);
 		} else {
 			if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
 				return -EINVAL;
@@ -781,7 +796,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 
 		if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
 			continue;
-		hdr1->keyblock[i].passwordIterations = json_object_get_uint32(jobj1);
+		hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
 
 		if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
 			continue;
@@ -822,7 +837,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 
 	if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
 		return -EINVAL;
-	hdr1->mkDigestIterations = json_object_get_uint32(jobj1);
+	hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
 
 	if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
 		return -EINVAL;
@@ -847,7 +862,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 
 	if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
 		return -EINVAL;
-	offset = json_object_get_uint64(jobj1) / SECTOR_SIZE;
+	offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
 	if (offset > UINT32_MAX)
 		return -EINVAL;
 	/* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */

lib/luks2/luks2_reencrypt.c

@@ -165,7 +165,7 @@ static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
 	if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
 		return 0;
 
-	return json_object_get_uint32(jobj_sector_size);
+	return crypt_jobj_get_uint32(jobj_sector_size);
 }
 
 static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
@@ -200,13 +200,13 @@ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
 		json_segment_remove_flag(jobj_seg_new, "in-reencryption");
 		tmp = rh->length;
 	} else {
-		json_object_object_add(jobj_seg_new, "offset", json_object_new_uint64(rh->offset + data_offset));
-		json_object_object_add(jobj_seg_new, "iv_tweak", json_object_new_uint64(rh->offset >> SECTOR_SHIFT));
+		json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
+		json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
 		tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
 	}
 
 	/* alter size of new segment, reenc_seg == 0 we're finished */
-	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? json_object_new_uint64(tmp) : json_object_new_string("dynamic"));
+	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
 	json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
 
 	return jobj_segs_post;
@@ -256,7 +256,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_devic
 		jobj_seg_shrunk = NULL;
 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
 			goto err;
-		json_object_object_add(jobj_seg_shrunk, "size", json_object_new_uint64(segment_size - rh->length));
+		json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
 	}
 
@@ -336,7 +336,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd
 				goto err;
 			jobj_old_seg = jobj_old_seg_copy;
 			fixed_length = rh->device_size - fixed_length;
-			json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(fixed_length));
+			json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
 		} else
 			json_object_get(jobj_old_seg);
 		json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
@@ -491,7 +491,7 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd
 	if (rh->offset) {
 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
 			goto err;
-		json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(rh->offset));
+		json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
 
 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
 	}
@@ -575,7 +575,7 @@ static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
 	if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
 		return 0;
 
-	return json_object_get_uint64(jobj_data_shift);
+	return crypt_jobj_get_uint64(jobj_data_shift);
 }
 
 static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)

lib/luks2/luks2_segment.c

@@ -55,7 +55,7 @@ uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
 	    !json_object_object_get_ex(jobj_segment, "offset", &jobj))
 		return 0;
 
-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
 }
 
 const char *json_segment_type(json_object *jobj_segment)
@@ -77,7 +77,7 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
 	    !json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
 		return 0;
 
-	return json_object_get_uint64(jobj);
+	return crypt_jobj_get_uint64(jobj);
 }
 
 uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
@@ -88,7 +88,7 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
 	    !json_object_object_get_ex(jobj_segment, "size", &jobj))
 		return 0;
 
-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
 }
 
 const char *json_segment_get_cipher(json_object *jobj_segment)
@@ -229,8 +229,8 @@ static json_object *_segment_create_generic(const char *type, uint64_t offset, c
 		return NULL;
 
 	json_object_object_add(jobj, "type",		json_object_new_string(type));
-	json_object_object_add(jobj, "offset",		json_object_new_uint64(offset));
-	json_object_object_add(jobj, "size",		length ? json_object_new_uint64(*length) : json_object_new_string("dynamic"));
+	json_object_object_add(jobj, "offset",		crypt_jobj_new_uint64(offset));
+	json_object_object_add(jobj, "size",		length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
 
 	return jobj;
 }
@@ -252,7 +252,7 @@ json_object *json_segment_create_crypt(uint64_t offset,
 	if (!jobj)
 		return NULL;
 
-	json_object_object_add(jobj, "iv_tweak",	json_object_new_uint64(iv_offset));
+	json_object_object_add(jobj, "iv_tweak",	crypt_jobj_new_uint64(iv_offset));
 	json_object_object_add(jobj, "encryption",	json_object_new_string(cipher));
 	json_object_object_add(jobj, "sector_size",	json_object_new_int(sector_size));
 	if (reencryption)

lib/random.c

@@ -20,7 +20,6 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <assert.h>
 #include <sys/select.h>
@@ -28,10 +27,6 @@
 #include "libcryptsetup.h"
 #include "internal.h"
 
-#ifndef O_CLOEXEC
-#define O_CLOEXEC 0
-#endif
-
 static int random_initialised = 0;
 
 #define URANDOM_DEVICE	"/dev/urandom"

lib/setup.c

@@ -26,7 +26,6 @@
 #include <stdlib.h>
 #include <stdarg.h>
 #include <sys/utsname.h>
-#include <fcntl.h>
 #include <errno.h>
 
 #include "libcryptsetup.h"
@@ -231,7 +230,7 @@ int init_crypto(struct crypt_device *ctx)
 		return r;
 	}
 
-	r = crypt_backend_init(ctx);
+	r = crypt_backend_init();
 	if (r < 0)
 		log_err(ctx, _("Cannot initialize crypto backend."));
 
@@ -584,6 +583,9 @@ int crypt_init(struct crypt_device **cd, const char *device)
 		return -EINVAL;
 
 	log_dbg(NULL, "Allocating context for crypt device %s.", device ?: "(none)");
+#if !HAVE_DECL_O_CLOEXEC
+	log_dbg(NULL, "Running without O_CLOEXEC.");
+#endif
 
 	if (!(h = malloc(sizeof(struct crypt_device))))
 		return -ENOMEM;

lib/tcrypt/tcrypt.c

@@ -23,7 +23,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <fcntl.h>
 #include <assert.h>
 
 #include "libcryptsetup.h"
@@ -479,8 +478,8 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 }
 
 static int TCRYPT_pool_keyfile(struct crypt_device *cd,
-				unsigned char pool[TCRYPT_KEY_POOL_LEN],
-				const char *keyfile)
+				unsigned char pool[VCRYPT_KEY_POOL_LEN],
+				const char *keyfile, int keyfiles_pool_length)
 {
 	unsigned char *data;
 	int i, j, fd, data_size, r = -EIO;
@@ -512,7 +511,7 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd,
 		pool[j++] += (unsigned char)(crc >> 16);
 		pool[j++] += (unsigned char)(crc >>  8);
 		pool[j++] += (unsigned char)(crc);
-		j %= TCRYPT_KEY_POOL_LEN;
+		j %= keyfiles_pool_length;
 	}
 	r = 0;
 out:
@@ -527,29 +526,39 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 			   struct tcrypt_phdr *hdr,
 			   struct crypt_params_tcrypt *params)
 {
-	unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {};
-	size_t passphrase_size;
+	unsigned char pwd[VCRYPT_KEY_POOL_LEN] = {};
+	size_t passphrase_size, max_passphrase_size;
 	char *key;
 	unsigned int i, skipped = 0, iterations;
-	int r = -EPERM;
+	int r = -EPERM, keyfiles_pool_length;
 
 	if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
 		return -ENOMEM;
 
+	if (params->flags & CRYPT_TCRYPT_VERA_MODES &&
+	    params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
+		/* Really. Keyfile pool length depends on passphrase size in Veracrypt. */
+		max_passphrase_size = VCRYPT_KEY_POOL_LEN;
+		keyfiles_pool_length = VCRYPT_KEY_POOL_LEN;
+	} else {
+		max_passphrase_size = TCRYPT_KEY_POOL_LEN;
+		keyfiles_pool_length = TCRYPT_KEY_POOL_LEN;
+	}
+
 	if (params->keyfiles_count)
-		passphrase_size = TCRYPT_KEY_POOL_LEN;
+		passphrase_size = max_passphrase_size;
 	else
 		passphrase_size = params->passphrase_size;
 
-	if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
-		log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded."),
-			      TCRYPT_KEY_POOL_LEN);
+	if (params->passphrase_size > max_passphrase_size) {
+		log_err(cd, _("Maximum TCRYPT passphrase length (%zu) exceeded."),
+			      max_passphrase_size);
 		goto out;
 	}
 
 	/* Calculate pool content from keyfiles */
 	for (i = 0; i < params->keyfiles_count; i++) {
-		r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]);
+		r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i], keyfiles_pool_length);
 		if (r < 0)
 			goto out;
 	}

lib/tcrypt/tcrypt.h

@@ -42,6 +42,7 @@
 
 #define TCRYPT_LRW_IKEY_LEN 16
 #define TCRYPT_KEY_POOL_LEN 64
+#define VCRYPT_KEY_POOL_LEN 128
 #define TCRYPT_KEYFILE_LEN  1048576
 
 #define TCRYPT_HDR_FLAG_SYSTEM    (1 << 0)

lib/utils.c

@@ -23,7 +23,6 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/resource.h>
 #include <sys/stat.h>

lib/utils_benchmark.c

@@ -48,6 +48,12 @@ int crypt_benchmark(struct crypt_device *cd,
 	if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size))
 		goto out;
 
+	r = crypt_cipher_ivsize(cipher, cipher_mode);
+	if (r >= 0 && iv_size != (size_t)r) {
+		log_dbg(cd, "IV length for benchmark adjusted to %i bytes (requested %zu).", r, iv_size);
+		iv_size = r;
+	}
+
 	if (iv_size) {
 		iv = malloc(iv_size);
 		if (!iv)
@@ -71,9 +77,9 @@ int crypt_benchmark(struct crypt_device *cd,
 
 	if (r == -ERANGE)
 		log_dbg(cd, "Measured cipher runtime is too low.");
-	else if (r == -ENOTSUP || r == -ENOENT)
-		log_dbg(cd, "Cannot initialize cipher %s, mode %s.", cipher, cipher_mode);
-
+	else if (r)
+		log_dbg(cd, "Cannot initialize cipher %s, mode %s, key size %zu, IV size %zu.",
+			cipher, cipher_mode, volume_key_size, iv_size);
 out:
 	free(buffer);
 	free(key);

lib/utils_blkid.c

@@ -310,9 +310,9 @@ int blk_supported(void)
 
 off_t blk_get_offset(struct blkid_handle *h)
 {
-	const char *offset;
 	off_t offset_value = -1;
 #ifdef HAVE_BLKID
+	const char *offset;
 	if (blk_is_superblock(h)) {
 		if (!blkid_probe_lookup_value(h->pr, "SBMAGIC_OFFSET", &offset, NULL))
 			offset_value = strtoll(offset, NULL, 10);

lib/utils_device.c

@@ -24,7 +24,6 @@
 #include <assert.h>
 #include <string.h>
 #include <stdlib.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>

lib/utils_device_locking.c

@@ -20,7 +20,6 @@
  */
 
 #include <errno.h>
-#include <fcntl.h>
 #include <linux/limits.h>
 #include <stdio.h>
 #include <stdlib.h>

lib/utils_devpath.c

@@ -26,7 +26,6 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <dirent.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <limits.h>
 #include <sys/stat.h>

lib/utils_dm.h

@@ -68,6 +68,7 @@ static inline uint32_t act2dmflags(uint32_t act_flags)
 #define DM_BITLK_EBOIV_SUPPORTED (1 << 20) /* EBOIV for BITLK supported */
 #define DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */
 #define DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */
+#define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */
 
 typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
 enum tdirection { TARGET_SET = 1, TARGET_QUERY };

lib/utils_storage_wrappers.c

@@ -20,7 +20,6 @@
  */
 
 #include <errno.h>
-#include <fcntl.h>
 #include <stdio.h>
 #include <stddef.h>
 #include <stdint.h>

lib/utils_wipe.c

@@ -22,7 +22,6 @@
 
 #include <stdlib.h>
 #include <errno.h>
-#include <fcntl.h>
 #include "internal.h"
 
 /*
@@ -56,7 +55,7 @@ static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize,
 			      size_t alignment, char *buffer,
 			      uint64_t offset, size_t size)
 {
-	int r;
+	int r = 0;
 	unsigned int i;
 	ssize_t written;
 

lib/verity/verity.c

@@ -25,7 +25,6 @@
 #include <stdint.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <fcntl.h>
 #include <netinet/in.h>
 #include <uuid/uuid.h>
 

lib/verity/verity_fec.c

@@ -20,7 +20,6 @@
  */
 
 #include <stdlib.h>
-#include <fcntl.h>
 #include <errno.h>
 
 #include "verity.h"

man/cryptsetup.8

@@ -490,14 +490,18 @@ master key is dumped to a file instead of standard output. Beware that the
 master key cannot be changed without reencryption and can be used to decrypt
 the data stored in the LUKS container without a passphrase and even without the
 LUKS header. This means that if the master key is compromised, the whole device
-has to be erased to prevent further access. Use this option carefully.
+has to be erased or reencrypted to prevent further access. Use this option carefully.
 
 To dump the master key, a passphrase has to be supplied,
 either interactively or via \-\-key\-file.
 
+To dump unbound key (LUKS2 format only), \-\-unbound parameter, specific \-\-key-slot
+id and proper passphrase has to be supplied, either interactively or via \-\-key\-file.
+Optional \-\-master\-key\-file parameter enables unbound keyslot dump to a file.
+
 \fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
 \-\-keyfile\-offset, \-\-keyfile\-size, \-\-header, \-\-disable\-locks,
-\-\-master\-key\-file, \-\-type].
+\-\-master\-key\-file, \-\-type, \-\-unbound, \-\-key-slot].
 
 \fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
 and the argument to \-\-key\-file is '-', no validation question
@@ -746,12 +750,14 @@ TrueCrypt.
 Please note that cryptsetup does not use TrueCrypt code, please report
 all problems related to this compatibility extension to the cryptsetup project.
 
-.SH BITLK (Windows BitLocker-compatible) EXTENSION
+.SH BITLK (Windows BitLocker-compatible) EXTENSION (EXPERIMENTAL)
 cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted partition
 using a native Linux kernel API.
 Header formatting and BITLK header changes are not supported, cryptsetup
 never changes BITLK header on-device.
 
+\fBWARNING:\fR This extension is EXPERIMENTAL.
+
 BITLK extension requires kernel userspace crypto API to be available
 (for details see TCRYPT section).
 
@@ -1366,8 +1372,9 @@ integrity tag.
 .TP
 .B "\-\-unbound"
 
-Creates new LUKS2 unbound keyslot. See \fIluksAddKey\fR action for more
-details.
+Creates new or dumps existing LUKS2 unbound keyslot. See \fIluksAddKey\fR or
+\fIluksDump\fR actions for more details.
+
 .TP
 .B "\-\-tcrypt\-hidden"
 .B "\-\-tcrypt\-system"

man/integritysetup.8

@@ -33,7 +33,7 @@ Open a mapping with <name> backed by device <device>.
 \fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-journal\-watermark,
 \-\-journal\-commit\-time, \-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size,
 \-\-integrity\-key\-file, \-\-integrity\-no\-journal, \-\-integrity\-recalculate,
-\-\-integrity\-recovery\-mode]
+\-\-integrity\-recovery\-mode, \-\-allow\-discards]
 
 .PP
 \fIclose\fR <name>
@@ -174,6 +174,10 @@ The size of the journal encryption key.
 .B "\-\-journal\-crypt\-key\-file FILE"
 The file with the journal encryption key.
 .TP
+.B "\-\-allow\-discards\fR"
+Allow the use of discard (TRIM) requests for the device.
+This option is available since the Linux kernel version 5.7.
+.TP
 The dm-integrity target is available since Linux kernel version 4.12.
 .TP
 \fBNOTE:\fR

man/veritysetup.8

@@ -31,7 +31,8 @@ If hash device path doesn't exist, it will be created as file.
 \-\-salt, \-\-uuid]
 .PP
 \fIopen\fR <data_device> <name> <hash_device> <root_hash>
-\fIcreate\fR <name> <data_device> <hash_device> <root_hash>
+.br
+\fIcreate\fR <name> <data_device> <hash_device> <root_hash>  (\fBOBSOLETE syntax\fR)
 .IP
 Creates a mapping with <name> backed by device <data_device> and using
 <hash_device> for in-kernel verification.

src/cryptsetup.c

@@ -880,14 +880,14 @@ static int action_benchmark_kdf(const char *kdf, const char *hash, size_t key_si
 }
 
 static int benchmark_cipher_loop(const char *cipher, const char *cipher_mode,
-				 size_t volume_key_size, size_t iv_size,
+				 size_t volume_key_size,
 				 double *encryption_mbs, double *decryption_mbs)
 {
 	int r, buffer_size = 1024 * 1024;
 
 	do {
 		r = crypt_benchmark(NULL, cipher, cipher_mode,
-				    volume_key_size, iv_size, buffer_size,
+				    volume_key_size, 0, buffer_size,
 				    encryption_mbs, decryption_mbs);
 		if (r == -ERANGE) {
 			if (buffer_size < 1024 * 1024 * 65)
@@ -908,21 +908,20 @@ static int action_benchmark(void)
 		const char *cipher;
 		const char *mode;
 		size_t key_size;
-		size_t iv_size;
 	} bciphers[] = {
-		{ "aes",     "cbc", 16, 16 },
-		{ "serpent", "cbc", 16, 16 },
-		{ "twofish", "cbc", 16, 16 },
-		{ "aes",     "cbc", 32, 16 },
-		{ "serpent", "cbc", 32, 16 },
-		{ "twofish", "cbc", 32, 16 },
-		{ "aes",     "xts", 32, 16 },
-		{ "serpent", "xts", 32, 16 },
-		{ "twofish", "xts", 32, 16 },
-		{ "aes",     "xts", 64, 16 },
-		{ "serpent", "xts", 64, 16 },
-		{ "twofish", "xts", 64, 16 },
-		{  NULL, NULL, 0, 0 }
+		{ "aes",     "cbc", 16 },
+		{ "serpent", "cbc", 16 },
+		{ "twofish", "cbc", 16 },
+		{ "aes",     "cbc", 32 },
+		{ "serpent", "cbc", 32 },
+		{ "twofish", "cbc", 32 },
+		{ "aes",     "xts", 32 },
+		{ "serpent", "xts", 32 },
+		{ "twofish", "xts", 32 },
+		{ "aes",     "xts", 64 },
+		{ "serpent", "xts", 64 },
+		{ "twofish", "xts", 64 },
+		{  NULL, NULL, 0 }
 	};
 	static struct {
 		const char *type;
@@ -940,7 +939,7 @@ static int action_benchmark(void)
 	char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
 	double enc_mbr = 0, dec_mbr = 0;
 	int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
-	int iv_size = 16, skipped = 0, width;
+	int skipped = 0, width;
 	char *c;
 	int i, r;
 
@@ -958,21 +957,7 @@ static int action_benchmark(void)
 		if ((c  = strchr(cipher_mode, '-')))
 			*c = '\0';
 
-		/* FIXME: not really clever :) */
-		if (strstr(cipher, "des") ||
-		    strstr(cipher, "blowfish") ||
-		    strstr(cipher, "cast5"))
-			iv_size = 8;
-
-		if (!strcmp(cipher_mode, "ecb"))
-			iv_size = 0;
-
-		if (!strcmp(cipher_mode, "adiantum"))
-			iv_size = 32;
-
-		r = benchmark_cipher_loop(cipher, cipher_mode,
-					  key_size, iv_size,
-					  &enc_mbr, &dec_mbr);
+		r = benchmark_cipher_loop(cipher, cipher_mode, key_size, &enc_mbr, &dec_mbr);
 		if (!r) {
 			width = strlen(cipher) + strlen(cipher_mode) + 1;
 			if (width < 11)
@@ -981,8 +966,8 @@ static int action_benchmark(void)
 			log_std(_("#%*s Algorithm |       Key |      Encryption |      Decryption\n"), width - 11, "");
 			log_std("%*s-%s  %9db  %10.1f MiB/s  %10.1f MiB/s\n", width - (int)strlen(cipher_mode) - 1,
 				cipher, cipher_mode, key_size*8, enc_mbr, dec_mbr);
-		} else if (r == -ENOENT)
-			log_err(_("Cipher %s is not available."), opt_cipher);
+		} else if (r < 0)
+			log_err(_("Cipher %s (with %i bits key) is not available."), opt_cipher, key_size * 8);
 	} else {
 		for (i = 0; bkdfs[i].type; i++) {
 			r = action_benchmark_kdf(bkdfs[i].type, bkdfs[i].hash, key_size);
@@ -993,8 +978,7 @@ static int action_benchmark(void)
 
 		for (i = 0; bciphers[i].cipher; i++) {
 			r = benchmark_cipher_loop(bciphers[i].cipher, bciphers[i].mode,
-					    bciphers[i].key_size, bciphers[i].iv_size,
-					    &enc_mbr, &dec_mbr);
+						  bciphers[i].key_size, &enc_mbr, &dec_mbr);
 			check_signal(&r);
 			if (r == -ENOTSUP || r == -EINTR)
 				break;
@@ -1196,6 +1180,11 @@ static int _wipe_data_device(struct crypt_device *cd)
 	return r;
 }
 
+static int strcmp_or_null(const char *str, const char *expected)
+{
+	return !str ? 0 : strcmp(str, expected);
+}
+
 static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen)
 {
 	int r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0;
@@ -1387,7 +1376,8 @@ static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_
 	}
 	tools_keyslot_msg(r, CREATED);
 
-	if (opt_integrity && !opt_integrity_no_wipe)
+	if (opt_integrity && !opt_integrity_no_wipe &&
+	    strcmp_or_null(params2.integrity, "none"))
 		r = _wipe_data_device(cd);
 out:
 	if (r >= 0 && r_cd && r_password && r_passwordLen) {
@@ -2003,9 +1993,9 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
 	if (!yesDialog(
-	    _("Header dump with volume key is sensitive information\n"
-	      "which allows access to encrypted partition without passphrase.\n"
-	      "This dump should be always stored encrypted on safe place."),
+	    _("The header dump with volume key is sensitive information\n"
+	      "that allows access to encrypted partition without a passphrase.\n"
+	      "This dump should be stored encrypted in a safe place."),
 	      NULL))
 		return -EPERM;
 
@@ -2059,6 +2049,76 @@ out:
 	return r;
 }
 
+static int luksDump_with_unbound_key(struct crypt_device *cd)
+{
+	crypt_keyslot_info ki;
+	char *uk = NULL, *password = NULL;
+	size_t uk_size, passwordLen = 0;
+	int i, r;
+
+	ki = crypt_keyslot_status(cd, opt_key_slot);
+	if (ki != CRYPT_SLOT_UNBOUND) {
+		log_err(_("Keyslot %d does not contain unbound key."), opt_key_slot);
+		return -EINVAL;
+	}
+
+	crypt_set_confirm_callback(cd, yesDialog, NULL);
+	if (!yesDialog(
+	    _("The header dump with unbound key is sensitive information.\n"
+	      "This dump should be stored encrypted in a safe place."),
+	      NULL))
+		return -EPERM;
+
+	r = crypt_keyslot_get_key_size(cd, opt_key_slot);
+	if (r < 0)
+		return -EINVAL;
+	uk_size = r;
+	uk = crypt_safe_alloc(uk_size);
+	if (!uk)
+		return -ENOMEM;
+
+	r = tools_get_key(NULL, &password, &passwordLen,
+			  opt_keyfile_offset, opt_keyfile_size, opt_key_file,
+			  opt_timeout, 0, 0, cd);
+	if (r < 0)
+		goto out;
+
+	r = crypt_volume_key_get(cd, opt_key_slot, uk, &uk_size,
+				 password, passwordLen);
+	tools_passphrase_msg(r);
+	check_signal(&r);
+	if (r < 0)
+		goto out;
+	tools_keyslot_msg(r, UNLOCKED);
+
+	if (opt_master_key_file) {
+		r = tools_write_mk(opt_master_key_file, uk, uk_size);
+		if (r < 0)
+			goto out;
+	}
+
+	log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
+	log_std("UUID:    \t%s\n", crypt_get_uuid(cd));
+	log_std("Keyslot: \t%d\n", opt_key_slot);
+	log_std("Key bits:\t%d\n", (int)uk_size * 8);
+	if (opt_master_key_file) {
+		log_std("Key stored to file %s.\n", opt_master_key_file);
+		goto out;
+	}
+	log_std("Unbound Key:\t");
+
+	for(i = 0; i < (int)uk_size; i++) {
+		if (i && !(i % 16))
+			log_std("\n\t\t");
+		log_std("%02hhx ", (char)uk[i]);
+	}
+	log_std("\n");
+out:
+	crypt_safe_free(password);
+	crypt_safe_free(uk);
+	return r;
+}
+
 static int action_luksDump(void)
 {
 	struct crypt_device *cd = NULL;
@@ -2075,6 +2135,8 @@ static int action_luksDump(void)
 
 	if (opt_dump_master_key)
 		r = luksDump_with_volume_key(cd);
+	else if (opt_unbound)
+		r = luksDump_with_unbound_key(cd);
 	else
 		r = crypt_dump(cd);
 out:
@@ -3405,11 +3467,6 @@ static int run_action(struct action_type *action)
 	return translate_errno(r);
 }
 
-static int strcmp_or_null(const char *str, const char *expected)
-{
-	return !str ? 0 : strcmp(str, expected);
-}
-
 int main(int argc, const char **argv)
 {
 	static char *popt_tmp;
@@ -3486,7 +3543,7 @@ int main(int argc, const char **argv)
 		{ "persistent",	       '\0', POPT_ARG_NONE, &opt_persistent,            0, N_("Set activation flags persistent for device"), NULL },
 		{ "label",	       '\0', POPT_ARG_STRING, &opt_label,               0, N_("Set label for the LUKS2 device"), NULL },
 		{ "subsystem",	       '\0', POPT_ARG_STRING, &opt_subsystem,           0, N_("Set subsystem label for the LUKS2 device"), NULL },
-		{ "unbound",           '\0', POPT_ARG_NONE, &opt_unbound,               0, N_("Create unbound (no assigned data segment) LUKS2 keyslot"), NULL },
+		{ "unbound",           '\0', POPT_ARG_NONE, &opt_unbound,               0, N_("Create or dump unbound (no assigned data segment) LUKS2 keyslot"), NULL },
 		{ "json-file",	       '\0', POPT_ARG_STRING, &opt_json_file,           0, N_("Read or write the json from or to a file"), NULL },
 		{ "luks2-metadata-size",'\0',POPT_ARG_STRING,&opt_luks2_metadata_size_str,0,N_("LUKS2 header metadata area size"), N_("bytes") },
 		{ "luks2-keyslots-size",'\0',POPT_ARG_STRING,&opt_luks2_keyslots_size_str,0,N_("LUKS2 header keyslots area size"), N_("bytes") },
@@ -3645,44 +3702,39 @@ int main(int argc, const char **argv)
 
 	/* FIXME: rewrite this from scratch */
 
-	if (opt_refresh && strcmp(aname, "open"))
-		usage(popt_context, EXIT_FAILURE,
-		      _("Parameter --refresh is only allowed with open or refresh commands.\n"),
-		      poptGetInvocationName(popt_context));
-
 	if (opt_refresh && opt_test_passphrase)
 		usage(popt_context, EXIT_FAILURE,
-		      _("Options --refresh and --test-passphrase are mutually exclusive.\n"),
+		      _("Options --refresh and --test-passphrase are mutually exclusive."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_deferred_remove && strcmp(aname, "close"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --deferred is allowed only for close command.\n"),
+		      _("Option --deferred is allowed only for close command."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_shared && (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain")))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --shared is allowed only for open of plain device.\n"),
+		      _("Option --shared is allowed only for open of plain device."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_allow_discards && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --allow-discards is allowed only for open operation.\n"),
+		      _("Option --allow-discards is allowed only for open operation."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_persistent && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --persistent is allowed only for open operation.\n"),
+		      _("Option --persistent is allowed only for open operation."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_serialize_memory_hard_pbkdf && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --serialize-memory-hard-pbkdf is allowed only for open operation.\n"),
+		      _("Option --serialize-memory-hard-pbkdf is allowed only for open operation."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_persistent && opt_test_passphrase)
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --persistent is not allowed with --test-passphrase.\n"),
+		      _("Option --persistent is not allowed with --test-passphrase."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_key_size &&
@@ -3698,24 +3750,24 @@ int main(int argc, const char **argv)
 
 	if (opt_integrity && strcmp(aname, "luksFormat"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --integrity is allowed only for luksFormat (LUKS2).\n"),
+		      _("Option --integrity is allowed only for luksFormat (LUKS2)."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_integrity_no_wipe && !opt_integrity)
 		usage(popt_context, EXIT_FAILURE,
 		      _("Option --integrity-no-wipe"
-		        " can be used only for format action with integrity extension.\n"),
+		        " can be used only for format action with integrity extension."),
 		      poptGetInvocationName(popt_context));
 
 	if ((opt_label || opt_subsystem) && strcmp(aname, "luksFormat") && strcmp(aname, "config"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"),
+		      _("Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_test_passphrase && (strcmp(aname, "open") || !opt_type ||
 	    (strncmp(opt_type, "luks", 4) && strcmp(opt_type, "tcrypt") && strcmp(opt_type, "bitlk"))))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices.\n"),
+		      _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_key_size % 8 || opt_keyslot_key_size % 8)
@@ -3783,40 +3835,40 @@ int main(int argc, const char **argv)
 	if (opt_skip && (strcmp(aname, "open") ||
 	    (strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes"))))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --skip is supported only for open of plain and loopaes devices.\n"),
+		_("Option --skip is supported only for open of plain and loopaes devices."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_offset && ((strcmp(aname, "reencrypt") && strcmp(aname, "open") && strcmp(aname, "luksFormat")) ||
 	    (!strcmp(aname, "open") && strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes")) ||
 	    (!strcmp(aname, "luksFormat") && opt_type && strncmp(opt_type, "luks", 4))))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption.\n"),
+		_("Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."),
 		poptGetInvocationName(popt_context));
 
 	if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") &&
 	    (strcmp(aname, "open") || !opt_type || strcmp(opt_type, "tcrypt")))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"),
+		_("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_tcrypt_hidden && opt_allow_discards)
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --tcrypt-hidden cannot be combined with --allow-discards.\n"),
+		_("Option --tcrypt-hidden cannot be combined with --allow-discards."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_veracrypt && (!opt_type || strcmp(opt_type, "tcrypt")))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --veracrypt is supported only for TCRYPT device type.\n"),
+		_("Option --veracrypt is supported only for TCRYPT device type."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_veracrypt_pim != -1) {
 		if (opt_veracrypt_pim < -1) {
 			usage(popt_context, EXIT_FAILURE,
-			_("Invalid argument for parameter --veracrypt-pim supplied.\n"),
+			_("Invalid argument for parameter --veracrypt-pim supplied."),
 			poptGetInvocationName(popt_context));
 		} else if (!opt_veracrypt) {
 			usage(popt_context, EXIT_FAILURE,
-			_("Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"),
+			_("Option --veracrypt-pim is supported only for VeraCrypt compatible devices."),
 			poptGetInvocationName(popt_context));
 		}
 	}
@@ -3824,60 +3876,65 @@ int main(int argc, const char **argv)
 	if (opt_veracrypt_query_pim) {
 		if (!opt_veracrypt) {
 			usage(popt_context, EXIT_FAILURE,
-			_("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"),
+			_("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."),
 			poptGetInvocationName(popt_context));
 		} else if (opt_veracrypt_pim != -1) {
 			usage(popt_context, EXIT_FAILURE,
-			_("The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"),
+			_("The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."),
 			poptGetInvocationName(popt_context));
 		}
 	}
 
 	if (opt_priority && strcmp(opt_priority, "normal") && strcmp(opt_priority, "prefer") && strcmp(opt_priority, "ignore"))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --priority can be only ignore/normal/prefer.\n"),
+		_("Option --priority can be only ignore/normal/prefer."),
 		poptGetInvocationName(popt_context));
 
 	if (!strcmp(aname, "config") && opt_priority && opt_key_slot == CRYPT_ANY_SLOT)
 		usage(popt_context, EXIT_FAILURE,
-		_("Keyslot specification is required.\n"),
+		_("Keyslot specification is required."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf))
 		usage(popt_context, EXIT_FAILURE,
-		_("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"),
+		_("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_pbkdf_iterations && opt_iteration_time)
 		usage(popt_context, EXIT_FAILURE,
-		_("PBKDF forced iterations cannot be combined with iteration time option.\n"),
+		_("PBKDF forced iterations cannot be combined with iteration time option."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_sector_size && strcmp(aname, "reencrypt") && strcmp(aname, "luksFormat") &&
 	    (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain")))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Sector size option is not supported for this command.\n"),
+		      _("Sector size option is not supported for this command."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_sector_size && (opt_sector_size < SECTOR_SIZE || opt_sector_size > MAX_SECTOR_SIZE ||
 	    (opt_sector_size & (opt_sector_size - 1))))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Unsupported encryption sector size.\n"),
+		      _("Unsupported encryption sector size."),
 		      poptGetInvocationName(popt_context));
 
-	if (opt_unbound && !opt_key_size)
+	if (opt_unbound && !opt_key_size && !strcmp(aname, "luksAddKey"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Key size is required with --unbound option.\n"),
+		      _("Key size is required with --unbound option."),
 		      poptGetInvocationName(popt_context));
 
-	if (opt_unbound && strcmp(aname, "luksAddKey"))
+	if (opt_unbound && !strcmp(aname, "luksDump") && opt_key_slot == CRYPT_ANY_SLOT)
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --unbound may be used only with luksAddKey action.\n"),
+		      _("Keyslot specification is required."),
+		      poptGetInvocationName(popt_context));
+
+	if (opt_unbound && strcmp(aname, "luksAddKey") && strcmp(aname, "luksDump"))
+		usage(popt_context, EXIT_FAILURE,
+		      _("Option --unbound may be used only with luksAddKey and luksDump actions."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_refresh && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		      _("Option --refresh may be used only with open action.\n"),
+		      _("Option --refresh may be used only with open action."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_debug || opt_debug_json) {
@@ -3888,7 +3945,7 @@ int main(int argc, const char **argv)
 	}
 
 	if (opt_disable_locks && crypt_metadata_locking(NULL, 0)) {
-		log_std(_("Cannot disable metadata locking.\n"));
+		log_std(_("Cannot disable metadata locking."));
 		poptFreeContext(popt_context);
 		exit(EXIT_FAILURE);
 	}

src/cryptsetup_reencrypt.c

@@ -194,8 +194,15 @@ static int device_check(struct reenc_ctx *rc, const char *device, header_magic s
 	ssize_t s;
 	uint16_t version;
 	size_t buf_size = pagesize();
+	struct stat st;
 
-	devfd = open(device, O_RDWR | O_EXCL | O_DIRECT);
+	if (stat(device, &st)) {
+		log_err(_("Cannot open device %s."), device);
+		return -EINVAL;
+	}
+
+	/* coverity[toctou] */
+	devfd = open(device, O_RDWR | (S_ISBLK(st.st_mode) ? O_EXCL : 0));
 	if (devfd == -1) {
 		if (errno == EBUSY) {
 			log_err(_("Cannot exclusively open %s, device in use."),
@@ -250,7 +257,7 @@ static int device_check(struct reenc_ctx *rc, const char *device, header_magic s
 		if (lseek(devfd, 0, SEEK_SET) == -1)
 			goto out;
 		s = write(devfd, buf, buf_size);
-		if (s < 0 || s != (ssize_t)buf_size) {
+		if (s < 0 || s != (ssize_t)buf_size || fsync(devfd) < 0) {
 			log_err(_("Cannot write device %s."), device);
 			r = -EIO;
 		}
@@ -1683,12 +1690,12 @@ int main(int argc, const char **argv)
 
 	if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf))
 		usage(popt_context, EXIT_FAILURE,
-		_("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"),
+		_("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_pbkdf_iterations && opt_iteration_time)
 		usage(popt_context, EXIT_FAILURE,
-		_("PBKDF forced iterations cannot be combined with iteration time option.\n"),
+		_("PBKDF forced iterations cannot be combined with iteration time option."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_bsize < 1 || opt_bsize > 64)

src/integritysetup.c

@@ -60,6 +60,7 @@ static int opt_integrity_bitmap = 0;
 static int opt_integrity_legacy_padding = 0;
 
 static int opt_integrity_recalculate = 0;
+static int opt_allow_discards = 0;
 
 static const char **action_argv;
 static int action_argc;
@@ -314,6 +315,8 @@ static int action_open(int arg)
 
 	if (opt_integrity_recalculate)
 		activate_flags |= CRYPT_ACTIVATE_RECALCULATE;
+	if (opt_allow_discards)
+		activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
 
 	r = _read_keys(&integrity_key, &params);
 	if (r)
@@ -437,6 +440,9 @@ static int action_status(int arg)
 			if (ip.journal_crypt)
 				log_std("  journal encryption: %s\n", ip.journal_crypt);
 		}
+		if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS))
+			log_std("  flags: %s\n",
+				(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "");
 	}
 out:
 	crypt_free(cd);
@@ -569,6 +575,8 @@ int main(int argc, const char **argv)
 		{ "integrity-bitmap-mode",      'B', POPT_ARG_NONE,  &opt_integrity_bitmap, 0, N_("Use bitmap to track changes and disable journal for integrity device"), NULL },
 		{ "integrity-recalculate",     '\0', POPT_ARG_NONE,  &opt_integrity_recalculate,  0, N_("Recalculate initial tags automatically."), NULL },
 		{ "integrity-legacy-padding",  '\0', POPT_ARG_NONE,  &opt_integrity_legacy_padding, 0, N_("Use inefficient legacy padding (old kernels)"), NULL },
+
+		{ "allow-discards",            '\0', POPT_ARG_NONE,  &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
@@ -641,6 +649,11 @@ int main(int argc, const char **argv)
 		      _("Option --integrity-recalculate can be used only for open action."),
 		      poptGetInvocationName(popt_context));
 
+	if (opt_allow_discards && strcmp(aname, "open"))
+		usage(popt_context, EXIT_FAILURE,
+		      _("Option --allow-discards is allowed only for open operation."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_interleave_sectors < 0 || opt_journal_watermark < 0 ||
 	    opt_journal_commit_time < 0 || opt_tag_size < 0 ||
 	    opt_sector_size < 0 || opt_buffer_sectors < 0 ||
@@ -654,7 +667,7 @@ int main(int argc, const char **argv)
 		opt_sector_size || opt_tag_size || opt_no_wipe ))
 		usage(popt_context, EXIT_FAILURE,
 		      _("Options --journal-size, --interleave-sectors, --sector-size, --tag-size"
-		        " and --no-wipe can be used only for format action.\n"),
+		        " and --no-wipe can be used only for format action."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_journal_size_str &&

src/utils_blockdev.c

@@ -103,11 +103,11 @@ static int lookup_holder_dm_name(const char *dm_uuid, size_t max_len, dev_t devn
 		}
 
 		/* looking for dm-X/dm directory, symlinks are fine */
-		dmfd = openat(dirfd(dir), dm_subpath, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+		dmfd = openat(dirfd(dir), dm_subpath, O_DIRECTORY | O_RDONLY);
 		if (dmfd < 0)
 			continue;
 
-		fd = openat(dmfd, "uuid", O_RDONLY | O_CLOEXEC);
+		fd = openat(dmfd, "uuid", O_RDONLY);
 		if (fd < 0) {
 			close(dmfd);
 			continue;
@@ -130,7 +130,7 @@ static int lookup_holder_dm_name(const char *dm_uuid, size_t max_len, dev_t devn
 			continue;
 		}
 
-		fd = openat(dmfd, "name", O_RDONLY | O_CLOEXEC);
+		fd = openat(dmfd, "name", O_RDONLY);
 		if (fd < 0) {
 			close(dmfd);
 			continue;

src/veritysetup.c

@@ -579,17 +579,17 @@ int main(int argc, const char **argv)
 
 	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"),
+		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_root_hash_signature && strcmp(aname, "open"))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --root-hash-signature can be used only for open operation.\n"),
+		_("Option --root-hash-signature can be used only for open operation."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_ignore_corruption && opt_restart_on_corruption)
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"),
+		_("Option --ignore-corruption and --restart-on-corruption cannot be used together."),
 		poptGetInvocationName(popt_context));
 
 	if (opt_debug) {

tests/compat-test2

@@ -33,6 +33,8 @@ VK_FILE="compattest2_vkfile"
 IMPORT_TOKEN="{\"type\":\"some_type\",\"keyslots\":[],\"base64_data\":\"zxI7vKB1Qwl4VPB4D-N-OgcC14hPCG0IDu8O7eCqaQ\"}"
 TOKEN_FILE0=test-token-file0
 TOKEN_FILE1=test-token-file1
+KEY_FILE0=test-key-file0
+KEY_FILE1=test-key-file1
 
 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
 
@@ -47,7 +49,7 @@ function remove_mapping()
 	[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
 	losetup -d $LOOPDEV >/dev/null 2>&1
-	rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* >/dev/null 2>&1
+	rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1
 
 	# unlink whole test keyring
 	[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
@@ -754,6 +756,12 @@ $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail
 $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 1024 $LOOPDEV $KEY5 || fail
 $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
 
+# create LUKS1 with data offset not aligned to 4KiB
+$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --align-payload 4097 || fail
+$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail
+$CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail
+$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail
+
 if dm_crypt_keyring_flawed; then
 	prepare "[32a] LUKS2 keyring dm-crypt bug" wipe
 	echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
@@ -910,7 +918,8 @@ $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot
 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 16 $LOOPDEV || fail
 echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 32 -S 2 $LOOPDEV || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 8 -S 3 --master-key-file /dev/urandom $LOOPDEV || fail
+dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 512 -S 3 --master-key-file $KEY_FILE0 $LOOPDEV || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail
 # unbound key size is required
 echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail
@@ -935,7 +944,16 @@ echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP close $DEV_NAME || fail
 $CRYPTSETUP luksKillSlot -q $LOOPDEV 2
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" && fail
-$CRYPTSETUP luksKillSlot -q $LOOPDEV 3
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 $LOOPDEV 2> /dev/null && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $LOOPDEV 2> /dev/null && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV > /dev/null || fail
+diff $KEY_FILE0 $KEY_FILE1 || fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV 2> /dev/null && fail
+diff $KEY_FILE0 $KEY_FILE1 || fail
+rm $KEY_FILE1 || fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV | grep -q "Unbound Key:" && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $LOOPDEV | grep -q "Unbound Key:" || fail
+$CRYPTSETUP luksKillSlot -q $LOOPDEV 3 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" && fail
 
 prepare "[39] LUKS2 metadata variants" wipe

tests/crypto-vectors.c

@@ -902,7 +902,7 @@ int main(__attribute__ ((unused)) int argc, __attribute__ ((unused))char *argv[]
 		exit(77);
 	}
 
-	if (crypt_backend_init(NULL))
+	if (crypt_backend_init())
 		exit_test("Crypto backend init error.", EXIT_FAILURE);
 
 	printf("Test vectors using %s crypto backend.\n", crypt_backend_version());

tests/tcrypt-compat-test

@@ -8,6 +8,7 @@ TST_DIR=tcrypt-images
 MAP=tctst
 PASSWORD="aaaaaaaaaaaa"
 PASSWORD_HIDDEN="bbbbbbbbbbbb"
+PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
 PIM=1234
 
 [ -z "$srcdir" ] && srcdir="."
@@ -123,7 +124,10 @@ done
 echo "HEADER KEYFILES CHECK"
 for file in $(ls $TST_DIR/[tv]ck_*) ; do
 	echo -n " $file"
-	echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
+	PWD=$PASSWORD
+	[[ $file =~ vck_1_nopw.* ]] && PWD=""
+	[[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
+	echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
 	echo " [OK]"
 done
 

tests/verity-compat-test

@@ -11,6 +11,9 @@ IMG=verity-data
 IMG_HASH=verity-hash
 IMG_TMP=tst-dev
 FEC_DEV=tst_fec123
+# If we need deterministic image creation
+DEV_SALT=9e7457222290f1bac0d42ad2de2d602a87bb871c22ab70ca040bad450578a436
+DEV_UUID=a60c98d2-ae9b-4865-bfcb-b4e3ace11033
 
 function remove_mapping()
 {
@@ -329,7 +332,7 @@ function checkUserSpaceRepair()
 
 	echo -n "[nroots::$3]"
 
-	ARR=(`$VERITYSETUP format $IMG $HASH_DEV --fec-device $FEC $PARAMS`)
+	ARR=(`$VERITYSETUP format $IMG $HASH_DEV --fec-device $FEC $PARAMS --salt=$DEV_SALT --uuid=$DEV_UUID`)
 	ROOT_HASH=${ARR[28]}
 
 	echo -n "[Errors can be corrected]"