Version 2.6.0.

Do not log score from pwquality.
This information is really not needed in debug log.
2025-12-07 08:50:05 +01:00 · 2022-11-28 12:27:33 +01:00 · 2022-11-28 10:37:58 +01:00 · 2022-11-27 23:20:25 +01:00 · 2022-11-27 23:18:36 +01:00 · 2022-11-27 21:02:49 +01:00
426 changed files with 63775 additions and 38556 deletions
--- a/.github/workflows/cibuild-setup-ubuntu.sh
+++ b/.github/workflows/cibuild-setup-ubuntu.sh
@@ -0,0 +1,29 @@
 #!/bin/bash
 set -ex
 PACKAGES=(
 	git make autoconf automake autopoint pkg-config libtool libtool-bin
 	gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
 	libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
 	sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
 	asciidoctor
 )
 COMPILER="${COMPILER:?}"
 COMPILER_VERSION="${COMPILER_VERSION:?}"
 RELEASE="$(lsb_release -cs)"
 bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list"
 # Latest gcc stack deb packages provided by
 # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
 add-apt-repository -y ppa:ubuntu-toolchain-r/test
 PACKAGES+=(gcc-$COMPILER_VERSION)
 # scsi_debug, gost crypto
 PACKAGES+=(dkms linux-headers-$(uname -r) linux-modules-extra-$(uname -r) gost-crypto-dkms)
 apt-get -y update --fix-missing
 apt-get -y install "${PACKAGES[@]}"
 apt-get -y build-dep cryptsetup
--- a/.github/workflows/cibuild.sh
+++ b/.github/workflows/cibuild.sh
@@ -0,0 +1,38 @@
 #!/bin/bash
 PHASES=(${@:-CONFIGURE MAKE CHECK})
 COMPILER="${COMPILER:?}"
 COMPILER_VERSION="${COMPILER_VERSION}"
 CFLAGS=(-O1 -g)
 CXXFLAGS=(-O1 -g)
 CC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}"
 CXX="g++${COMPILER_VERSION:+-$COMPILER_VERSION}"
 set -ex
 for phase in "${PHASES[@]}"; do
 	case $phase in
 	CONFIGURE)
 		opts=(
 			--enable-libargon2
 		)
 		sudo -E git clean -xdf
 		./autogen.sh
 		CC="$CC" CXX="$CXX" CFLAGS="${CFLAGS[@]}" CXXFLAGS="${CXXFLAGS[@]}" ./configure "${opts[@]}"
 		;;
 	MAKE)
 		make -j
 		make -j -C tests check-programs
 		;;
 	CHECK)
 		make check
 		;;
 	*)
 		echo >&2 "Unknown phase '$phase'"
 		exit 1
 	esac
 done
--- a/.github/workflows/cibuild.yml
+++ b/.github/workflows/cibuild.yml
@@ -0,0 +1,30 @@
 name: Build test
 on:
  push:
    branches:
      - 'main'
      - 'wip-luks2'
      - 'v2.3.x'
      - 'v2.4.x'
    paths-ignore:
      - 'docs/**'
 jobs:
  build:
    runs-on: ubuntu-latest
    if: github.repository == 'mbroz/cryptsetup'
    strategy:
      fail-fast: false
      matrix:
        env:
          - { COMPILER: "gcc", COMPILER_VERSION: "11",  RUN_SSH_PLUGIN_TEST: "1" }
    env: ${{ matrix.env }}
    steps:
      - name: Repository checkout
        uses: actions/checkout@v1
      - name: Ubuntu setup
        run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
      - name: Configure & Make
        run: .github/workflows/cibuild.sh CONFIGURE MAKE
      - name: Check
        run: sudo -E .github/workflows/cibuild.sh CHECK
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,48 @@
 name: Coverity test
 on:
  push:
    branches:
      - 'coverity_scan'
    paths-ignore:
      - 'docs/**'
 jobs:
  latest:
    runs-on: ubuntu-latest
    if: github.repository == 'mbroz/cryptsetup'
    steps:
      - name: Repository checkout
        uses: actions/checkout@v1
      - name: Ubuntu setup
        run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
        env:
          COMPILER: "gcc"
          COMPILER_VERSION: "11"
      - name: Install Coverity
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=mbroz/cryptsetup" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
      - name: Run autoconf & configure
        run: |
          ./autogen.sh
          ./configure
      - name: Run cov-build
        run: |
          export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
          cov-build --dir cov-int make
      - name: Submit to Coverity Scan
        run: |
          tar czvf cryptsetup.tgz cov-int
          curl \
            --form project=mbroz/cryptsetup \
            --form token=$TOKEN \
            --form email=gmazyland@gmail.com \
            --form file=@cryptsetup.tgz \
            --form version=trunk \
            --form description="`./cryptsetup --version`" \
            https://scan.coverity.com/builds?project=mbroz/cryptsetup
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,8 @@ Makefile.in.in
 *.lo
 *.la
 *.o
 *.so
 *.8
 **/*.dirstamp
 .deps/
 .libs/
@@ -25,6 +27,7 @@ config.sub
 configure
 cryptsetup
 cryptsetup-reencrypt
 cryptsetup-ssh
 depcomp
 install-sh
 integritysetup
@@ -53,3 +56,6 @@ tests/luks1-images
 tests/tcrypt-images
 tests/unit-utils-io
 tests/vectors-test
 tests/test-symbols-list.h
 tests/all-symbols-test
 tests/fuzz/LUKS2.pb*
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,22 @@
 stages:
  - test
 .dump_kernel_log:
  after_script:
    - sudo dmesg > /mnt/artifacts/dmesg.log
    - sudo journalctl > /mnt/artifacts/journalctl.log
    - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
 include:
  - local: .gitlab/ci/debian.yml
  - local: .gitlab/ci/fedora.yml
  - local: .gitlab/ci/rhel.yml
  - local: .gitlab/ci/centos.yml
  - local: .gitlab/ci/annocheck.yml
  - local: .gitlab/ci/csmock.yml
  - local: .gitlab/ci/gitlab-shared-docker.yml
  - local: .gitlab/ci/compilation-gcc.gitlab-ci.yml
  - local: .gitlab/ci/compilation-clang.gitlab-ci.yml
  - local: .gitlab/ci/alpinelinux.yml
  - local: .gitlab/ci/ubuntu-32bit.yml
  - local: .gitlab/ci/cifuzz.yml
--- a/.gitlab/ci/alpinelinux.yml
+++ b/.gitlab/ci/alpinelinux.yml
@@ -0,0 +1,55 @@
 .alpinelinux-dependencies:
  after_script:
    - sudo dmesg > /mnt/artifacts/dmesg.log
    - sudo cp /var/log/messages /mnt/artifacts/
    - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
  before_script:
    - >
      sudo apk add
      lvm2-dev openssl1.1-compat-dev popt-dev util-linux-dev json-c-dev
      argon2-dev device-mapper which sharutils gettext gettext-dev automake
      autoconf libtool build-base keyutils tar jq expect git asciidoctor
    - ./autogen.sh
    - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc
 test-main-commit-job-alpinelinux:
  extends:
    - .alpinelinux-dependencies
  tags:
    - libvirt
    - alpinelinux
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "0"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-mergerq-job-alpinelinux:
  extends:
    - .alpinelinux-dependencies
  tags:
    - libvirt
    - alpinelinux
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "0"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.gitlab/ci/annocheck.yml
+++ b/.gitlab/ci/annocheck.yml
@@ -0,0 +1,19 @@
 test-main-commit-job-annocheck:
  extends:
    - .dump_kernel_log
  tags:
    - libvirt
    - rhel9-annocheck
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - /opt/build-rpm-script.sh > /dev/null 2>&1
    - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9
    - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8
--- a/.gitlab/ci/centos.yml
+++ b/.gitlab/ci/centos.yml
@@ -0,0 +1,59 @@
 .centos-openssl-backend:
  extends:
    - .dump_kernel_log
  before_script:
    - >
      sudo dnf -y -q  install
      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
      libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
      libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
      pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
      expect gettext git jq keyutils openssl-devel openssl gem
    - sudo gem install asciidoctor
    - sudo -E git clean -xdf
    - ./autogen.sh
    - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
 # non-FIPS jobs
 test-main-commit-centos-stream9:
  extends:
    - .centos-openssl-backend
  tags:
    - libvirt
    - centos-stream9
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-mergerq-centos-stream9:
  extends:
    - .centos-openssl-backend
  tags:
    - libvirt
    - centos-stream9
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.gitlab/ci/cibuild-setup-ubuntu.sh
+++ b/.gitlab/ci/cibuild-setup-ubuntu.sh
@@ -0,0 +1,50 @@
 #!/bin/bash
 set -ex
 PACKAGES=(
 	git make autoconf automake autopoint pkg-config libtool libtool-bin
 	gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
 	libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
 	sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
 	asciidoctor
 )
 COMPILER="${COMPILER:?}"
 COMPILER_VERSION="${COMPILER_VERSION:?}"
 grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~
 sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~
 cat /etc/apt/sources.list~ >> /etc/apt/sources.list
 apt-get -y update --fix-missing
 DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release
 RELEASE="$(lsb_release -cs)"
 if [[ $COMPILER == "gcc" ]]; then
 	# Latest gcc stack deb packages provided by
 	# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
 	add-apt-repository -y ppa:ubuntu-toolchain-r/test
 	PACKAGES+=(gcc-$COMPILER_VERSION)
 elif [[ $COMPILER == "clang" ]]; then
 	wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
 	add-apt-repository "deb http://apt.llvm.org/${RELEASE}/   llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main"
 	# scan-build
 	PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
 	PACKAGES+=(perl)
 else
 	exit 1
 fi
 apt-get -y update --fix-missing
 DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}"
 apt-get -y build-dep cryptsetup
 echo "====================== VERSIONS ==================="
 if [[ $COMPILER == "clang" ]]; then
 	echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}"
 fi
 ${COMPILER}-$COMPILER_VERSION -v
 echo "====================== END VERSIONS ==================="
--- a/.gitlab/ci/cifuzz.yml
+++ b/.gitlab/ci/cifuzz.yml
@@ -0,0 +1,46 @@
 cifuzz:
  variables:
    OSS_FUZZ_PROJECT_NAME: cryptsetup
    CFL_PLATFORM: gitlab
    CIFUZZ_DEBUG: "True"
    FUZZ_SECONDS: 300 # 5 minutes per fuzzer
    ARCHITECTURE: "x86_64"
    DRY_RUN: "False"
    LOW_DISK_SPACE: "True"
    BAD_BUILD_CHECK: "True"
    LANGUAGE: "c"
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_IN_DOCKER: "true"
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  image:
    name: gcr.io/oss-fuzz-base/cifuzz-base
    entrypoint: [""]
  services:
    - docker:dind
  stage: test
  parallel:
    matrix:
      - SANITIZER: [address, undefined, memory]
  rules:
    # Default code change.
    # - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    #   variables:
    #     MODE: "code-change"
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $BUILD_AND_RUN_FUZZERS != null
  before_script:
    # Get gitlab's container id.
    - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
  script:
    # Will build and run the fuzzers.
    # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
    # in GitLab CI environment
    - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
  artifacts:
    # Upload artifacts when a crash makes the job fail.
    when: always
    paths:
      - artifacts/
--- a/.gitlab/ci/clang-Wall
+++ b/.gitlab/ci/clang-Wall
@@ -0,0 +1,49 @@
 #!/bin/bash
 # clang -Wall plus other important warnings not included in -Wall
 for arg in "$@"
 do
 	case $arg in
 	-O*) Wuninitialized=-Wuninitialized;;  # only makes sense with `-O'
 	esac
 done
 CLANG="clang${COMPILER_VERSION:+-$COMPILER_VERSION}"
 #PEDANTIC="-std=gnu99"
 #PEDANTIC="-pedantic -std=gnu99"
 #PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
 #CONVERSION="-Wconversion"
 EXTRA="\
 -Wextra \
 -Wsign-compare \
 -Wcast-align
 -Werror-implicit-function-declaration \
 -Wpointer-arith \
 -Wwrite-strings \
 -Wswitch \
 -Wmissing-format-attribute \
 -Winit-self \
 -Wdeclaration-after-statement \
 -Wold-style-definition \
 -Wno-missing-field-initializers \
 -Wno-unused-parameter \
 -Wno-long-long"
 exec $CLANG $PEDANTIC $CONVERSION \
 	-Wall $Wuninitialized \
 	-Wno-switch \
 	-Wdisabled-optimization \
 	-Wwrite-strings \
 	-Wpointer-arith \
 	-Wbad-function-cast \
 	-Wmissing-prototypes \
 	-Wmissing-declarations \
 	-Wstrict-prototypes \
 	-Wnested-externs \
 	-Wcomment \
 	-Winline \
 	-Wcast-qual \
 	-Wredundant-decls $EXTRA \
 	"$@"
--- a/.gitlab/ci/compilation-clang.gitlab-ci.yml
+++ b/.gitlab/ci/compilation-clang.gitlab-ci.yml
@@ -0,0 +1,27 @@
 test-clang-compilation:
  extends:
    - .gitlab-shared-clang
  script:
    - export CFLAGS="-Wall -Werror"
    - ./configure
    - make -j
    - make -j check-programs
 test-clang-Wall-script:
  extends:
    - .gitlab-shared-clang
  script:
    - export CFLAGS="-g -O0"
    - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall"
    - ./configure
    - make -j CFLAGS="-g -O0 -Werror"
    - make -j CFLAGS="-g -O0 -Werror" check-programs
 test-scan-build:
  extends:
    - .gitlab-shared-clang
  script:
    - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0"
    - make clean
    - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j
    - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs
--- a/.gitlab/ci/compilation-gcc.gitlab-ci.yml
+++ b/.gitlab/ci/compilation-gcc.gitlab-ci.yml
@@ -0,0 +1,27 @@
 test-gcc-compilation:
  extends:
    - .gitlab-shared-gcc
  script:
    - export CFLAGS="-Wall -Werror"
    - ./configure
    - make -j
    - make -j check-programs
 test-gcc-Wall-script:
  extends:
    - .gitlab-shared-gcc
  script:
    - export CFLAGS="-g -O0"
    - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall"
    - ./configure
    - make -j CFLAGS="-g -O0 -Werror"
    - make -j CFLAGS="-g -O0 -Werror" check-programs
 test-gcc-fanalyzer:
  extends:
    - .gitlab-shared-gcc
  script:
    - export CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events"
    - ./configure
    - make -j
    - make -j check-programs
--- a/.gitlab/ci/csmock.yml
+++ b/.gitlab/ci/csmock.yml
@@ -0,0 +1,17 @@
 test-commit-job-csmock:
  extends:
    - .dump_kernel_log
  tags:
    - libvirt
    - rhel7-csmock
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - /opt/csmock-run-script.sh
--- a/.gitlab/ci/debian.yml
+++ b/.gitlab/ci/debian.yml
@@ -0,0 +1,56 @@
 .debian-prep:
  extends:
    - .dump_kernel_log
  before_script:
    - >
      [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
      sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2
      gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools
    - >
      sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint
      pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev
      libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev
      tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect
      keyutils netcat passwd openssh-client sshpass asciidoctor
    - sudo apt-get -y build-dep cryptsetup
    - sudo -E git clean -xdf
    - ./autogen.sh
    - ./configure --enable-libargon2 --enable-asciidoc
 test-mergerq-job-debian:
  extends:
    - .debian-prep
  tags:
    - libvirt
    - debian11
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-main-commit-job-debian:
  extends:
    - .debian-prep
  tags:
    - libvirt
    - debian11
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.gitlab/ci/fedora.yml
+++ b/.gitlab/ci/fedora.yml
@@ -0,0 +1,60 @@
 .dnf-openssl-backend:
  extends:
    - .dump_kernel_log
  before_script:
    - >
      [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
      sudo dnf -y -q install
      swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel
      libmount-devel swtpm-tools
    - >
      sudo dnf -y -q install
      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
      libargon2-devel libblkid-devel libpwquality-devel libselinux-devel
      libssh-devel libtool libuuid-devel make popt-devel
      libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils
      sshpass tar uuid-devel vim-common device-mapper expect gettext git jq
      keyutils openssl-devel openssl asciidoctor
    - sudo -E git clean -xdf
    - ./autogen.sh
    - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc
 test-main-commit-job-rawhide:
  extends:
    - .dnf-openssl-backend
  tags:
    - libvirt
    - fedora-rawhide
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-mergerq-job-rawhide:
  extends:
    - .dnf-openssl-backend
  tags:
    - libvirt
    - fedora-rawhide
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.gitlab/ci/gcc-Wall
+++ b/.gitlab/ci/gcc-Wall
@@ -0,0 +1,57 @@
 #!/bin/bash
 # gcc -Wall plus other important warnings not included in -Wall
 for arg in "$@"
 do
 	case $arg in
 	-O*) Wuninitialized=-Wuninitialized;;  # only makes sense with `-O'
 	esac
 done
 GCC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}"
 #PEDANTIC="-std=gnu99"
 #PEDANTIC="-pedantic -std=gnu99"
 #PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
 #CONVERSION="-Wconversion"
 # -Wpacked \
 # This does more than expected for gcc (mixed code with declarations)
 # -Wdeclaration-after-statement \
 EXTRA="-Wextra \
 -Wsign-compare \
 -Werror-implicit-function-declaration \
 -Wpointer-arith \
 -Wwrite-strings \
 -Wswitch \
 -Wmissing-format-attribute \
 -Wstrict-aliasing=3 \
 -Winit-self \
 -Wunsafe-loop-optimizations \
 -Wold-style-definition \
 -Wno-missing-field-initializers \
 -Wno-unused-parameter \
 -Wno-long-long \
 -Wmaybe-uninitialized \
 -Wvla \
 -Wformat-overflow \
 -Wformat-truncation"
 exec $GCC $PEDANTIC $CONVERSION \
 	-Wall $Wuninitialized \
 	-Wno-switch \
 	-Wdisabled-optimization \
 	-Wwrite-strings \
 	-Wpointer-arith \
 	-Wbad-function-cast \
 	-Wmissing-prototypes \
 	-Wmissing-declarations \
 	-Wstrict-prototypes \
 	-Wnested-externs \
 	-Wcomment \
 	-Winline \
 	-Wcast-align=strict \
 	-Wcast-qual \
 	-Wredundant-decls $EXTRA \
 	"$@"
--- a/.gitlab/ci/gitlab-shared-docker.yml
+++ b/.gitlab/ci/gitlab-shared-docker.yml
@@ -0,0 +1,31 @@
 .gitlab-shared-docker:
  image: ubuntu:focal
  tags:
    - gitlab-org-docker
  stage: test
  interruptible: true
  rules:
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  before_script:
    - .gitlab/ci/cibuild-setup-ubuntu.sh
    - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}"
    - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}"
    - ./autogen.sh
 .gitlab-shared-gcc:
  extends:
    - .gitlab-shared-docker
  variables:
    COMPILER: "gcc"
    COMPILER_VERSION: "11"
    RUN_SSH_PLUGIN_TEST: "1"
 .gitlab-shared-clang:
  extends:
    - .gitlab-shared-docker
  variables:
    COMPILER: "clang"
    COMPILER_VERSION: "13"
    RUN_SSH_PLUGIN_TEST: "1"
--- a/.gitlab/ci/rhel.yml
+++ b/.gitlab/ci/rhel.yml
@@ -0,0 +1,106 @@
 .rhel-openssl-backend:
  extends:
    - .dump_kernel_log
  before_script:
    - >
      sudo yum -y -q  install
      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
      libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
      libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
      pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
      expect gettext git jq keyutils openssl-devel openssl gem > /dev/null 2>&1
    - sudo gem install asciidoctor
    - sudo -E git clean -xdf
    - ./autogen.sh
    - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
 # non-FIPS jobs
 test-main-commit-rhel8:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel8
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-main-commit-rhel9:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel9
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 # FIPS jobs
 test-main-commit-rhel8-fips:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel8-fips
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - fips-mode-setup --check || exit 1
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-main-commit-rhel9-fips:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel9-fips
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - fips-mode-setup --check || exit 1
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.gitlab/ci/ubuntu-32bit.yml
+++ b/.gitlab/ci/ubuntu-32bit.yml
@@ -0,0 +1,41 @@
 test-mergerq-job-ubuntu-32bit:
  extends:
    - .debian-prep
  tags:
    - libvirt
    - ubuntu-bionic-32bit
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
 test-main-commit-job-ubuntu-32bit:
  extends:
    - .debian-prep
  tags:
    - libvirt
    - ubuntu-bionic-32bit
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check
--- a/.lgtm.yml
+++ b/.lgtm.yml
@@ -0,0 +1,11 @@
 queries:
  - exclude: cpp/fixme-comment
  - exclude: cpp/empty-block
 # symver attribute detection cannot be used, disable it for lgtm
 extraction:
  cpp:
    configure:
      command:
      - "./autogen.sh"
      - "./configure --enable-external-tokens --enable-ssh-token"
      - "echo \"#undef HAVE_ATTRIBUTE_SYMVER\" >> config.h"
--- a/.travis-functions.sh
+++ b/.travis-functions.sh
@@ -1,160 +0,0 @@
 #!/bin/bash
 #
 # .travis-functions.sh:
 #   - helper functions to be sourced from .travis.yml
 #   - designed to respect travis' environment but testing locally is possible
 #   - modified copy from util-linux project
 #
 if [ ! -f "configure.ac" ]; then
 	echo ".travis-functions.sh must be sourced from source dir" >&2
 	return 1 || exit 1
 fi
 ## some config settings
 # travis docs say we get 1.5 CPUs
 MAKE="make -j2"
 DUMP_CONFIG_LOG="short"
 export TS_OPT_parsable="yes"
 function configure_travis
 {
 	./configure "$@"
 	err=$?
 	if [ "$DUMP_CONFIG_LOG" = "short" ]; then
 		grep -B1 -A10000 "^## Output variables" config.log | grep -v "_FALSE="
 	elif [ "$DUMP_CONFIG_LOG" = "full" ]; then
 		cat config.log
 	fi
 	return $err
 }
 function check_nonroot
 {
 	local cfg_opts="$1"
 	[ -z "$cfg_opts" ] && return
 	configure_travis \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
 		|| return
 	$MAKE || return
 	make check
 }
 function check_root
 {
 	local cfg_opts="$1"
 	[ -z "$cfg_opts" ] && return
    configure_travis \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
 		|| return
 	$MAKE || return
 	# FIXME: we should use -E option here
 	sudo make check
 }
 function check_nonroot_compile_only
 {
 	local cfg_opts="$1"
 	[ -z "$cfg_opts" ] && return
 	configure_travis \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
 		|| return
 	$MAKE
 }
 function travis_install_script
 {
 	# install some packages from Ubuntu's default sources
 	sudo apt-get -qq update
 	sudo apt-get install -qq >/dev/null \
 		sharutils \
 		libgcrypt20-dev \
 		libssl-dev \
 		libdevmapper-dev \
 		libpopt-dev \
 		uuid-dev \
 		libsepol1-dev \
 		libtool \
 		dmsetup \
 		autoconf \
 		automake \
 		pkg-config \
 		autopoint \
 		gettext \
 		expect \
 		keyutils \
 		libjson-c-dev \
 		libblkid-dev \
 		|| return
 }
 function travis_before_script
 {
 	set -o xtrace
 	./autogen.sh
 	ret=$?
 	set +o xtrace
 	return $ret
 }
 function travis_script
 {
 	local ret
 	set -o xtrace
 	case "$MAKE_CHECK" in
 	gcrypt)
 		check_nonroot "--with-crypto_backend=gcrypt" && \
 		check_root "--with-crypto_backend=gcrypt"
 		;;
 	gcrypt_compile)
 		check_nonroot_compile_only "--with-crypto_backend=gcrypt"
 		;;
 	openssl)
 		check_nonroot "--with-crypto_backend=openssl" && \
 		check_root "--with-crypto_backend=openssl"
 		;;
 	openssl_compile)
 		check_nonroot_compile_only "--with-crypto_backend=openssl"
 		;;
 	kernel)
 		check_nonroot "--with-crypto_backend=kernel" && \
 		check_root "--with-crypto_backend=kernel"
 		;;
 	kernel_compile)
 		check_nonroot_compile_only "--with-crypto_backend=kernel"
 		;;
 	*)
 		echo "error, check environment (travis.yml)" >&2
 		false
 		;;
 	esac
 	ret=$?
 	set +o xtrace
 	return $ret
 }
 function travis_after_script
 {
 	return 0
 }
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,39 +0,0 @@
 language: c
 sudo: required
 dist: bionic
 compiler:
  - gcc
 env:
  - MAKE_CHECK="gcrypt"
  - MAKE_CHECK="openssl"
  - MAKE_CHECK="kernel"
 branches:
  only:
    - master
    - wip-luks2
 before_install:
  - uname -a
  - $CC --version
  - which $CC
  # workaround clang not system wide, fail on sudo make install
  - export CC=`which $CC`
  # workaround travis-ci issue #5301
  - unset PYTHON_CFLAGS
 install:
  - source ./.travis-functions.sh
  - travis_install_script
 before_script:
  - travis_before_script
 script:
  - travis_script
 after_script:
  - travis_after_script
--- a/6
+++ b/6
@@ -1,6 +0,0 @@
 Since version 1.6 this file is no longer maintained.
 See docs/*ReleaseNotes for release changes documentation.
 See version control history for full commit messages.
  https://gitlab.com/cryptsetup/cryptsetup/commits/master
--- a/FAQ.md
+++ b/FAQ.md
--- a/229
+++ b/229
@@ -1,229 +0,0 @@
 Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
 Foundation, Inc.
   This file is free documentation; the Free Software Foundation gives
 unlimited permission to copy, distribute and modify it.
 Basic Installation
 ==================
   These are generic installation instructions.
   The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
 those values to create a `Makefile' in each directory of the package.
 It may also create one or more `.h' files containing system-dependent
 definitions.  Finally, it creates a shell script `config.status' that
 you can run in the future to recreate the current configuration, and a
 file `config.log' containing compiler output (useful mainly for
 debugging `configure').
   It can also use an optional file (typically called `config.cache'
 and enabled with `--cache-file=config.cache' or simply `-C') that saves
 the results of its tests to speed up reconfiguring.  (Caching is
 disabled by default to prevent problems with accidental use of stale
 cache files.)
   If you need to do unusual things to compile the package, please try
 to figure out how `configure' could check whether to do them, and mail
 diffs or instructions to the address given in the `README' so they can
 be considered for the next release.  If you are using the cache, and at
 some point `config.cache' contains results you don't want to keep, you
 may remove or edit it.
   The file `configure.ac' (or `configure.in') is used to create
 `configure' by a program called `autoconf'.  You only need
 `configure.ac' if you want to change it or regenerate `configure' using
 a newer version of `autoconf'.
 The simplest way to compile this package is:
  1. `cd' to the directory containing the package's source code and type
     `./configure' to configure the package for your system.  If you're
     using `csh' on an old version of System V, you might need to type
     `sh ./configure' instead to prevent `csh' from trying to execute
     `configure' itself.
     Running `configure' takes a while.  While running, it prints some
     messages telling which features it is checking for.
  2. Type `make' to compile the package.
  3. Optionally, type `make check' to run any self-tests that come with
     the package.
  4. Type `make install' to install the programs and any data files and
     documentation.
  5. You can remove the program binaries and object files from the
     source code directory by typing `make clean'.  To also remove the
     files that `configure' created (so you can compile the package for
     a different kind of computer), type `make distclean'.  There is
     also a `make maintainer-clean' target, but that is intended mainly
     for the package's developers.  If you use it, you may have to get
     all sorts of other programs in order to regenerate files that came
     with the distribution.
 Compilers and Options
 =====================
   Some systems require unusual options for compilation or linking that
 the `configure' script does not know about.  Run `./configure --help'
 for details on some of the pertinent environment variables.
   You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
 is an example:
     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
   *Note Defining Variables::, for more details.
 Compiling For Multiple Architectures
 ====================================
   You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
 own directory.  To do this, you must use a version of `make' that
 supports the `VPATH' variable, such as GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
 source code in the directory that `configure' is in and in `..'.
   If you have to use a `make' that does not support the `VPATH'
 variable, you have to compile the package for one architecture at a
 time in the source code directory.  After you have installed the
 package for one architecture, use `make distclean' before reconfiguring
 for another architecture.
 Installation Names
 ==================
   By default, `make install' will install the package's files in
 `/usr/local/bin', `/usr/local/man', etc.  You can specify an
 installation prefix other than `/usr/local' by giving `configure' the
 option `--prefix=PATH'.
   You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
 give `configure' the option `--exec-prefix=PATH', the package will use
 PATH as the prefix for installing programs and libraries.
 Documentation and other data files will still use the regular prefix.
   In addition, if you use an unusual directory layout you can give
 options like `--bindir=PATH' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
 you can set and what kinds of files go in them.
   If the package supports it, you can cause programs to be installed
 with an extra prefix or suffix on their names by giving `configure' the
 option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
 Optional Features
 =================
   Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
 `README' should mention any `--enable-' and `--with-' options that the
 package recognizes.
   For packages that use the X Window System, `configure' can usually
 find the X include and library files automatically, but if it doesn't,
 you can use the `configure' options `--x-includes=DIR' and
 `--x-libraries=DIR' to specify their locations.
 Specifying the System Type
 ==========================
   There may be some features `configure' cannot figure out
 automatically, but needs to determine by the type of machine the package
 will run on.  Usually, assuming the package is built to be run on the
 _same_ architectures, `configure' can figure that out, but if it prints
 a message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:
     CPU-COMPANY-SYSTEM
 where SYSTEM can have one of these forms:
     OS KERNEL-OS
   See the file `config.sub' for the possible values of each field.  If
 `config.sub' isn't included in this package, then this package doesn't
 need to know the machine type.
   If you are _building_ compiler tools for cross-compiling, you should
 use the `--target=TYPE' option to select the type of system they will
 produce code for.
   If you want to _use_ a cross compiler, that generates code for a
 platform different from the build platform, you should specify the
 "host" platform (i.e., that on which the generated programs will
 eventually be run) with `--host=TYPE'.
 Sharing Defaults
 ================
   If you want to set default values for `configure' scripts to share,
 you can create a site shell script called `config.site' that gives
 default values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
 A warning: not all `configure' scripts look for a site script.
 Defining Variables
 ==================
   Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
 them in the `configure' command line, using `VAR=value'.  For example:
     ./configure CC=/usr/local2/bin/gcc
 will cause the specified gcc to be used as the C compiler (unless it is
 overridden in the site shell script).
 `configure' Invocation
 ======================
   `configure' recognizes the following options to control how it
 operates.
 `--help'
 `-h'
     Print a summary of the options to `configure', and exit.
 `--version'
 `-V'
     Print the version of Autoconf used to generate the `configure'
     script, and exit.
 `--cache-file=FILE'
     Enable the cache: use and save the results of the tests in FILE,
     traditionally `config.cache'.  FILE defaults to `/dev/null' to
     disable caching.
 `--config-cache'
 `-C'
     Alias for `--cache-file=config.cache'.
 `--quiet'
 `--silent'
 `-q'
     Do not print messages saying which checks are being made.  To
     suppress all normal output, redirect it to `/dev/null' (any error
     messages will still be shown).
 `--srcdir=DIR'
     Look for the package's source code in directory DIR.  Usually
     `configure' can determine that directory automatically.
 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,5 +1,5 @@
-EXTRA_DIST = COPYING.LGPL FAQ docs misc
+EXTRA_DIST = README.md COPYING.LGPL FAQ.md docs misc autogen.sh
-SUBDIRS = po tests
+SUBDIRS = po tests tests/fuzz
 CLEANFILES =
 DISTCLEAN_TARGETS =
@@ -11,18 +11,29 @@ AM_CPPFLAGS = \
        -DLIBDIR=\""$(libdir)"\"                \
        -DPREFIX=\""$(prefix)"\"                \
        -DSYSCONFDIR=\""$(sysconfdir)"\"        \
-        -DVERSION=\""$(VERSION)"\"
+        -DVERSION=\""$(VERSION)"\"              \
        -DEXTERNAL_LUKS2_TOKENS_PATH=\"${EXTERNAL_LUKS2_TOKENS_PATH}\"
 AM_CFLAGS = -Wall
 AM_CXXFLAGS = -Wall
 AM_LDFLAGS =
-LDADD = $(LTLIBINTL) -lm
+if ENABLE_FUZZ_TARGETS
 AM_CFLAGS += -fsanitize=fuzzer-no-link
 AM_CXXFLAGS += -fsanitize=fuzzer-no-link
 endif
 LDADD = $(LTLIBINTL)
 tmpfilesddir = @DEFAULT_TMPFILESDIR@
 include_HEADERS =
 lib_LTLIBRARIES =
 noinst_LTLIBRARIES =
 sbin_PROGRAMS =
 man8_MANS =
 tmpfilesd_DATA =
 pkgconfig_DATA =
 dist_noinst_DATA =
 include man/Makemodule.am
@@ -35,12 +46,14 @@ include lib/crypto_backend/Makemodule.am
 include lib/Makemodule.am
 include src/Makemodule.am
 include tokens/Makemodule.am
 ACLOCAL_AMFLAGS = -I m4
 DISTCHECK_CONFIGURE_FLAGS = 	\
 	--with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \
-	--enable-internal-argon2 --enable-internal-sse-argon2
+	--enable-internal-argon2 --enable-internal-sse-argon2 \
 	--enable-external-tokens --enable-ssh-token --enable-asciidoc
 distclean-local:
 	-find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f
@@ -48,3 +61,17 @@ distclean-local:
 clean-local:
 	-rm -rf docs/doxygen_api_docs libargon2.la
 install-data-local:
 	$(MKDIR_P) -m 0755 $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH}
 uninstall-local:
 	rmdir $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH} 2>/dev/null || :
 check-programs: libcryptsetup.la
 	$(MAKE) -C tests $@
 if ENABLE_FUZZ_TARGETS
 fuzz-targets: libcryptsetup.la libcrypto_backend.la
 	$(MAKE) -C tests/fuzz $@
 endif
--- a/1
+++ b/1
@@ -1 +0,0 @@
 See docs/* directory for Release Notes.
--- a/31
+++ b/31
@@ -1,31 +0,0 @@
                        cryptsetup
 setup cryptographic volumes for dm-crypt (including LUKS extension)
 WEB PAGE:
      https://gitlab.com/cryptsetup/cryptsetup/
 FAQ:
      https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
 MAILING LIST:
      E-MAIL: dm-crypt@saout.de
      URL:    http://www.saout.de/mailman/listinfo/dm-crypt
 DOWNLOAD:
      https://www.kernel.org/pub/linux/utils/cryptsetup/
 SOURCE CODE:
      URL: https://gitlab.com/cryptsetup/cryptsetup/tree/master
      Checkout: git clone https://gitlab.com/cryptsetup/cryptsetup.git
 NLS (PO TRANSLATIONS):
      PO files are maintained by:
          http://translationproject.org/domain/cryptsetup.html
--- a/README.md
+++ b/README.md
@@ -6,20 +6,21 @@ What the ...?
 on the [DMCrypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.
 These include **plain** **dm-crypt** volumes, **LUKS** volumes, **loop-AES**,
-**TrueCrypt** (including **VeraCrypt** extension) and **BitLocker** formats.
+**TrueCrypt** (including **VeraCrypt** extension), **BitLocker** and **FileVault2** formats.
 The project also includes a **veritysetup** utility used to conveniently setup
 [DMVerity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) block integrity checking kernel module
-and, since version 2.0,  **integritysetup** to setup
+and **integritysetup** to setup
 [DMIntegrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity) block integrity kernel module.
 LUKS Design
 -----------
 **LUKS** is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not  
 only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.  
 LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.
 ### Specifications
 Last version of the LUKS2 format specification is
 [available here](https://gitlab.com/cryptsetup/LUKS2-docs).
@@ -44,22 +45,16 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
-**The latest stable cryptsetup version is 2.3.2**
+**The latest stable cryptsetup release version is 2.6.0**
-  * [cryptsetup-2.3.2.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.2.tar.xz)
+  * [cryptsetup-2.6.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.0.tar.xz)
-  * Signature [cryptsetup-2.3.2.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.2.tar.sign)
+  * Signature [cryptsetup-2.6.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.0.tar.sign)
    _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.3.2 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.2-ReleaseNotes).
+  * [Cryptsetup 2.6.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.0-ReleaseNotes).
 Previous versions
- * [Version 2.3.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.xz) -
+ * [Version 2.5.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.sign) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) -
-   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.1-ReleaseNotes).
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes).
 * [Version 2.2.2](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/cryptsetup-2.2.2.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/v2.2.2-ReleaseNotes).
 * [Version 2.0.6](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.6-ReleaseNotes).
 * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes).
@@ -73,14 +68,49 @@ For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeop
 The libcryptsetup API/ABI changes are tracked in [compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/).
-NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
+NLS PO files are maintained by [TranslationProject](https://translationproject.org/domain/cryptsetup.html).
 Required packages
 -----------------
 All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself, some packages are required for compilation. Please always prefer distro specific build tools to manually configuring cryptsetup.
 Here is the list of packages needed for the compilation of project for particular distributions:
 * For Fedora: `git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar`. Optionally `libargon2-devel libpwquality-devel`. To run the internal testsuite you also need to install `sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass`.
 * For Debian and Ubuntu: `git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar`. Optionally `libargon2-0-dev libpwquality-dev`. To run the internal testsuite you also need to install `sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass`
 Note that the list could change as the distributions evolve.
 Compilation
 -----------
 The cryptsetup project uses **automake** and **autoconf** system to generate all needed files for compilation. If you check it from the git snapshot, use ``./autogen.sh && ./configure && make`` to compile the project. If you use downloaded released ``*.tar.xz`` archive, the configure script is already pre-generated (no need to run ``autoconf.sh``).
 See ``./configure --help`` and use ``--disable-*`` and ``--enable-*`` options.
 For running the test suite that come with the project, type ``make check``.
 Note that most tests will need root user privileges and run many dangerous storage fail simulations.
 Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug kernel module to be available.
 For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals.
 Help!
 -----
 Please always read [FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) first.
 For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, [dm-crypt@saout.de](mailto:dm-crypt@saout.de).
-If you want to subscribe just send an empty mail to [dm-crypt-subscribe@saout.de](mailto:dm-crypt-subscribe@saout.de).
+### Documentation
-You can also browse [list archive](http://www.saout.de/pipermail/dm-crypt/) or read it through
+Please read the following documentation before posting questions in the mailing list.   You will be able to ask better questions and better understand the answers.  
-[web interface](https://marc.info/?l=dm-crypt).
+
 * [FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) 
 * LUKS Specifications
 * manuals (aka man page, man pages, man-page) 
 The FAQ is online and in the source code for the project.  The Specifications are referenced above in this document.  The man pages are in source and should be available after installation using standard man commands.  e.g.  man cryptsetup
 ### Mailing List
 For cryptsetup and LUKS related questions, please use the cryptsetup mailing list [cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev), hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html).
 To subscribe send an empty mail to [cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev).
 You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/).
 News (NNTP), Atom feed and git access to public inbox is available through [lore.kernel.org](https://lore.kernel.org) service.
 The former dm-crypt [list archive](https://lore.kernel.org/dm-crypt/) is also available.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
 # Reporting a Security Bug in cryptsetup project
 If you think you have discovered a security issue, please report it through
 the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues)
 as a confidential issue (select confidential checkbox).
 An alternative is to send PGP encrypted mail to the cryptsetup maintainer.
 Current maintainer is [Milan Broz](mailto:gmazyland@gmail.com), use PGP key
 with fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC.
--- a/1
+++ b/1
@@ -1 +0,0 @@
 Please see issues tracked at https://gitlab.com/cryptsetup/cryptsetup/issues.
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,25 +9,31 @@ DIE=0
 (autopoint --version) < /dev/null > /dev/null 2>&1 || {
  echo
  echo "**Error**: You must have autopoint installed."
-  echo "Download the appropriate package for your distribution,"
+  echo "Download the appropriate package for your distribution."
  echo "or see http://www.gnu.org/software/gettext"
  DIE=1
 }
 (msgfmt --version) < /dev/null > /dev/null 2>&1 || {
  echo
  echo "**Warning**: You should have gettext installed."
  echo "Download the appropriate package for your distribution."
  echo "To disable translation, you can also use --disable-nls"
  echo "configure option."
 }
 (autoconf --version) < /dev/null > /dev/null 2>&1 || {
  echo
-  echo "**Error**: You must have autoconf installed to."
+  echo "**Error**: You must have autoconf installed."
-  echo "Download the appropriate package for your distribution,"
+  echo "Download the appropriate package for your distribution."
  echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/"
  DIE=1
 }
-(grep "^AM_PROG_LIBTOOL" $srcdir/configure.ac >/dev/null) && {
+(grep "^LT_INIT" $srcdir/configure.ac >/dev/null) && {
-  (libtool --version) < /dev/null > /dev/null 2>&1 || {
+  (libtoolize --version) < /dev/null > /dev/null 2>&1 || {
    echo
-    echo "**Error**: You must have libtool installed."
+    echo "**Error**: You must have libtoolize installed."
-    echo "Get ftp://ftp.gnu.org/pub/gnu/"
+    echo "Download the appropriate package for your distribution."
    echo "(or a newer version if it is available)"
    DIE=1
  }
 }
@@ -35,8 +41,7 @@ DIE=0
 (automake --version) < /dev/null > /dev/null 2>&1 || {
  echo
  echo "**Error**: You must have automake installed."
-  echo "Get ftp://ftp.gnu.org/pub/gnu/"
+  echo "Download the appropriate package for your distribution."
  echo "(or a newer version if it is available)"
  DIE=1
  NO_AUTOMAKE=yes
 }
@@ -47,8 +52,6 @@ test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || {
  echo
  echo "**Error**: Missing aclocal.  The version of automake"
  echo "installed doesn't appear recent enough."
  echo "Get ftp://ftp.gnu.org/pub/gnu/"
  echo "(or a newer version if it is available)"
  DIE=1
 }
@@ -71,7 +74,7 @@ autopoint --force $AP_OPTS
 libtoolize --force --copy
 aclocal -I m4 $AL_OPTS
 autoheader $AH_OPTS
-automake --add-missing --copy --gnu $AM_OPTS
+automake --force-missing --add-missing --copy --gnu $AM_OPTS
 autoconf $AC_OPTS
 echo
--- a/configure.ac
+++ b/configure.ac
@@ -1,9 +1,9 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.3.3])
+AC_INIT([cryptsetup],[2.6.0])
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=18:0:6
+LIBCRYPTSETUP_VERSION_INFO=21:0:9
 AM_SILENT_RULES([yes])
 AC_CONFIG_SRCDIR(src/cryptsetup.c)
@@ -16,7 +16,7 @@ AC_CONFIG_HEADERS([config.h:config.h.in])
 # For old automake use this
 #AM_INIT_AUTOMAKE(dist-xz subdir-objects)
-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects])
+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
 if test "x$prefix" = "xNONE"; then
 	sysconfdir=/etc
@@ -28,12 +28,13 @@ AC_USE_SYSTEM_EXTENSIONS
 AC_PROG_CC
 AM_PROG_CC_C_O
 AC_PROG_CPP
 AC_PROG_CXX
 AC_PROG_INSTALL
 AC_PROG_MAKE_SET
 AC_PROG_MKDIR_P
 AC_ENABLE_STATIC(no)
 LT_INIT
 PKG_PROG_PKG_CONFIG
 AM_ICONV
 dnl ==========================================================================
 dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
@@ -52,13 +53,33 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
 AS_VAR_IF([$1], [""], [$5], [$4])
 ])
 ])
 dnl ==========================================================================
 dnl AsciiDoc manual pages
 AC_ARG_ENABLE([asciidoc],
 	AS_HELP_STRING([--disable-asciidoc], [do not generate man pages from asciidoc]),
 	[], [enable_asciidoc=yes]
 )
 AC_PATH_PROG([ASCIIDOCTOR], [asciidoctor])
 if test "x$enable_asciidoc" = xyes -a "x$ASCIIDOCTOR" = x; then
 	AC_MSG_ERROR([Building man pages requires asciidoctor installed.])
 fi
 AM_CONDITIONAL([ENABLE_ASCIIDOC], [test "x$enable_asciidoc" = xyes])
 have_manpages=no
 AS_IF([test -f "$srcdir/man/cryptsetup-open.8"], [
 	AC_MSG_NOTICE([re-use already generated man-pages.])
 	have_manpages=yes]
 )
 AM_CONDITIONAL([HAVE_MANPAGES], [test "x$have_manpages" = xyes])
 dnl ==========================================================================
 AC_C_RESTRICT
 AC_HEADER_DIRENT
-AC_HEADER_STDC
+AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h uchar.h sys/ioctl.h sys/mman.h \
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
 	sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
 AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
 [[
@@ -115,6 +136,40 @@ AC_FUNC_FSEEKO
 AC_PROG_GCC_TRADITIONAL
 AC_FUNC_STRERROR_R
 dnl ==========================================================================
 dnl LUKS2 external tokens
 AC_ARG_ENABLE([external-tokens],
 	AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]),
 	[], [enable_external_tokens=yes])
 if test "x$enable_external_tokens" = "xyes"; then
 	AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens])
 	dnl we need dynamic library loading here
 	saved_LIBS=$LIBS
 	AC_SEARCH_LIBS([dlsym],[dl])
 	AC_CHECK_FUNCS([dlvsym])
 	AC_SUBST(DL_LIBS, $LIBS)
 	LIBS=$saved_LIBS
 fi
 AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes")
 AC_ARG_ENABLE([ssh-token],
 	AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]),
 	[], [enable_ssh_token=yes])
 AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes")
 if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then
 	AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.])
 fi
 dnl LUKS2 online reencryption
 AC_ARG_ENABLE([luks2-reencryption],
 	AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
 	[], [enable_luks2_reencryption=yes])
 if test "x$enable_luks2_reencryption" = "xyes"; then
 	AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
 fi
 dnl ==========================================================================
 AM_GNU_GETTEXT([external],[need-ngettext])
@@ -160,6 +215,17 @@ if test "x$enable_pwquality" = "xyes"; then
 	PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
 fi
 dnl ==========================================================================
 dnl fuzzers, it requires own static library compilation later
 AC_ARG_ENABLE([fuzz-targets],
 	AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets]))
 AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes")
 if test "x$enable_fuzz_targets" = "xyes"; then
 	AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],,
 		AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror])
 fi
 dnl ==========================================================================
 dnl passwdqc library (cryptsetup CLI only)
 AC_ARG_ENABLE([passwdqc],
@@ -176,7 +242,15 @@ AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc l
 if test "x$enable_passwdqc" = "xyes"; then
 	AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
-	PASSWDQC_LIBS="-lpasswdqc"
+	saved_LIBS="$LIBS"
 	AC_SEARCH_LIBS([passwdqc_check], [passwdqc])
 	case "$ac_cv_search_passwdqc_check" in
 		no) AC_MSG_ERROR([failed to find passwdqc_check]) ;;
 		-l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
 		*) PASSWDQC_LIBS= ;;
 	esac
 	AC_CHECK_FUNCS([passwdqc_params_free])
 	LIBS="$saved_LIBS"
 fi
 if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
@@ -321,11 +395,6 @@ AC_ARG_ENABLE([veritysetup],
 	[], [enable_veritysetup=yes])
 AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes")
 AC_ARG_ENABLE([cryptsetup-reencrypt],
 	AS_HELP_STRING([--disable-cryptsetup-reencrypt], [disable cryptsetup-reencrypt tool]),
 	[], [enable_cryptsetup_reencrypt=yes])
 AM_CONDITIONAL(REENCRYPT, test "x$enable_cryptsetup_reencrypt" = "xyes")
 AC_ARG_ENABLE([integritysetup],
 	AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]),
 	[], [enable_integritysetup=yes])
@@ -372,6 +441,17 @@ PKG_CHECK_MODULES([JSON_C], [json-c])
 AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])
 AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include <json-c/json.h>])
 dnl Check for libssh and argp for SSH plugin
 if test "x$enable_ssh_token" = "xyes"; then
 	PKG_CHECK_MODULES([LIBSSH], [libssh])
 	AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include <libssh/libssh.h>])
 	AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.]))
 	saved_LIBS=$LIBS
 	AC_SEARCH_LIBS([argp_parse],[argp])
 	AC_SUBST(ARGP_LIBS, $LIBS)
 	LIBS=$saved_LIBS
 fi
 dnl Crypto backend configuration.
 AC_ARG_WITH([crypto_backend],
 	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
@@ -508,6 +588,23 @@ if test "x$enable_static_cryptsetup" = "xyes"; then
 	PKG_CONFIG=$saved_PKG_CONFIG
 fi
 dnl Check compiler support for symver function attribute
 AC_MSG_CHECKING([for symver attribute support])
 saved_CFLAGS=$CFLAGS
 CFLAGS="-O0 -Werror"
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 	void _test_sym(void);
 	__attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {}
 ]],
 [[ _test_sym() ]]
 )],[
 	AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], 1, [Define to 1 to use __attribute__((symver))])
 	AC_MSG_RESULT([yes])
 ], [
 	AC_MSG_RESULT([no])
 ])
 CFLAGS=$saved_CFLAGS
 AC_MSG_CHECKING([for systemd tmpfiles config directory])
 PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no])
 AC_MSG_RESULT([$systemd_tmpfilesdir])
@@ -528,9 +625,27 @@ AC_SUBST([JSON_C_LIBS])
 AC_SUBST([LIBARGON2_LIBS])
 AC_SUBST([BLKID_LIBS])
 AC_SUBST([LIBSSH_LIBS])
 AC_SUBST([LIBCRYPTSETUP_VERSION])
 AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
 dnl Set Requires.private for libcryptsetup.pc
 dnl pwquality is used only by tools
 PKGMODULES="uuid devmapper json-c"
 case $with_crypto_backend in
 	gcrypt)  PKGMODULES+=" libgcrypt" ;;
 	openssl) PKGMODULES+=" openssl" ;;
 	nss)     PKGMODULES+=" nss" ;;
 	nettle)  PKGMODULES+=" nettle" ;;
 esac
 if test "x$enable_libargon2" = "xyes"; then
 	PKGMODULES+=" libargon2"
 fi
 if test "x$enable_blkid" = "xyes"; then
 	PKGMODULES+=" blkid"
 fi
 AC_SUBST([PKGMODULES])
 dnl ==========================================================================
 AC_ARG_ENABLE([dev-random],
 	AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)]))
@@ -583,7 +698,7 @@ if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
 	AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
 fi
-CS_STR_WITH([luks2-pbkdf],           [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i])
+CS_STR_WITH([luks2-pbkdf],           [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id])
 CS_NUM_WITH([luks1-iter-time],       [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
 CS_NUM_WITH([luks2-iter-time],       [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
 CS_NUM_WITH([luks2-memory-kb],       [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
@@ -596,7 +711,8 @@ CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
 CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
-CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512])
+CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
 CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
 CS_STR_WITH([verity-hash],       [hash function for verity mode], [sha256])
 CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
@@ -624,6 +740,15 @@ test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700
 DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
 AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)
 CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup])
 if test -n "$with_luks2_external_tokens_path"; then
 	CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path])
 	EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path
 else
 	EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup"
 fi
 AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH)
 dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
 AC_ARG_WITH([default_luks_format],
 	AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
@@ -643,5 +768,6 @@ lib/libcryptsetup.pc
 po/Makefile.in
 scripts/cryptsetup.conf
 tests/Makefile
 tests/fuzz/Makefile
 ])
 AC_OUTPUT
--- a/docs/ChangeLog.old
+++ b/docs/ChangeLog.old
@@ -74,7 +74,7 @@
 2012-03-16  Milan Broz  <gmazyland@gmail.com>
 	* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
 	* Add repair command and crypt_repair() for known LUKS metadata problems repair.
-	* Allow to specify --align-payload only for luksFormat.
+	* Allow one to specify --align-payload only for luksFormat.
 2012-03-16  Milan Broz  <mbroz@redhat.com>
 	* Unify password verification option.
@@ -228,7 +228,7 @@
 	* Fix password callback call.
 	* Fix default plain password entry from terminal in activate_by_passphrase.
 	* Add --dump-master-key option for luksDump to allow volume key dump.
-	* Allow to activate by internally cached volume key
+	* Allow one to activate by internally cached volume key
 	  (format/activate without keyslots active - used for temporary devices).
 	* Initialize volume key from active device in crypt_init_by_name()
 	* Fix cryptsetup binary exitcodes.
--- a/docs/doxyfile
+++ b/docs/doxyfile
@@ -1,4 +1,4 @@
-# Doxyfile 1.8.8
+# Doxyfile 1.9.1
 #---------------------------------------------------------------------------
 # Project related configuration options
@@ -12,6 +12,7 @@ OUTPUT_DIRECTORY       = doxygen_api_docs
 CREATE_SUBDIRS         = NO
 ALLOW_UNICODE_NAMES    = NO
 OUTPUT_LANGUAGE        = English
 OUTPUT_TEXT_DIRECTION  = None
 BRIEF_MEMBER_DESC      = YES
 REPEAT_BRIEF           = YES
 ABBREVIATE_BRIEF       =
@@ -22,40 +23,47 @@ STRIP_FROM_PATH        =
 STRIP_FROM_INC_PATH    =
 SHORT_NAMES            = NO
 JAVADOC_AUTOBRIEF      = NO
 JAVADOC_BANNER         = NO
 QT_AUTOBRIEF           = NO
 MULTILINE_CPP_IS_BRIEF = NO
 PYTHON_DOCSTRING       = YES
 INHERIT_DOCS           = YES
 SEPARATE_MEMBER_PAGES  = NO
 TAB_SIZE               = 8
 ALIASES                =
 TCL_SUBST              =
 OPTIMIZE_OUTPUT_FOR_C  = YES
 OPTIMIZE_OUTPUT_JAVA   = NO
 OPTIMIZE_FOR_FORTRAN   = NO
 OPTIMIZE_OUTPUT_VHDL   = NO
 OPTIMIZE_OUTPUT_SLICE  = NO
 EXTENSION_MAPPING      =
 MARKDOWN_SUPPORT       = YES
 TOC_INCLUDE_HEADINGS   = 5
 AUTOLINK_SUPPORT       = YES
 BUILTIN_STL_SUPPORT    = NO
 CPP_CLI_SUPPORT        = NO
 SIP_SUPPORT            = NO
 IDL_PROPERTY_SUPPORT   = YES
 DISTRIBUTE_GROUP_DOC   = NO
 GROUP_NESTED_COMPOUNDS = NO
 SUBGROUPING            = YES
 INLINE_GROUPED_CLASSES = NO
 INLINE_SIMPLE_STRUCTS  = NO
 TYPEDEF_HIDES_STRUCT   = YES
 LOOKUP_CACHE_SIZE      = 0
 NUM_PROC_THREADS       = 1
 #---------------------------------------------------------------------------
 # Build related configuration options
 #---------------------------------------------------------------------------
 EXTRACT_ALL            = NO
 EXTRACT_PRIVATE        = NO
 EXTRACT_PRIV_VIRTUAL   = NO
 EXTRACT_PACKAGE        = NO
 EXTRACT_STATIC         = NO
 EXTRACT_LOCAL_CLASSES  = YES
 EXTRACT_LOCAL_METHODS  = NO
 EXTRACT_ANON_NSPACES   = NO
 RESOLVE_UNNAMED_PARAMS = YES
 HIDE_UNDOC_MEMBERS     = NO
 HIDE_UNDOC_CLASSES     = NO
 HIDE_FRIEND_COMPOUNDS  = NO
@@ -63,6 +71,7 @@ HIDE_IN_BODY_DOCS      = NO
 INTERNAL_DOCS          = NO
 CASE_SENSE_NAMES       = YES
 HIDE_SCOPE_NAMES       = NO
 HIDE_COMPOUND_REFERENCE= NO
 SHOW_INCLUDE_FILES     = YES
 SHOW_GROUPED_MEMB_INC  = NO
 FORCE_LOCAL_INCLUDES   = NO
@@ -93,13 +102,14 @@ WARNINGS               = YES
 WARN_IF_UNDOCUMENTED   = YES
 WARN_IF_DOC_ERROR      = YES
 WARN_NO_PARAMDOC       = NO
 WARN_AS_ERROR          = NO
 WARN_FORMAT            = "$file:$line: $text"
 WARN_LOGFILE           =
 #---------------------------------------------------------------------------
 # Configuration options related to the input files
 #---------------------------------------------------------------------------
-INPUT                  = "doxygen_index.h" \
+INPUT                  = doxygen_index.h \
-                         "../lib/libcryptsetup.h"
+                         ../lib/libcryptsetup.h
 INPUT_ENCODING         = UTF-8
 FILE_PATTERNS          =
 RECURSIVE              = NO
@@ -107,7 +117,7 @@ EXCLUDE                =
 EXCLUDE_SYMLINKS       = NO
 EXCLUDE_PATTERNS       =
 EXCLUDE_SYMBOLS        =
-EXAMPLE_PATH           = "examples"
+EXAMPLE_PATH           = examples
 EXAMPLE_PATTERNS       =
 EXAMPLE_RECURSIVE      = NO
 IMAGE_PATH             =
@@ -129,12 +139,13 @@ SOURCE_TOOLTIPS        = YES
 USE_HTAGS              = NO
 VERBATIM_HEADERS       = YES
 CLANG_ASSISTED_PARSING = NO
 CLANG_ADD_INC_PATHS    = YES
 CLANG_OPTIONS          =
 CLANG_DATABASE_PATH    =
 #---------------------------------------------------------------------------
 # Configuration options related to the alphabetical class index
 #---------------------------------------------------------------------------
 ALPHABETICAL_INDEX     = YES
 COLS_IN_ALPHA_INDEX    = 5
 IGNORE_PREFIX          =
 #---------------------------------------------------------------------------
 # Configuration options related to the HTML output
@@ -151,6 +162,7 @@ HTML_COLORSTYLE_HUE    = 220
 HTML_COLORSTYLE_SAT    = 100
 HTML_COLORSTYLE_GAMMA  = 80
 HTML_TIMESTAMP         = YES
 HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
 HTML_INDEX_NUM_ENTRIES = 100
 GENERATE_DOCSET        = NO
@@ -180,8 +192,10 @@ GENERATE_TREEVIEW      = NO
 ENUM_VALUES_PER_LINE   = 4
 TREEVIEW_WIDTH         = 250
 EXT_LINKS_IN_WINDOW    = NO
 HTML_FORMULA_FORMAT    = png
 FORMULA_FONTSIZE       = 10
 FORMULA_TRANSPARENT    = YES
 FORMULA_MACROFILE      =
 USE_MATHJAX            = NO
 MATHJAX_FORMAT         = HTML-CSS
 MATHJAX_RELPATH        = http://www.mathjax.org/mathjax
@@ -201,11 +215,13 @@ GENERATE_LATEX         = YES
 LATEX_OUTPUT           = latex
 LATEX_CMD_NAME         = latex
 MAKEINDEX_CMD_NAME     = makeindex
 LATEX_MAKEINDEX_CMD    = makeindex
 COMPACT_LATEX          = NO
 PAPER_TYPE             = a4
 EXTRA_PACKAGES         =
 LATEX_HEADER           =
 LATEX_FOOTER           =
 LATEX_EXTRA_STYLESHEET =
 LATEX_EXTRA_FILES      =
 PDF_HYPERLINKS         = YES
 USE_PDFLATEX           = YES
@@ -213,6 +229,8 @@ LATEX_BATCHMODE        = NO
 LATEX_HIDE_INDICES     = NO
 LATEX_SOURCE_CODE      = NO
 LATEX_BIB_STYLE        = plain
 LATEX_TIMESTAMP        = NO
 LATEX_EMOJI_DIRECTORY  =
 #---------------------------------------------------------------------------
 # Configuration options related to the RTF output
 #---------------------------------------------------------------------------
@@ -222,6 +240,7 @@ COMPACT_RTF            = NO
 RTF_HYPERLINKS         = NO
 RTF_STYLESHEET_FILE    =
 RTF_EXTENSIONS_FILE    =
 RTF_SOURCE_CODE        = NO
 #---------------------------------------------------------------------------
 # Configuration options related to the man page output
 #---------------------------------------------------------------------------
@@ -236,6 +255,7 @@ MAN_LINKS              = NO
 GENERATE_XML           = NO
 XML_OUTPUT             = xml
 XML_PROGRAMLISTING     = YES
 XML_NS_MEMB_FILE_SCOPE = NO
 #---------------------------------------------------------------------------
 # Configuration options related to the DOCBOOK output
 #---------------------------------------------------------------------------
@@ -273,12 +293,10 @@ GENERATE_TAGFILE       =
 ALLEXTERNALS           = NO
 EXTERNAL_GROUPS        = YES
 EXTERNAL_PAGES         = YES
 PERL_PATH              =
 #---------------------------------------------------------------------------
 # Configuration options related to the dot tool
 #---------------------------------------------------------------------------
 CLASS_DIAGRAMS         = YES
 MSCGEN_PATH            =
 DIA_PATH               =
 HIDE_UNDOC_RELATIONS   = YES
 HAVE_DOT               = NO
@@ -291,6 +309,8 @@ COLLABORATION_GRAPH    = YES
 GROUP_GRAPHS           = YES
 UML_LOOK               = NO
 UML_LIMIT_NUM_FIELDS   = 10
 DOT_UML_DETAILS        = NO
 DOT_WRAP_THRESHOLD     = 17
 TEMPLATE_RELATIONS     = NO
 INCLUDE_GRAPH          = YES
 INCLUDED_BY_GRAPH      = YES
@@ -305,6 +325,8 @@ DOTFILE_DIRS           =
 MSCFILE_DIRS           =
 DIAFILE_DIRS           =
 PLANTUML_JAR_PATH      =
 PLANTUML_CFG_FILE      =
 PLANTUML_INCLUDE_PATH  =
 DOT_GRAPH_MAX_NODES    = 50
 MAX_DOT_GRAPH_DEPTH    = 0
 DOT_TRANSPARENT        = NO
--- a/docs/examples/crypt_log_usage.c
+++ b/docs/examples/crypt_log_usage.c
@@ -1,7 +1,7 @@
 /*
 * libcryptsetup API log example
 *
- * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/docs/examples/crypt_luks_usage.c
+++ b/docs/examples/crypt_luks_usage.c
@@ -1,7 +1,7 @@
 /*
 *  libcryptsetup API - using LUKS device example
 *
- * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/docs/on-disk-format-luks2.pdf
+++ b/docs/on-disk-format-luks2.pdf
--- a/docs/v1.2.0-ReleaseNotes
+++ b/docs/v1.2.0-ReleaseNotes
@@ -85,7 +85,7 @@ Libcryptsetup API additions:
 * Fix optional password callback handling.
- * Allow to activate by internally cached volume key immediately after
+ * Allow one to activate by internally cached volume key immediately after
 crypt_format() without active slot (for temporary devices with
 on-disk metadata)
--- a/docs/v1.4.2-ReleaseNotes
+++ b/docs/v1.4.2-ReleaseNotes
@@ -24,7 +24,7 @@ Changes since version 1.4.1
 * Fix header check to support old (cryptsetup 1.0.0) header alignment.
  (Regression in 1.4.0)
-* Allow to specify --align-payload only for luksFormat.
+* Allow one to specify --align-payload only for luksFormat.
 * Add --master-key-file option to luksOpen (open using volume key).
--- a/docs/v1.4.3-ReleaseNotes
+++ b/docs/v1.4.3-ReleaseNotes
@@ -32,7 +32,7 @@ Changes since version 1.4.2
  Device-mapper now retry removal if device is busy.
 * Allow "private" activation (skip some udev global rules) flag.
-  Cryptsetup library API now allows to specify CRYPT_ACTIVATE_PRIVATE,
+  Cryptsetup library API now allows one to specify CRYPT_ACTIVATE_PRIVATE,
  which means that some udev rules are not processed.
  (Used for temporary devices, like internal keyslot mappings where
  it is not desirable to run any device scans.)
--- a/docs/v1.6.0-ReleaseNotes
+++ b/docs/v1.6.0-ReleaseNotes
@@ -4,7 +4,7 @@ Cryptsetup 1.6.0 Release Notes
 Changes since version 1.6.0-rc1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- * Change LUKS default cipher to to use XTS encryption mode,
+ * Change LUKS default cipher to use XTS encryption mode,
   aes-xts-plain64 (i.e. using AES128-XTS).
   XTS mode becomes standard in hard disk encryption.
@@ -209,7 +209,7 @@ Important changes
     WARNING: these tests do not use dmcrypt, only crypto API.
     You have to benchmark the whole device stack and you can get completely
-     different results. But is is usable for basic comparison.
+     different results. But it is usable for basic comparison.
     (Note for example AES-NI decryption optimization effect in example above.)
 Features
--- a/docs/v1.6.2-ReleaseNotes
+++ b/docs/v1.6.2-ReleaseNotes
@@ -8,7 +8,7 @@ Changes since version 1.6.1
 * Fix cipher specification string parsing (found by gcc -fsanitize=address option).
 * Try to map TCRYPT system encryption through partition
-  (allows to activate mapping when other partition on the same device is mounted).
+  (allows one to activate mapping when other partition on the same device is mounted).
 * Print a warning if system encryption is used and device is a partition.
  (TCRYPT system encryption uses whole device argument.)
--- a/docs/v1.6.4-ReleaseNotes
+++ b/docs/v1.6.4-ReleaseNotes
@@ -25,7 +25,7 @@ Changes since version 1.6.3
  Please refer to cryptsetup FAQ for detail how to fix this situation.
-* Allow to use --disable-gcrypt-pbkdf2 during configuration
+* Allow one to use --disable-gcrypt-pbkdf2 during configuration
  to force use internal PBKDF2 code.
 * Require gcrypt 1.6.1 for imported implementation of PBKDF2
--- a/docs/v1.6.5-ReleaseNotes
+++ b/docs/v1.6.5-ReleaseNotes
@@ -38,7 +38,7 @@ Changes since version 1.6.4
  The command "cryptsetup status" will print basic info, even if you
  do not provide detached header argument.
-* Allow to specify ECB mode in cryptsetup benchmark.
+* Allow one to specify ECB mode in cryptsetup benchmark.
 * Add some LUKS images for regression testing.
  Note that if image with Whirlpool fails, the most probable cause is that
--- a/docs/v1.6.7-ReleaseNotes
+++ b/docs/v1.6.7-ReleaseNotes
@@ -35,14 +35,14 @@ Changes since version 1.6.6
 * Support permanent device decryption for cryptsetup-reencrypt.
  To remove LUKS encryption from a device, you can now use --decrypt option.
-* Allow to use --header option in all LUKS commands.
+* Allow one to use --header option in all LUKS commands.
  The --header always takes precedence over positional device argument.
 * Allow luksSuspend without need to specify a detached header.
 * Detect if O_DIRECT is usable on a device allocation.
  There are some strange storage stack configurations which wrongly allows
-  to open devices with direct-io but fails on all IO operations later.
+  one to open devices with direct-io but fails on all IO operations later.
  Cryptsetup now tries to read the device first sector to ensure it can use
  direct-io.
--- a/docs/v1.6.8-ReleaseNotes
+++ b/docs/v1.6.8-ReleaseNotes
@@ -30,7 +30,7 @@ Changes since version 1.6.7
  cryptsetup resize will try to resize underlying loop device as well.
  (It can be used to grow up file-backed device in one step.)
-* Cryptsetup now allows to use empty password through stdin pipe.
+* Cryptsetup now allows one to use empty password through stdin pipe.
  (Intended only for testing in scripts.)
 Cryptsetup API NOTE:
--- a/docs/v1.7.4-ReleaseNotes
+++ b/docs/v1.7.4-ReleaseNotes
@@ -3,7 +3,7 @@ Cryptsetup 1.7.4 Release Notes
 Changes since version 1.7.3
-* Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper.
+* Allow one to specify LUKS1 hash algorithm in Python luksFormat wrapper.
 * Use LUKS1 compiled-in defaults also in Python wrapper.
--- a/docs/v2.0.0-ReleaseNotes
+++ b/docs/v2.0.0-ReleaseNotes
@@ -89,7 +89,7 @@ Important features
  Integritysetup is intended to be used for settings that require
  non-cryptographic data integrity protection with no data encryption.
-  Fo setting integrity protected encrypted devices, see disk authenticated
+  For setting integrity protected encrypted devices, see disk authenticated
  encryption below.
  Note that after formatting the checksums need to be initialized;
@@ -583,7 +583,7 @@ Unfinished things & TODO for next releases
  in kernel (more on this later).
  NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
  in kernel have too small 96-bit nonces that are problematic with
-  randomly generated IVs (the collison probability is not negligible).
+  randomly generated IVs (the collision probability is not negligible).
  For the GCM, nonce collision is a fatal problem.
 * Authenticated encryption do not set encryption for dm-integrity journal.
--- a/docs/v2.0.2-ReleaseNotes
+++ b/docs/v2.0.2-ReleaseNotes
@@ -30,7 +30,7 @@ Changes since version 2.0.1
 * Add LUKS2 specific options for cryptsetup-reencrypt.
  Tokens and persistent flags are now transferred during reencryption;
-  change of PBKDF keyslot parameters is now supported and allows
+  change of PBKDF keyslot parameters is now supported and allows one
  to set precalculated values (no benchmarks).
 * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
--- a/docs/v2.0.3-ReleaseNotes
+++ b/docs/v2.0.3-ReleaseNotes
@@ -28,7 +28,7 @@ Changes since version 2.0.2
 * New API extensions for unbound keyslots (LUKS2 only)
  crypt_keyslot_get_key_size() and crypt_volume_key_get()
-  These functions allow to get key and key size for unbound keyslots.
+  These functions allow one to get key and key size for unbound keyslots.
 * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
--- a/docs/v2.1.0-ReleaseNotes
+++ b/docs/v2.1.0-ReleaseNotes
@@ -170,21 +170,21 @@ These new calls are now exported, for details see libcryptsetup.h:
 * crypt_get_metadata_size
 * crypt_set_metadata_size
-     allows to set/get area sizes in LUKS header
+     allows one to set/get area sizes in LUKS header
     (according to specification).
 * crypt_get_default_type
     get default compiled-in LUKS type (version).
 * crypt_get_pbkdf_type_params
-     allows to get compiled-in PBKDF parameters.
+     allows one to get compiled-in PBKDF parameters.
 * crypt_keyslot_set_encryption
 * crypt_keyslot_get_encryption
-     allows to set/get per-keyslot encryption algorithm for LUKS2.
+     allows one to set/get per-keyslot encryption algorithm for LUKS2.
 * crypt_keyslot_get_pbkdf
-     allows to get PBKDF parameters per-keyslot.
+     allows one to get PBKDF parameters per-keyslot.
 and these new defines:
 * CRYPT_LOG_DEBUG_JSON (message type for JSON debug)
--- a/docs/v2.3.0-ReleaseNotes
+++ b/docs/v2.3.0-ReleaseNotes
@@ -9,7 +9,7 @@ native read-write access to BitLocker Full Disk Encryption devices.
 The BITLK implementation is based on publicly available information
 and it is an independent and opensource implementation that allows
-to access this proprietary disk encryption.
+one to access this proprietary disk encryption.
 Changes since version 2.2.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- a/docs/v2.3.2-ReleaseNotes
+++ b/docs/v2.3.2-ReleaseNotes
@@ -18,7 +18,7 @@ Changes since version 2.3.1
  The slot number --key-slot (-S) option is mandatory here.
  An unbound keyslot store a key is that is not assigned to data
-  area on disk (LUKS2 allows to store arbitrary keys).
+  area on disk (LUKS2 allows one to store arbitrary keys).
 * Rephrase some error messages and remove redundant end-of-lines.
--- a/docs/v2.3.4-ReleaseNotes
+++ b/docs/v2.3.4-ReleaseNotes
@@ -0,0 +1,112 @@
 Cryptsetup 2.3.4 Release Notes
 ==============================
 Stable bug-fix release with a security fix (32-bit only).
 All users of cryptsetup 2.2.x and later should upgrade to this version.
 Changes since version 2.3.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Fix a possible out-of-bounds memory write while validating LUKS2 data
  segments metadata (CVE-2020-14382).
  This problem can be triggered only on 32-bit builds (64-bit systems
  are not affected).
  LUKS2 format validation code contains a bug in segments validation code
  where the code does not check for possible overflow on memory allocation.
  Due to the bug, the libcryptsetup can be tricked to expect such allocation
  was successful. Later it may read data from image crafted by an attacker and
  actually write such data beyond allocated memory.
  The bug was introduced in cryptsetup 2.2.0. All later releases until 2.3.4
  are affected.
  If you only backport the fix for this CVE, these master branch git commits
  should be backported:
    52f5cb8cedf22fb3e14c744814ec8af7614146c7
    46ee71edcd13e1dad50815ad65c28779aa6f7503
    752c9a52798f11d3b765b673ebaa3058eb25316e
  Thanks to Tobias Stoeckmann for discovering this issue.
 * Ignore reported optimal IO size if not aligned to minimal page size.
  Some USB enclosures report bogus block device topology (see lsblk -t) that
  prevents LUKS2 format with 4k sector size (reported values are not correctly
  aligned). The code now ignores such values and uses the default alignment.
 * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
  These performance options, introduced in kernel 5.9, configure dm-crypt
  to bypass read or write workqueues and run encryption synchronously.
  Use --perf-no_read_workqueue or --perf-no_write_workqueue cryptsetup arguments
  to use these dm-crypt flags.
  These options are available only for low-level dm-crypt performance tuning,
  use only if you need a change to default dm-crypt behavior.
  For LUKS2, these flags can be persistently stored in metadata with
  the --persistent option.
 * Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
  Veritysetup now supports --panic-on-corruption argument that configures
  the dm-verity device to panics kernel if a corruption is detected.
  This option is intended for specific configurations, do not use it in
  standard configurations.
 * Support --master-key-file option for online LUKS2 reencryption
  This can be used for reencryption of devices that uses protected key AES cipher
  on some mainframes crypto accelerators.
 * Always return EEXIST error code if a device already exists.
  Some libcryptsetup functions (activate_by*) now return EEXIST error code,
  so the caller can distinguish that call fails because some parallel process
  already activated the device.
  Previously all fails returned EINVAL (invalid value).
 * Fix a problem in integritysetup if a hash algorithm has dash in the name.
  If users want to use blake2b/blake2s, the kernel algorithm name includes
  a dash (like "blake2s-256").
  These algorithms can now be used for integritysetup devices.
 * Fix crypto backend to properly handle ECB mode.
  Even though it should never be used, it should still work for testing :)
  This fixes a bug introduced in cryptsetup version 2.3.2.
 * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
  with a larger sector.
  TrueCrypt/VeraCrypt always uses 512-byte sector for encryption, but for devices
  with a larger native sector, it stores this value in the header.
  This patch allows activation of such devices, basically ignoring
  the mentioned sector size.
 * LUKS2: Do not create excessively large headers.
  When creating a LUKS2 header with a specified --offset larger than
  the LUKS2 header size, do not create a larger file than needed.
 * Fix unspecified sector size for BitLocker compatible mode.
  Some BitLocker devices can contain zeroed sector size in the header.
  In this case, the 512-byte sector should be used.
  The bug was introduced in version 2.3.3.
 * Fix reading key data size in metadata for BitLocker compatible mode.
  Such devices with an unexpected entry in metadata can now be activated.
  Thanks to all users reporting these problems, BitLocker metadata documentation
  is not publicly available, and we depend only on these reports.
 * Fix typos in documentation.
--- a/docs/v2.3.5-ReleaseNotes
+++ b/docs/v2.3.5-ReleaseNotes
@@ -0,0 +1,181 @@
 Cryptsetup 2.3.5 Release Notes
 ==============================
 Stable bug-fix release with minor extensions.
 All users of cryptsetup 2.x and later should upgrade to this version.
 Changes since version 2.3.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Fix partial reads of passphrase from an interactive terminal.
  Some stable kernels (5.3.11) started to return buffer from a terminal
  in parts of maximal size 64 bytes.
  This breaks the reading of passphrases longer than 64 characters
  entered through an interactive terminal. The change is already fixed
  in later kernel releases, but tools now support such partial read from
  terminal properly.
 * Fix maximal length of password entered through a terminal.
  Now the maximal interactive passphrase length is exactly
  512 characters (not 511).
 * integritysetup: support new dm-integrity HMAC recalculation options.
  In older kernels (since version 4.19), an attacker can force
  an automatic recalculation of integrity tags by modifying
  the dm-integrity superblock.
  This is a problem with a keyed algorithms (HMAC), where it expects
  nobody can trigger such recalculation without the key.
  (Automatic recalculation will start after the next activation.)
  Note that dm-integrity in standalone mode was *not* supposed
  to provide cryptographic data integrity protection.
  Despite that, we try to keep the system secure if keyed algorithms
  are used.
  Thank Daniel Glöckner for the original report of this problem.
  Authenticated encryption that provides data integrity protection (in
  combination with dm-crypt and LUKS2) is not affected by this problem.
  The fix in the kernel for this problem contains two parts.
  Firstly, the dm-integrity kernel module disables integrity
  recalculation if keyed algorithms (HMAC) are used.
  This change is included in long-term stable kernels.
  Secondly, since the kernel version 5.11, dm-integrity introduces
  modified protection where a journal-integrity algorithm guards
  superblock; also, journal sections are protected. An attacker cannot
  copy sectors from one journal section to another, and the superblock
  also contains salt to prevent header replacement from another device.
  If you want to protect data with HMAC, you should always also use HMAC
  for --journal-integrity. Keys can be independent.
  If HMAC is used for data but not for the journal, the recalculation
  option is disabled.
  If you need to use (insecure) backward compatibility implementation,
  two new integritysetup options are introduced:
    - Use --integrity-legacy-recalc (instead of --integrity-recalc)
      to allow recalculation on legacy devices.
    - Use --integrity-legacy-hmac in format action to force old insecure
      HMAC format.
  Libcryptsetup API also introduces flags
    CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC and
    CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC
  to set these through crypt_set_compatibility() call.
 * integritysetup: display of recalculating sector in dump command.
 * veritysetup: fix verity FEC if stored in the same image with hashes.
  Optional FEC (Forward Error Correction) data should cover the whole
  data area, hashes (Merkle tree), and optionally additional metadata
  (located after hash area).
  Unfortunately, if FEC data is stored in the same file as hash,
  the calculation wrongly used the whole file size, thus overlaps with
  the FEC area itself. This produced unusable and too large FEC data.
  There is no problem if the FEC image is a separate image.
  The problem is now fixed, introducing FEC blocks calculation as:
    - If the hash device is in a separate image, metadata covers the
      whole rest of the image after the hash area. (Unchanged behavior.)
    - If hash and FEC device is in the image, metadata ends on the FEC
      area offset.
  Note: there is also a fix for FEC in the dm-verity kernel (on the way
  to stable kernels) that fixes error correction with larger RS roots.
 * veritysetup: run FEC repair check even if root hash fails.
  Note: The userspace FEC verify command reports are only informational
  for now. Code does not check verity hash after FEC recovery in
  userspace. The Reed-Solomon decoder can then report the possibility
  that it fixed data even if parity is too damaged.
  This will be fixed in the next major release.
 * veritysetup: do not process hash image if hash area is empty.
  Sometimes the device is so small that there is only a root hash
  needed, and the hash area is not used.
  Also, the size of the hash image is not increased for hash block
  alignment in this case.
 * veritysetup: store verity hash algorithm in superblock in lowercase.
  Otherwise, the kernel could refuse the activation of the device.
 * bitlk: fix a crash if the device disappears during BitLocker scan.
 * bitlk: show a better error when trying to open an NTFS device.
  Both BitLocker version 1 and NTFS have the same signature.
  If a user opens an NTFS device without BitLocker, it now correctly
  informs that it is not a BITLK device.
 * bitlk: add support for startup key protected VMKs.
  The startup key can be provided in --key-file option for open command.
 * Fix LUKS1 repair code (regression since version 1.7.x).
  We cannot trust possibly broken keyslots metadata in repair, so the
  code recalculates them instead.
  This makes the repair code working again when the master boot record
  signature overwrites the LUKS header.
 * Fix luksKeyChange for LUKS2 with assigned tokens.
  The token references are now correctly assigned to the new keyslot
  number.
 * Fix cryptsetup resize using LUKS2 tokens.
  Code needlessly asked for passphrase even though volume key was
  already unlocked via LUKS2 token.
 * Print a visible error if device resize is not supported.
 * Add error message when suspending wrong non-LUKS device.
 * Fix default XTS mode key size in reencryption.
  The same luksFormat logic (double key size because XTS uses two keys)
  is applied in the reencryption code.
 * Rephrase missing locking directory warning and move it to debug level.
  The system should later provide a safe transition to tempdir
  configuration, so creating locking directory inside libcryptsetup
  call is safe.
 * Many fixes for the use of cipher_null (empty debug cipher).
  Support for this empty cipher was intended as a debug feature and for
  measuring performance overhead. Unfortunately, many systems started to
  use it as an "empty shell" for LUKS (to enable encryption later).
  This use is very dangerous and it creates a false sense of security.
  Anyway, to not break such systems, we try to support these
  configurations.
  Using cipher_null in any production system is strongly discouraged!
  Fixes include:
   - allow LUKS resume for a device with cipher_null.
   - do not upload key in keyring when data cipher is null.
   - switch to default cipher when reencrypting cipher_null device.
   - replace possible bogus cipher_null keyslots before reencryption.
   - fix broken detection of null cipher in LUKS2.
     cipher_null is no longer possible to be used in keyslot encryption
     in LUKS2, it can be used only for data for debugging purposes.
 * Fixes for libpasswdqc 2.0.x (optional passphrase quality check).
 * Fixes for problems discovered by various tools for code analysis.
  Fixes include a rework of libpopt command line option string leaks.
 * Various fixes to man pages.
--- a/docs/v2.3.6-ReleaseNotes
+++ b/docs/v2.3.6-ReleaseNotes
@@ -0,0 +1,56 @@
 Cryptsetup 2.3.6 Release Notes
 ==============================
 Stable bug-fix release with minor extensions.
 All users of cryptsetup 2.x and later should upgrade to this version.
 Changes since version 2.3.5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * integritysetup: Fix possible dm-integrity mapping table truncation.
  While integritysetup in standalone mode (no encryption) was not
  designed to provide keyed (and cryptographically strong) data
  integrity protection, some options can use such algorithms (HMAC).
  If a key is used, it is directly sent to the kernel dm-integrity as
  a mapping table option (no key derivation is performed).
  For HMAC, such a key could be quite long (up to 4096 bytes in
  integritysetup CLI).
  Unfortunately, due to fixed buffers and not correctly checking string
  truncation, some parameter combinations could cause truncation
  of the dm-integrity mapping table.
  In most cases, the table was rejected by the kernel.
  The worst possible case was key truncation for HMAC options
  (internal_hash and journal_mac dm-integrity table options).
  This release fixes possible truncation and also adds more sanity
  checks to reject truncated options.
  Also, integritysetup now mentions maximal allowed key size
  in --help output.
  For old standalone dm-integrity devices where the key length was
  truncated, you have to modify (shorten) --integrity-key-size
  resp. --journal-integrity-key-size option now.
  This bug is _not_ present for dm-crypt/LUKS, LUKS2 (including
  integrity protection), or dm-verity devices; it affects only
  standalone dm-integrity with HMAC integrity protection.
 * cryptsetup: Backup header can be used to activate TCRYPT device.
  Use --header option to specify the header.
 * cryptsetup: Avoid LUKS2 decryption without detached header.
  This feature will be added later and is currently not supported.
 * Additional fixes and workarounds for common warnings produced
  by some static analysis tools (like gcc-11 analyzer) and additional
  code hardening.
 * Fix standalone libintl detection for compiled tests.
 * Add Blake2b and Blake2s hash support for crypto backends.
  Kernel and gcrypt crypto backend support all variants.
  OpenSSL supports only Blake2b-512 and Blake2s-256.
  Crypto backend supports kernel notation e.g. "blake2b-512".
--- a/docs/v2.4.0-ReleaseNotes
+++ b/docs/v2.4.0-ReleaseNotes
@@ -0,0 +1,302 @@
 Cryptsetup 2.4.0 Release Notes
 ==============================
 Stable release with new features and bug fixes.
 This version introduces support for external libraries
 (plugins) for handling LUKS2 token objects.
 Changes since version 2.3.6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * External LUKS token plugins
  A LUKS2 token is an object that can describe how to get a passphrase
  to unlock a particular keyslot. The generic metadata format is part
  of the LUKS2 specification.
  Cryptsetup 2.4 adds the possibility to implement token handlers
  in external libraries (possibly provided by other projects).
  A token library allows cryptsetup to understand metadata and provide
  basic operations. Currently external tokens may be used to unlock
  keyslots for following CLI actions: open (luksOpen),
  refresh (open --refresh), resize and dump (prints token specific
  content).
  LUKS2 devices cannot be resumed (luksResume action) via tokens yet.
  Support for resume and other actions will be added later.
  The library now provides an interface that automatically tries to load
  an external library for a token object in LUKS2 metadata.
  Token libraries should be installed in the cryptsetup subdirectory
  (usually /lib*/cryptsetup). This path is configurable through
  --with-luks2-external-tokens-path configure option.
  The external plugin loading can be compiled entirely out if
  --disable-external-tokens configure option is used. The external token
  interface can also be disabled runtime on the command line by
  --disable-external-tokens cryptsetup switch or by calling
  crypt_token_external_disable() API function.
  The name of the loaded token library is determined from the JSON LUKS
  metadata token object type. For example, "ssh" token will load library
  "libcryptsetup-token-ssh.so".
  External projects can use this interface to handle specific hardware
  without introducing additional dependencies to libcryptsetup core.
  As of cryptsetup 2.4.0 release systemd project already merged upstream
  native cryptsetup token handler for its systemd-tpm2 LUKS2 token
  released originally in systemd-v248. The token can be created using
  systemd-cryptenroll utility and devices may be manipulated either by
  systemd-cryptsetup cli or by cryptsetup for actions listed above.
  Other tokens like systemd-fido2 and systemd-pkcs11 are currently
  in-review.
 * Experimental SSH token
  As a demonstration of the external LUKS2 token interface, a new SSH
  token handler and cryptsetup-ssh utility is now provided and compiled
  by default.
  Crypsetup SSH token allows using remote keyfile through SSH protocol
  (it will authenticate through SSH certificates).
  You can disable the build of this token library with
  --disable-ssh-token configure option.
 To configure the token metadata, you need cryptsetup-ssh utility.
 Activation of the device is then performed by the cryptsetup utility.
 Example (how to activate LUKS2 through remote keyfile):
  - configure existing LUKS2 device with keyslot activated by a keyfile
   # cryptsetup luksAddKey <device> keyfile --key-slot 2
   - store that keyfile on a remote system accessible through SSH
   - configure SSH to use certificate for authentication
   - add a LUKS2 token with cryptsetup-ssh utility:
   # cryptsetup-ssh add <device>1 --key-slot 2 \
      --ssh-server test-vm \
      --ssh-user test \
      --ssh-path /home/test/keyfile \
      --ssh-keypath  /home/test/.ssh/test_rsa_key
  - you should see token metadata now with "cryptsetup luksDump ..."
   ...
   Tokens:
   0: ssh
        ssh_server: test-vm
        ssh_user: test
        ssh_path: /home/test/keyfile
        ssh_key_path: /home/test/.ssh/test_rsa_key
        Keyslot:    2
  - activation now should be automatic
  # cryptsetup open <device> test --verbose
    SSH token initiating ssh session.
    Key slot 2 unlocked.
    Command successful.
  - to remove a token, you can use "cryptsetup token remove" command
  (no plugin library required)
  Please note SSH token is just demonstration of plugin interface API,
  it is an EXPERIMENTAL feature.
 * Add cryptsetup --token-type parameter.
  It restricts token type to the parameter value in case no specific
  token-id is selected.
 * Support for token based activation with PIN.
  If specific token requires PIN to unlock keyslot passphrase and
  --token-only parameter was used cryptsetup asks for additional
  token PIN.
 * Respect keyslot priority with token-based activation.
 * Default LUKS2 PBKDF is now Argon2id
  Cryptsetup LUKS2 was using Argon2 while there were two versions,
  data-independent (Argon2i) suitable for the KDF use case and
  Argon2d (data-dependent). Later Argon2id was introduced as a new
  mandatory algorithm.
  We switched the password-based key derivation algorithms
  following the latest version of Argon2 RFC draft
  (https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/) to Argon2id
  (from Argon2i) as it is the mandatory and primary version
  of the Argon2 algorithm.
  There is no need to modify older containers; the main reason is that
  RFC makes Argon2id the primary variant, while Argon2i subvariant is
  only optional.
  Argon2id provides better protection to side-channel attacks while
  still providing protection to time-memory tradeoffs.
  We will switch to OpenSSL implementation once it is available.
  With a crystal ball as a reference, it could happen early in
  OpenSSL 3.1 release.
  Watch https://github.com/openssl/openssl/issues/4091.
 * Increase minimal memory cost for Argon2 benchmark to 64MiB.
  This patch increases the benchmarking value to 64 MiB (as minimal
  suggested values in Argon2 RFC). For compatibility reasons, we still
  allow older limits if set by a parameter.
  NOTE: Argon2 RFC draft defines suggested parameters for disk
  encryption, but the LUKS2 approach is slightly different. We need to
  provide platform-independent values. The values in the draft expect
  64bit systems (suggesting using 6 GiB of RAM). In comparison, we need
  to provide compatibility with all 32bit systems, so allocating more
  than 4GiB memory is not an option for LUKS2.
  The maximal limit in LUKS2 stays for 4 GiB, and by default LUKS2 PBKDF
  benchmarking sets maximum to 1 GIB, preferring an increase of CPU cost
  while running benchmark
 * Autodetect optimal encryption sector size on LUKS2 format.
  While the support for larger encryption sectors is supported
  for several releases, it required an additional parameter.
  Code now uses automatic detection of 4096-bytes native sector devices
  and automatically enables 4096-bytes encryption size for LUKS2.
  If no setor size option is used, sector size is detected
  automatically by cryptsetup. For libcryptsetup API, autodetection
  happens once you specify sector_size to 0.
  NOTE: crypt_format() function runs autodetection ONLY if you
  recompile your application to the new API symbol version.
  For backward compatibility, older applications ignore this parameter.
 * Use VeraCrypt option by default and add --disable-veracrypt option.
  While TrueCrypt is no longer developed and supported since 2014,
  VeraCrypt devices (a successor of TrueCrypt) are much more used today.
  Default is now to support VeraCrypt format (in addition to TrueCrypt),
  making the --veracrypt option obsolete (ignored as it is the default).
  If you need to disable VeraCrypt support, use the new option
  --disable-veracrypt.
  This option increases the time to recognize wrong passwords because
  some VeraCrypt modes use a high PBKDF2 iteration count, and the code
  must try all variants. This could be limited by using --hash and
  --cipher options mentioned below.
 * Support --hash and --cipher to limit opening time for TCRYPT type
  If a user knows which particular PBKDF2 hash or cipher is used for
  TrueCrypt/VeraCrypt container,  TCRYPT format now supports --hash and
  --cipher option.
  Note the value means substring (all cipher chains containing
  the cipher substring are tried).
  For example, you can use
      # cryptsetup tcryptDump --hash sha512 <container>
  Note: to speed up the scan, the hash option (used for PBKDF)2 matters.
  Cipher variants are scanned very quickly.
  Use with care.
  It can reveal some sensitive attributes of the container!
 * Fixed default OpenSSL crypt backend support for OpenSSL3.
  For OpenSSL version 3, we need to load legacy provider for older hash
  and ciphers. For example, RIPEMD160 and Whirlpool hash algorithms are
  no longer available by default.
  NOTE: the plain format still uses RIPEMD160 for password hashing by
  default. Changing the default would cause incompatibilities for many
  old systems. Nevertheless, such a change will be needed very soon.
 * integritysetup: add integrity-recalculate-reset flag.
  The new dm-integrity option in kernel 5.13 can restart recalculation
  from the beginning of the device.
  It can be used to change the integrity checksum function.
  New integritysetup --integrity-recalculate-reset option is added to
  integritysetup, and CRYPT_ACTIVATE_RECALCULATE_RESET flag to API.
 * cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
    In LUKS1, any change in keyslot means keyslot number change.
    In LUKS2, we can retain the keyslot number.
    Now luksKeyChange and crypt_keyslot_change_by_passphrase() API
    retains keyslot number for LUKS2 by default.
 * Fix cryptsetup resize using LUKS2 tokens.
  Fix a bug where cryptsetup needlessly asked for a passphrase even
  though the volume key was already unlocked via LUKS2 token.
 * Add close --deferred and --cancel-deferred options.
  All command-line utilities now understand deferred options for the
  close command. Deferred close means that the device is removed
  automagically after the last user closed the device.
  Cancel deferred means to cancel this operation (so the device remains
  active even if there a no longer active users).
  CRYPT_DEACTIVATE_DEFERRED and CRYPT_DEACTIVATE_DEFERRED_CANCEL flags
  are now available for API.
 * Rewritten command-line option parsing to avoid libpopt arguments
  memory leaks.
  Note: some distributions use patched lipopt that still leaks memory
  inside internal code (see Debian bug 941814).
 * Add --test-args option.
  New --test-args option can be used for syntax checking for valid
  command-line arguments with no actions performed.
  Note that it cannot detect unknown algorithm names and similar where
  we need call API functions.
 * veritysetup: add --root-hash-file option
  Allow passing the root hash via a file, rather than verbatim on
  the command line, for the open, verify, and format actions.
 * libcryptsetup C API extensions (see libcryptsetup.h for details)
  - crypt_logf - a printf like log function
  - crypt_dump_json - dump LUKS2 metadata in JSON format
  - crypt_header_is_detached - check if context use detached header
  - crypt_token_max - get maximal tokens number
  - crypt_token_external_path - get path for plugins (or NULL)
  - crypt_token_external_disable - disable runtime support for plugins
  - crypt_activate_by_token_pin - activate by token with additional PIN
  - crypt_reencrypt_run - fixed API for deprecated crypt_reencrypt
  The token plugin library interface cosists from these versioned
  exported symbols (for details see header file and SSH token example):
     cryptsetup_token_open
     cryptsetup_token_open_pin
     cryptsetup_token_buffer_free
     cryptsetup_token_validate
     cryptsetup_token_dump
     cryptsetup_token_version
 Since version 2.4 libcryptsetup uses exact symbol versioning
 Newly introduced functions have CRYPTSETUP_2.4 namespace (the old
 symbol always used CRYPTSETUP_2.0).
 There is no change in soname (the library is backward compatible).
 * Many fixes and additions to documentation and man pages.
--- a/docs/v2.4.1-ReleaseNotes
+++ b/docs/v2.4.1-ReleaseNotes
@@ -0,0 +1,47 @@
 Cryptsetup 2.4.1 Release Notes
 ==============================
 Stable bug-fix release with minor extensions.
 All users of cryptsetup 2.4.0 should upgrade to this version.
 Changes since version 2.4.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Fix compilation for libc implementations without dlvsym().
  Some alternative libc implementations (like musl) do not provide
  versioned symbols dlvsym function. Code now fallbacks to dlsym
  operation for dynamic LUKS2 token load.
  It is up to maintainers to ensure that LUKS2 token plugins are
  compiled for the supported version.
 * Fix compilation and tests on systems with non-standard libraries
  (standalone argp library, external gettext library, BusyBox
  implementations of standard tools).
 * Try to workaround some issues on systems without udev support.
  NOTE: non-udev systems cannot provide all functionality for kernel
  device-mapper, and some operations can fail.
 * Fixes for OpenSSL3 crypto backend (including FIPS mode).
  Because cryptsetup still requires some hash functions implemented
  in OpenSSL3 legacy provider, crypto backend now uses its library
  context and tries to load both default and legacy OpenSSL3 providers.
  If FIPS mode is detected, no library context is used, and it is up
  to the OpenSSL system-wide policy to load proper providers.
  NOTE: We still use some deprecated API in the OpenSSL3 backend,
  and there are some known problems in OpenSSL 3.0.0.
 * Print error message when assigning a token to an inactive keyslot.
 * Fix offset bug in LUKS2 encryption code if --offset option was used.
 * Do not allow LUKS2 decryption for devices with data offset.
  Such devices cannot be used after decryption.
 * Fix LUKS1 cryptsetup repair command for some specific problems.
  Repair code can now fix wrongly used initialization vector
  specification in ECB mode (that is insecure anyway!) and repair
  the upper-case hash specification in the LUKS1 header.
--- a/docs/v2.4.2-ReleaseNotes
+++ b/docs/v2.4.2-ReleaseNotes
@@ -0,0 +1,37 @@
 Cryptsetup 2.4.2 Release Notes
 ==============================
 Stable bug-fix release.
 All users of cryptsetup 2.4.1 should upgrade to this version.
 Changes since version 2.4.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Fix possible large memory allocation if LUKS2 header size is invalid.
  LUKS2 code read the full header to buffer to verify the checksum.
  The maximal supported header size now limits the memory allocation.
 * Fix memory corruption in debug message printing LUKS2 checksum.
 * veritysetup: remove link to the UUID library for the static build.
 * Remove link to pwquality library for integritysetup and veritysetup.
  These tools do not read passphrases.
 * OpenSSL3 backend: avoid remaining deprecated calls in API.
  Crypto backend no longer use API deprecated in OpenSSL 3.0
 * Check if kernel device-mapper create device failed in an early phase.
  This happens when a concurrent creation of device-mapper devices
  meets in the very early state.
 * Do not set compiler optimization flag for Argon2 KDF if the memory
  wipe is implemented in libc.
 * Do not attempt to unload LUKS2 tokens if external tokens are disabled.
  This allows building a static binary with  --disable-external-tokens.
 * LUKS convert: also check sysfs for device activity.
  If udev symlink is missing, code fallbacks to sysfs scan to prevent
  data corruption for the active device.
--- a/docs/v2.4.3-ReleaseNotes
+++ b/docs/v2.4.3-ReleaseNotes
@@ -0,0 +1,101 @@
 Cryptsetup 2.4.3 Release Notes
 ==============================
 Stable security bug-fix release that fixes CVE-2021-4122.
 All users of cryptsetup 2.4.x must upgrade to this version.
 Changes since version 2.4.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Fix possible attacks against data confidentiality through LUKS2 online
  reencryption extension crash recovery (CVE-2021-4122).
  An attacker can modify on-disk metadata to simulate decryption in
  progress with crashed (unfinished) reencryption step and persistently
  decrypt part of the LUKS device.
  This attack requires repeated physical access to the LUKS device but
  no knowledge of user passphrases.
  The decryption step is performed after a valid user activates
  the device with a correct passphrase and modified metadata.
  There are no visible warnings for the user that such recovery happened
  (except using the luksDump command). The attack can also be reversed
  afterward (simulating crashed encryption from a plaintext) with
  possible modification of revealed plaintext.
  The size of possible decrypted data depends on configured LUKS2 header
  size (metadata size is configurable for LUKS2).
  With the default parameters (16 MiB LUKS2 header) and only one
  allocated keyslot (512 bit key for AES-XTS), simulated decryption with
  checksum resilience SHA1 (20 bytes checksum for 4096-byte blocks),
  the maximal decrypted size can be over 3GiB.
  The attack is not applicable to LUKS1 format, but the attacker can
  update metadata in place to LUKS2 format as an additional step.
  For such a converted LUKS2 header, the keyslot area is limited to
  decrypted size (with SHA1 checksums) over 300 MiB.
  The issue is present in all cryptsetup releases since 2.2.0.
  Versions 1.x, 2.0.x, and 2.1.x are not affected, as these do not
  contain LUKS2 reencryption extension.
  The problem was caused by reusing a mechanism designed for actual
  reencryption operation without reassessing the security impact for new
  encryption and decryption operations. While the reencryption requires
  calculating and verifying both key digests, no digest was needed to
  initiate decryption recovery if the destination is plaintext (no
  encryption key). Also, some metadata (like encryption cipher) is not
  protected, and an attacker could change it. Note that LUKS2 protects
  visible metadata only when a random change occurs. It does not protect
  against intentional modification but such modification must not cause
  a violation of data confidentiality.
  The fix introduces additional digest protection of reencryption
  metadata. The digest is calculated from known keys and critical
  reencryption metadata. Now an attacker cannot create correct metadata
  digest without knowledge of a passphrase for used keyslots.
  For more details, see LUKS2 On-Disk Format Specification version 1.1.0.
  The former reencryption operation (without the additional digest) is no
  longer supported (reencryption with the digest is not backward
  compatible). You need to finish in-progress reencryption before
  updating to new packages. The alternative approach is to perform
  a repair command from the updated package to recalculate reencryption
  digest and fix metadata.
  The reencryption repair operation always require a user passphrase.
  WARNING: Devices with older reencryption in progress can be no longer
  activated without performing the action mentioned above.
  Encryption in progress can be detected by running the luksDump command
  (output includes reencrypt keyslot with reencryption parameters). Also,
  during the active reencryption, no keyslot operations are available
  (change of passphrases, etc.).
  The issue was found by Milan Broz as cryptsetup maintainer.
 Other changes
 ~~~~~~~~~~~~~
 * Add configure option --disable-luks2-reencryption to completely disable
  LUKS2 reencryption code.
  When used, the libcryptsetup library can read metadata with
  reencryption code, but all reencryption API calls and cryptsetup
  reencrypt commands are disabled.
  Devices with online reencryption in progress cannot be activated.
  This option can cause some incompatibilities. Please use with care.
 * Improve internal metadata validation code for reencryption metadata.
 * Add updated documentation for LUKS2 On-Disk Format Specification
  version 1.1.0 (with reencryption extension description and updated
  metadata description). See docs/on-disk-format-luks2.pdf or online
  version in https://gitlab.com/cryptsetup/LUKS2-docs repository.
 * Fix support for bitlk (BitLocker compatible) startup key with new
  metadata entry introduced in Windows 11.
 * Fix space restriction for LUKS2 reencryption with data shift.
  The code required more space than was needed.
--- a/docs/v2.5.0-ReleaseNotes
+++ b/docs/v2.5.0-ReleaseNotes
@@ -0,0 +1,291 @@
 Cryptsetup 2.5.0 Release Notes
 ==============================
 Stable release with new features and bug fixes.
 Changes since version 2.4.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Split manual pages into per-action pages and use AsciiDoc format.
  Manual pages are now generated from AsciiDoc format, allowing easy
  conditional modifications for per-action options.
  Generation of man pages requires the asciidoctor tool installed.
  Pre-generated man pages are also included in the distribution tarball.
  You can use --disable-asciidoc configure option to skip man page
  generation completely. In this case, pre-generated man pages will be
  used for installation.
  For cryptsetup, there is main man page (cryptsetup.8) that references
  separate man pages for each command (for example, cryptsetup-open.8).
  You can open such a man page by simply running "man cryptsetup open".
  Also, man pages for action aliases are available (cryptsetup-luksOpen.8
  is an alias for cryptsetup-open.8, etc.)
 LUKS volume reencryption changes
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Remove cryptsetup-reencrypt tool from the project and move reencryption
  to already existing "cryptsetup reencrypt" command.
  Cryptsetup reencrypt now handles both LUKS1 and LUKS2 reencryption,
  encryption, and decryption.
  If you need to emulate the old cryptsetup-reencrypt binary, use simple
  wrappers script running "exec cryptsetup reencrypt $@".
  All command line options should be compatible. An exception is the
  reencryption of LUKS2 volumes with old LUKS1 reencryption code that was
  replaced by native and more resilient LUKS2 reencryption.
 * LUKS2: implement --decryption option that allows LUKS removal. The
  operation can run online or offline and supports the data shift option.
  During the initialization, the LUKS2 header is exported to a file.
  The first data segment is moved to the head of the data device in place
  of the original header.
  The feature internally introduces several new resilience modes
  (combination of existing modes datashift and "checksum" or "journal").
  Datashift resilience mode is applied for data moved towards the first
  segment, and the first segment is then decrypted in place.
  This decryption mode is not backward compatible with prior LUKS2
  reencryption. Interrupted operations in progress cannot be resumed
  using older cryptsetup releases.
 * Reencryption metadata options that are not compatible with recent code
  (features implemented in more recent releases) are now only read, but
  code will not activate or modify such metadata.
  Reencryption metadata contains a version that is validated when
  reencryption is resumed.
  For more info, see the updated LUKS2 on-disk format specification.
  Safe operation of reencryption is to always finish the operation with
  only one version of the tools.
 * Fix decryption operation with --active-name option and restrict
  it to be used only with LUKS2.
 * Do not refresh reencryption digest when not needed.
  This should speed up the reencryption resume process.
 * Store proper resilience data in LUKS2 reencrypt initialization.
  Resuming reencryption now does not require specification of resilience
  type parameters if these are the same as during initialization.
 * Properly wipe the unused area after reencryption with datashift in
  the forward direction.
 * Check datashift value against larger sector size.
  For example, it could cause an issue if misaligned 4K sector appears
  during decryption.
 * Do not allow sector size increase reencryption in offline mode.
  The eventual logical block size increase on the dm-crypt device above
  may lead to an unusable filesystem. Do not allow offline reencryption
  when sector size increase is requested.
  You can use --force-offline-reencrypt option to override this check
  (and potentially destroy the data).
 * Do not allow dangerous sector size change during reencryption.
  By changing the encryption sector size during reencryption, a user
  may increase the effective logical block size for the dm-crypt active
  device.
  Do not allow encryption sector size to be increased over the value
  provided by fs superblock in BLOCK_SIZE property.
 * Ask the user for confirmation before resuming reencryption.
  The prompt is not shown in batch mode or when the user explicitly asks
  for a reencryption resume via --resume-only.
 * Do not resume reencryption with conflicting parameters.
  For example, if the operation was initialized as --encrypt, do not
  allow resume with opposing parameter --decrypt and vice versa.
  Also, the code now checks for conflicting resilience parameters
  (datashift cannot be changed after initialization).
 * Add --force-offline-reencrypt option.
  It can be used to enforce offline reencryption in batch mode when
  the device is a regular file; therefore, cryptsetup cannot detect
  properly active devices using it.
  Also, it may be useful to override the active device auto-detection
  for specific storage configurations (dangerous!).
 * Do not allow nested encryption in LUKS reencrypt.
  Avoid accidental nested encryption via cryptsetup reencrypt --encrypt.
 * Fix --test-passphrase when the device is in reencryption.
 * Do not upload keys in keyring during offline reencryption.
  Reencryption runs in userspace, so the kernel does not need the key.
 * Support all options allowed with luksFormat with encrypt action.
 * Add prompt if LUKS2 decryption is run with a detached header.
 * Add warning for reencryption of file image and mention
  the possible use of --force-offline-reencrypt option.
 Other changes
 ~~~~~~~~~~~~~
 * Add resize action to integritysetup.
  This allows resizing of standalone integrity devices.
 * Support --device-size option (that allows unit specification) for plain
  devices (existing --size option requires 512-byte sectors units).
 * Fix detection of encryption sector size if a detached header is used.
 * Remove obsolete dracut plugin reencryption example.
 * Fix possible keyslot area size overflow during conversion to LUKS2.
  If keyslots are not sorted according to binary area offset, the area
  size calculation was wrong and could overflow.
 * Hardening and fixes to LUKS2 validation functions:
  * Log a visible error if convert fails due to validation check.
  * Check for interval (keyslot and segment area) overflow.
  * Check cipher availability before LUKS conversion to LUKS2.
    Some historic incompatibilities are ignored for LUKS1 but do not
    work for LUKS2.
  * Add empty string check to LUKS2 metadata JSON validation.
    Most of the LUKS2 fields cannot be empty.
  * Fix JSON objects validation to check JSON object type properly.
 * TCRYPT: Properly apply retry count and continue if some PBKDF variant
  is unavailable.
 * BITLK: Add a warning when activating a device with the wrong size
  stored in metadata.
 * BITLK: Add BitLocker volume size to dump command.
 * BITLK: Fix possible UTF16 buffer overflow in volume key dump.
 * BITLK: Skip question if the batch mode is set for volume key dump.
 * BITLK: Check dm-zero availability in the kernel.
  Bitlocker compatible mode uses dm-zero to mask metadata area.
  The device cannot be activated if dm-zero is not available.
 * Fix error message for LUKS2-only cryptsetup commands to explicitly
  state LUKS2 version is required.
 * Fix error message for incompatible dm-integrity metadata.
  If the integritysetup tool is too old, kernel dm-integrity may use
  a more recent version of dm-integrity metadata.
 * Properly deactivate the integrity device even if the LUKS2 header
  is no longer available.
  If LUKS2 is used with integrity protection, there is always
  a dm-integrity device underneath that must be deactivated.
 * Allow use of --header option for cryptsetup close.
  This can be used to check that the activated device has the same UUID.
 * Fix activation of LUKS2 device with integrity and detached header.
  The kernel-parsed dm-integrity superblock is always located on the
  data device, the incorrectly used detached header device here.
 * Add ZEROOUT IOCTL support for crypt_wipe API call.
  For block devices, we can use optimized in-kernel BLKZEROOUT ioctl.
 * VERITY: set loopback sector size according to dm-verity block sizes.
  Verity block size has the same limits, so we can optimize the loop
  device to increase performance.
 * Other Documentation and man page improvements:
  * Update LUKS2 on-disk format description.
  * Add per-keyslot LUKS2 options to the man page.
    Some options were missing for LUKS2 luksAddKey and luksChangeKey.
  * Fix cryptsetup manpage to use PBKDF consistently.
  * Add compile info to README. This information was lost when we removed
    the default automake INSTALL file.
  * Use volume key consistently in FAQ and man pages.
  * Use markdown version of FAQ directly for installation.
  * Clarify graceful reencryption interruption.
    Currently, it can be interrupted by both SIGINT and SIGTERM signals.
  * Add new mailing list info.
  * Mention non-cryptographic xxhash64 hash for integrity protection.
 * veritysetup: dump device sizes.
  Calculating device sizes for verity devices is a little bit tricky.
  Data, hash, and FEC can share devices or be separate devices.
  Now dump command prints used device sizes, but it requires that
  the user specifies all values that are not stored in superblock
  (like FEC device and FEC roots).
 * Fix check for argp_usage in configure if argp-standalone lib is used.
 * Add constant time memcmp and hexa print implementation and use it for
  cryptographic keys handling.
 * Display progress when wiping the end of the resized device.
 * LUKS2 token: prefer token PIN query before passphrase in some cases.
  When a user provides --token-type or specific --token-id, a token PIN
  query is preferred to a passphrase query.
 * LUKS2 token: allow tokens to be replaced with --token-replace option
  for cryptsetup token command.
 * LUKS2 token: do not continue operation when interrupted in PIN prompt.
 * Add --progress-json parameter to utilities.
  Progress data can now be printed out in JSON format suitable for
  machine processing.
 * Embedded Argon2 PBKDF: optimize and simplify thread exit.
 * Avoid using SHA1 in tests and fix new enforcements introduced in FIPS
  provider for OpenSSL3 (like minimal parameters for PBKDF2).
 * Use custom UTF conversion and avoid linking to iconv as a dependency.
 * Reimplement BASE64 with simplified code instead of coreutils version.
 * Fix regression when warning messages were not displayed
  if some kernel feature is not supported (2.4.2).
 * Add support for --key-slot option in luksResume action.
 Libcryptsetup API extensions and changes
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Properly define uint32_t constants in API.
  This is not a real change, but it avoids strict compiler warnings.
 * crypt_resume_by_token_pin() - Resume crypt device using LUKS2 token.
 * crypt_get_label() - Get the label of the LUKS2 device.
 * crypt_get_subsystem() - Get the subsystem label of the LUKS2 device.
 * Make CRYPT_WIPE_ENCRYPTED_ZERO crypt_wipe() option obsolete.
  It was never implemented (the idea was to speed up wipe), but with
  the recent RNG performance changes, it makes no longer sense.
 * Add struct crypt_params_reencrypt changes related to decryption.
 * Improve crypt_reencrypt_status() return values.
  Empty or any non-LUKS types now returns CRYPT_REENCRYPT_INVALID status.
  For LUKS1 devices, it returns CRYPT_REENCRYPT_NONE.
--- a/docs/v2.6.0-ReleaseNotes
+++ b/docs/v2.6.0-ReleaseNotes
@@ -0,0 +1,236 @@
 Cryptsetup 2.6.0 Release Notes
 ==============================
 Stable release with new features and bug fixes.
 Changes since version 2.5.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 * Introduce support for handling macOS FileVault2 devices (FVAULT2).
  Cryptsetup now supports the mapping of FileVault2 full-disk encryption
  by Apple for the macOS operating system using a native Linux kernel.
  You can open an existing USB FileVault portable device and (with
  the hfsplus filesystem driver) access the native data read/write.
  Cryptsetup supports only (legacy) FileVault2 based on Core Storage
  and HFS+ filesystem (introduced in MacOS X 10.7 Lion).
  It does NOT support the new version of FileVault based on the APFS
  filesystem used in recent macOS versions.
  Header formatting and changes are not supported; cryptsetup never
  changes the metadata on the device.
  FVAULT2 extension requires kernel userspace crypto API and kernel
  driver for HFS+ (hfsplus) filesystem (available on most systems today).
  Example of using FileVault2 formatted USB device:
  A typical encrypted device contains three partitions; the FileVault
  encrypted partition is here sda2:
  $ lsblk -o NAME,FSTYPE,LABEL /dev/sda
    NAME   FSTYPE  LABEL
    sda
    |-sda1 vfat    EFI
    |-sda2
    `-sda3 hfsplus Boot OS X
  Note: blkid does not recognize FileVault2 format yet.
  To dump metadata information about the device, you can use
  the fvault2Dump command:
  $ cryptsetup fvault2Dump /dev/sda2
    Header information for FVAULT2 device /dev/sda2.
    Physical volume UUID:   6f353c05-daae-4e76-a0ee-6a9569a22d81
    Family UUID:            f82cceb0-a788-4815-945a-53d57fcd55a8
    Logical volume offset:  67108864 [bytes]
    Logical volume size:    3288334336 [bytes]
    Cipher:                 aes
    Cipher mode:            xts-plain64
    PBKDF2 iterations:      97962
    PBKDF2 salt:            173a4ec7447662ec79ca7a47df6c2a01
 To activate the device, use open --type fvault2 option:
 $ cryptsetup open --type fvault2 /dev/sda2 test
   Enter passphrase for /dev/sda2: ...
 And check the status of the active device:
 $ cryptsetup status test
   /dev/mapper/test is active.
   type:    FVAULT2
   cipher:  aes-xts-plain64
   keysize: 256 bits
   key location: dm-crypt
   device:  /dev/sda2
   sector size:  512
   offset:  131072 sectors
   size:    6422528 sectors
   mode:    read/write
 Now, if the kernel contains hfsplus filesystem driver, you can mount
 decrypted content:
 $ mount /dev/mapper/test /mnt/test
 For more info about implementation, please refer to the master thesis
 by Pavel Tobias, which was the source for this extension.
 https://is.muni.cz/th/p0aok/?lang=en
 * libcryptsetup: no longer use global memory locking through mlockall()
  For many years, libcryptsetup locked all memory (including dependent
  library address space) to prevent swapping sensitive content outside
  of RAM.
  This strategy no longer works as the locking of basic libraries exceeds
  the memory locking limit if running as a non-root user.
  Libcryptsetup now locks only memory ranges containing sensitive
  material (keys) through crypt_safe_alloc() calls.
  This change solves many reported mysterious problems of unexpected
  failures. If the initial lock was still under the limit and succeeded,
  some following memory allocation could fail later as it exceeded
  the locking limit. If the initial locking fails,  memory locking
  was quietly ignored completely.
  The whole crypt_memory_lock() API call is deprecated; it no longer
  calls memlockall().
 * libcryptsetup: process priority is increased only for key derivation
  (PBKDF) calls.
  Increasing priority was tight to memory locking and works only if
  running under superuser.
  Only PBKDF calls and benchmarking now increase the process priority.
 * Add new LUKS keyslot context handling functions and API.
  In practice, the luksAddKey action does two operations.
  It unlocks the existing device volume key and stores the unlocked
  volume key in a new keyslot.
  Previously the options were limited to key files and passphrases.
  Newly available methods (keyslot contexts) are passphrase, keyfile,
  key (binary representation), and LUKS2 token.
  To unlock a keyslot user may:
    - provide existing passphrase via interactive prompt (default method)
    - use --key-file option to provide a file with a valid passphrase
    - provide volume key directly via --volume-key-file
    - unlock keyslot via all available LUKS2 tokens by --token-only
    - unlock keyslot via specific token with --token-id
    - unlock keyslot via specific token type by --token-type
  To provide the passphrase for a new keyslot, a user may:
    - provide existing passphrase via interactive prompt (default method)
    - use --new-keyfile to read the passphrase from the file
    - use --new-token-id to select LUKS2 token to get passphrase
      for new keyslot. The new keyslot is assigned to the selected token
      id if the operation is successful.
 * The volume key may now be extracted using a passphrase, keyfile, or
  token. For LUKS devices, it also returns the volume key after
  a successful crypt_format call.
 * Fix --disable-luks2-reencryption configuration option.
 * cryptsetup: Print a better error message and warning if the format
  produces an image without space available for data.
  Activation now fails early with a more descriptive message.
 * Print error if anti-forensic LUKS2 hash setting is not available.
  If the specified hash was not available, activation quietly failed.
 * Fix internal crypt segment compare routine if the user
  specified cipher in kernel format (capi: prefix).
 * cryptsetup: Add token unassign action.
  This action allows removing token binding on specific keyslot.
 * veritysetup: add support for --use-tasklets option.
  This option sets try_verify_in_tasklet kernel dm-verity option
  (available since Linux kernel 6.0) to allow some performance
  improvement on specific systems.
 * Provide pkgconfig Require.private settings.
  While we do not completely provide static build on udev systems,
  it helps produce statically linked binaries in certain situations.
 * Always update automake library files if autogen.sh is run.
  For several releases, we distributed older automake scripts by mistake.
 * reencryption: Fix user defined moved segment size in LUKS2 decryption.
  The --hotzone-size argument was ignored in cases where the actual data
  size was less than the original LUKS2 data offset.
 * Delegate FIPS mode detection to configured crypto backend.
  System FIPS mode check no longer depends on /etc/system-fips file.
 * tests: externally provided systemd plugin is now optionally compiled
  from systemd git and tested with cryptsetup
 * tests: initial integration to OSS-fuzz project with basic crypt_load()
  test for LUKS2 and JSON mutated fuzzing.
  For more info, see README in tests/fuzz directory.
 * Update documentation, including FAQ and man pages.
 Libcryptsetup API extensions
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The libcryptsetup API is backward compatible with existing symbols.
 New symbols:
  crypt_keyslot_context_init_by_passphrase
  crypt_keyslot_context_init_by_keyfile
  crypt_keyslot_context_init_by_token
  crypt_keyslot_context_init_by_volume_key
  crypt_keyslot_context_get_error
  crypt_keyslot_context_set_pin
  crypt_keyslot_context_get_type
  crypt_keyslot_context_free
  crypt_keyslot_add_by_keyslot_context
  crypt_volume_key_get_by_keyslot_context
 New defines:
  CRYPT_FVAULT2 "FVAULT2" (FileVault2 compatible mode)
 Keyslot context types:
  CRYPT_KC_TYPE_PASSPHRASE
  CRYPT_KC_TYPE_KEYFILE
  CRYPT_KC_TYPE_TOKEN
  CRYPT_KC_TYPE_KEY
  CRYPT_ACTIVATE_TASKLETS (dm-verity: use tasklets activation flag)
 WARNING!
 ~~~~~~~~
 The next version of cryptsetup will change the encryption mode and key
 derivation option for the PLAIN format.
 This change will cause backward incompatibility.
 For this reason, the user will have to specify the exact parameters
 for cipher, key size, and key derivation parameters for plain format.
 The default encryption mode will be AES-XTS with 512bit key (AES-256).
 The CBC mode is no longer considered the best default, as it allows easy
 bit-flipped ciphertext modification attacks and performance problems.
 For the passphrase hashing in plain mode, the encryption key is directly
 derived through iterative hashing from a user-provided passphrase
 (except a keyfile that is not hashed).
 The default hash is RIPEMD160, which is no longer the best default
 option. The exact change will be yet discussed but should include
 the possibility of using a password-based key derivation function
 instead of iterative hashing.
--- a/lib/Makemodule.am
+++ b/lib/Makemodule.am
@@ -1,11 +1,11 @@
 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = lib/libcryptsetup.pc
+pkgconfig_DATA += lib/libcryptsetup.pc
-lib_LTLIBRARIES = libcryptsetup.la
+lib_LTLIBRARIES += libcryptsetup.la
 noinst_LTLIBRARIES += libutils_io.la
-include_HEADERS = lib/libcryptsetup.h
+include_HEADERS += lib/libcryptsetup.h
 EXTRA_DIST += lib/libcryptsetup.pc.in lib/libcryptsetup.sym
@@ -15,15 +15,7 @@ libutils_io_la_SOURCES = \
 	lib/utils_io.c			\
 	lib/utils_io.h
-libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) \
+libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS)
 	-I $(top_srcdir)/lib/crypto_backend	\
 	-I $(top_srcdir)/lib/luks1		\
 	-I $(top_srcdir)/lib/luks2		\
 	-I $(top_srcdir)/lib/loopaes		\
 	-I $(top_srcdir)/lib/verity		\
 	-I $(top_srcdir)/lib/tcrypt		\
 	-I $(top_srcdir)/lib/integrity		\
 	-I $(top_srcdir)/lib/bitlk
 libcryptsetup_la_DEPENDENCIES = libutils_io.la libcrypto_backend.la lib/libcryptsetup.sym
@@ -40,7 +32,8 @@ libcryptsetup_la_LIBADD = \
 	@LIBARGON2_LIBS@	\
 	@JSON_C_LIBS@		\
 	@BLKID_LIBS@		\
-	$(LTLIBICONV)		\
+	@DL_LIBS@		\
 	$(LTLIBINTL)		\
 	libcrypto_backend.la	\
 	libutils_io.la
@@ -50,6 +43,8 @@ libcryptsetup_la_SOURCES = \
 	lib/bitops.h			\
 	lib/nls.h			\
 	lib/libcryptsetup.h		\
 	lib/libcryptsetup_macros.h	\
 	lib/libcryptsetup_symver.h	\
 	lib/utils.c			\
 	lib/utils_benchmark.c		\
 	lib/utils_crypt.c		\
@@ -58,8 +53,6 @@ libcryptsetup_la_SOURCES = \
 	lib/utils_loop.h		\
 	lib/utils_devpath.c		\
 	lib/utils_wipe.c		\
 	lib/utils_fips.c		\
 	lib/utils_fips.h		\
 	lib/utils_device.c		\
 	lib/utils_keyring.c		\
 	lib/utils_keyring.h		\
@@ -74,14 +67,14 @@ libcryptsetup_la_SOURCES = \
 	lib/volumekey.c			\
 	lib/random.c			\
 	lib/crypt_plain.c		\
 	lib/base64.h			\
 	lib/base64.c			\
 	lib/integrity/integrity.h	\
 	lib/integrity/integrity.c	\
 	lib/loopaes/loopaes.h		\
 	lib/loopaes/loopaes.c		\
 	lib/tcrypt/tcrypt.h		\
 	lib/tcrypt/tcrypt.c		\
 	lib/keyslot_context.h		\
 	lib/keyslot_context.c		\
 	lib/luks1/af.h			\
 	lib/luks1/af.c			\
 	lib/luks1/keyencryption.c	\
@@ -104,6 +97,7 @@ libcryptsetup_la_SOURCES = \
 	lib/luks2/luks2_keyslot_luks2.c	\
 	lib/luks2/luks2_keyslot_reenc.c	\
 	lib/luks2/luks2_reencrypt.c	\
 	lib/luks2/luks2_reencrypt_digest.c	\
 	lib/luks2/luks2_segment.c	\
 	lib/luks2/luks2_token_keyring.c	\
 	lib/luks2/luks2_token.c		\
@@ -112,4 +106,6 @@ libcryptsetup_la_SOURCES = \
 	lib/utils_blkid.c		\
 	lib/utils_blkid.h		\
 	lib/bitlk/bitlk.h		\
-	lib/bitlk/bitlk.c
+	lib/bitlk/bitlk.c		\
 	lib/fvault2/fvault2.h		\
 	lib/fvault2/fvault2.c
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -1,605 +0,0 @@
 /* base64.c -- Encode binary data using printable characters.
   Copyright (C) 1999-2001, 2004-2006, 2009-2019 Free Software Foundation, Inc.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2, or (at your option)
   any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   You should have received a copy of the GNU General Public License
   along with this program; if not, see <https://www.gnu.org/licenses/>.  */
 /* Written by Simon Josefsson.  Partially adapted from GNU MailUtils
 * (mailbox/filter_trans.c, as of 2004-11-28).  Improved by review
 * from Paul Eggert, Bruno Haible, and Stepan Kasal.
 *
 * See also RFC 4648 <https://www.ietf.org/rfc/rfc4648.txt>.
 *
 * Be careful with error checking.  Here is how you would typically
 * use these functions:
 *
 * bool ok = base64_decode_alloc (in, inlen, &out, &outlen);
 * if (!ok)
 *   FAIL: input was not valid base64
 * if (out == NULL)
 *   FAIL: memory allocation error
 * OK: data in OUT/OUTLEN
 *
 * size_t outlen = base64_encode_alloc (in, inlen, &out);
 * if (out == NULL && outlen == 0 && inlen != 0)
 *   FAIL: input too long
 * if (out == NULL)
 *   FAIL: memory allocation error
 * OK: data in OUT/OUTLEN.
 *
 */
 #include <config.h>
 /* Get prototype. */
 #include "base64.h"
 /* Get malloc. */
 #include <stdlib.h>
 /* Get UCHAR_MAX. */
 #include <limits.h>
 #include <string.h>
 /* C89 compliant way to cast 'char' to 'unsigned char'. */
 static unsigned char
 to_uchar (char ch)
 {
  return ch;
 }
 static const char b64c[64] =
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 /* Base64 encode IN array of size INLEN into OUT array. OUT needs
   to be of length >= BASE64_LENGTH(INLEN), and INLEN needs to be
   a multiple of 3.  */
 static void
 base64_encode_fast (const char *restrict in, size_t inlen, char *restrict out)
 {
  while (inlen)
    {
      *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f];
      *out++ = b64c[((to_uchar (in[0]) << 4) + (to_uchar (in[1]) >> 4)) & 0x3f];
      *out++ = b64c[((to_uchar (in[1]) << 2) + (to_uchar (in[2]) >> 6)) & 0x3f];
      *out++ = b64c[to_uchar (in[2]) & 0x3f];
      inlen -= 3;
      in += 3;
    }
 }
 /* Base64 encode IN array of size INLEN into OUT array of size OUTLEN.
   If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as
   possible.  If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero
   terminate the output buffer. */
 void
 base64_encode (const char *restrict in, size_t inlen,
               char *restrict out, size_t outlen)
 {
  /* Note this outlen constraint can be enforced at compile time.
     I.E. that the output buffer is exactly large enough to hold
     the encoded inlen bytes.  The inlen constraints (of corresponding
     to outlen, and being a multiple of 3) can change at runtime
     at the end of input.  However the common case when reading
     large inputs is to have both constraints satisfied, so we depend
     on both in base_encode_fast().  */
  if (outlen % 4 == 0 && inlen == outlen / 4 * 3)
    {
      base64_encode_fast (in, inlen, out);
      return;
    }
  while (inlen && outlen)
    {
      *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f];
      if (!--outlen)
        break;
      *out++ = b64c[((to_uchar (in[0]) << 4)
                       + (--inlen ? to_uchar (in[1]) >> 4 : 0))
                      & 0x3f];
      if (!--outlen)
        break;
      *out++ =
        (inlen
         ? b64c[((to_uchar (in[1]) << 2)
                   + (--inlen ? to_uchar (in[2]) >> 6 : 0))
                  & 0x3f]
         : '=');
      if (!--outlen)
        break;
      *out++ = inlen ? b64c[to_uchar (in[2]) & 0x3f] : '=';
      if (!--outlen)
        break;
      if (inlen)
        inlen--;
      if (inlen)
        in += 3;
    }
  if (outlen)
    *out = '\0';
 }
 /* Allocate a buffer and store zero terminated base64 encoded data
   from array IN of size INLEN, returning BASE64_LENGTH(INLEN), i.e.,
   the length of the encoded data, excluding the terminating zero.  On
   return, the OUT variable will hold a pointer to newly allocated
   memory that must be deallocated by the caller.  If output string
   length would overflow, 0 is returned and OUT is set to NULL.  If
   memory allocation failed, OUT is set to NULL, and the return value
   indicates length of the requested memory block, i.e.,
   BASE64_LENGTH(inlen) + 1. */
 size_t
 base64_encode_alloc (const char *in, size_t inlen, char **out)
 {
  size_t outlen = 1 + BASE64_LENGTH (inlen);
  /* Check for overflow in outlen computation.
   *
   * If there is no overflow, outlen >= inlen.
   *
   * If the operation (inlen + 2) overflows then it yields at most +1, so
   * outlen is 0.
   *
   * If the multiplication overflows, we lose at least half of the
   * correct value, so the result is < ((inlen + 2) / 3) * 2, which is
   * less than (inlen + 2) * 0.66667, which is less than inlen as soon as
   * (inlen > 4).
   */
  if (inlen > outlen)
    {
      *out = NULL;
      return 0;
    }
  *out = malloc (outlen);
  if (!*out)
    return outlen;
  base64_encode (in, inlen, *out, outlen);
  return outlen - 1;
 }
 /* With this approach this file works independent of the charset used
   (think EBCDIC).  However, it does assume that the characters in the
   Base64 alphabet (A-Za-z0-9+/) are encoded in 0..255.  POSIX
   1003.1-2001 require that char and unsigned char are 8-bit
   quantities, though, taking care of that problem.  But this may be a
   potential problem on non-POSIX C99 platforms.
   IBM C V6 for AIX mishandles "#define B64(x) ...'x'...", so use "_"
   as the formal parameter rather than "x".  */
 #define B64(_)                                  \
  ((_) == 'A' ? 0                               \
   : (_) == 'B' ? 1                             \
   : (_) == 'C' ? 2                             \
   : (_) == 'D' ? 3                             \
   : (_) == 'E' ? 4                             \
   : (_) == 'F' ? 5                             \
   : (_) == 'G' ? 6                             \
   : (_) == 'H' ? 7                             \
   : (_) == 'I' ? 8                             \
   : (_) == 'J' ? 9                             \
   : (_) == 'K' ? 10                            \
   : (_) == 'L' ? 11                            \
   : (_) == 'M' ? 12                            \
   : (_) == 'N' ? 13                            \
   : (_) == 'O' ? 14                            \
   : (_) == 'P' ? 15                            \
   : (_) == 'Q' ? 16                            \
   : (_) == 'R' ? 17                            \
   : (_) == 'S' ? 18                            \
   : (_) == 'T' ? 19                            \
   : (_) == 'U' ? 20                            \
   : (_) == 'V' ? 21                            \
   : (_) == 'W' ? 22                            \
   : (_) == 'X' ? 23                            \
   : (_) == 'Y' ? 24                            \
   : (_) == 'Z' ? 25                            \
   : (_) == 'a' ? 26                            \
   : (_) == 'b' ? 27                            \
   : (_) == 'c' ? 28                            \
   : (_) == 'd' ? 29                            \
   : (_) == 'e' ? 30                            \
   : (_) == 'f' ? 31                            \
   : (_) == 'g' ? 32                            \
   : (_) == 'h' ? 33                            \
   : (_) == 'i' ? 34                            \
   : (_) == 'j' ? 35                            \
   : (_) == 'k' ? 36                            \
   : (_) == 'l' ? 37                            \
   : (_) == 'm' ? 38                            \
   : (_) == 'n' ? 39                            \
   : (_) == 'o' ? 40                            \
   : (_) == 'p' ? 41                            \
   : (_) == 'q' ? 42                            \
   : (_) == 'r' ? 43                            \
   : (_) == 's' ? 44                            \
   : (_) == 't' ? 45                            \
   : (_) == 'u' ? 46                            \
   : (_) == 'v' ? 47                            \
   : (_) == 'w' ? 48                            \
   : (_) == 'x' ? 49                            \
   : (_) == 'y' ? 50                            \
   : (_) == 'z' ? 51                            \
   : (_) == '0' ? 52                            \
   : (_) == '1' ? 53                            \
   : (_) == '2' ? 54                            \
   : (_) == '3' ? 55                            \
   : (_) == '4' ? 56                            \
   : (_) == '5' ? 57                            \
   : (_) == '6' ? 58                            \
   : (_) == '7' ? 59                            \
   : (_) == '8' ? 60                            \
   : (_) == '9' ? 61                            \
   : (_) == '+' ? 62                            \
   : (_) == '/' ? 63                            \
   : -1)
 static const signed char b64[0x100] = {
  B64 (0), B64 (1), B64 (2), B64 (3),
  B64 (4), B64 (5), B64 (6), B64 (7),
  B64 (8), B64 (9), B64 (10), B64 (11),
  B64 (12), B64 (13), B64 (14), B64 (15),
  B64 (16), B64 (17), B64 (18), B64 (19),
  B64 (20), B64 (21), B64 (22), B64 (23),
  B64 (24), B64 (25), B64 (26), B64 (27),
  B64 (28), B64 (29), B64 (30), B64 (31),
  B64 (32), B64 (33), B64 (34), B64 (35),
  B64 (36), B64 (37), B64 (38), B64 (39),
  B64 (40), B64 (41), B64 (42), B64 (43),
  B64 (44), B64 (45), B64 (46), B64 (47),
  B64 (48), B64 (49), B64 (50), B64 (51),
  B64 (52), B64 (53), B64 (54), B64 (55),
  B64 (56), B64 (57), B64 (58), B64 (59),
  B64 (60), B64 (61), B64 (62), B64 (63),
  B64 (64), B64 (65), B64 (66), B64 (67),
  B64 (68), B64 (69), B64 (70), B64 (71),
  B64 (72), B64 (73), B64 (74), B64 (75),
  B64 (76), B64 (77), B64 (78), B64 (79),
  B64 (80), B64 (81), B64 (82), B64 (83),
  B64 (84), B64 (85), B64 (86), B64 (87),
  B64 (88), B64 (89), B64 (90), B64 (91),
  B64 (92), B64 (93), B64 (94), B64 (95),
  B64 (96), B64 (97), B64 (98), B64 (99),
  B64 (100), B64 (101), B64 (102), B64 (103),
  B64 (104), B64 (105), B64 (106), B64 (107),
  B64 (108), B64 (109), B64 (110), B64 (111),
  B64 (112), B64 (113), B64 (114), B64 (115),
  B64 (116), B64 (117), B64 (118), B64 (119),
  B64 (120), B64 (121), B64 (122), B64 (123),
  B64 (124), B64 (125), B64 (126), B64 (127),
  B64 (128), B64 (129), B64 (130), B64 (131),
  B64 (132), B64 (133), B64 (134), B64 (135),
  B64 (136), B64 (137), B64 (138), B64 (139),
  B64 (140), B64 (141), B64 (142), B64 (143),
  B64 (144), B64 (145), B64 (146), B64 (147),
  B64 (148), B64 (149), B64 (150), B64 (151),
  B64 (152), B64 (153), B64 (154), B64 (155),
  B64 (156), B64 (157), B64 (158), B64 (159),
  B64 (160), B64 (161), B64 (162), B64 (163),
  B64 (164), B64 (165), B64 (166), B64 (167),
  B64 (168), B64 (169), B64 (170), B64 (171),
  B64 (172), B64 (173), B64 (174), B64 (175),
  B64 (176), B64 (177), B64 (178), B64 (179),
  B64 (180), B64 (181), B64 (182), B64 (183),
  B64 (184), B64 (185), B64 (186), B64 (187),
  B64 (188), B64 (189), B64 (190), B64 (191),
  B64 (192), B64 (193), B64 (194), B64 (195),
  B64 (196), B64 (197), B64 (198), B64 (199),
  B64 (200), B64 (201), B64 (202), B64 (203),
  B64 (204), B64 (205), B64 (206), B64 (207),
  B64 (208), B64 (209), B64 (210), B64 (211),
  B64 (212), B64 (213), B64 (214), B64 (215),
  B64 (216), B64 (217), B64 (218), B64 (219),
  B64 (220), B64 (221), B64 (222), B64 (223),
  B64 (224), B64 (225), B64 (226), B64 (227),
  B64 (228), B64 (229), B64 (230), B64 (231),
  B64 (232), B64 (233), B64 (234), B64 (235),
  B64 (236), B64 (237), B64 (238), B64 (239),
  B64 (240), B64 (241), B64 (242), B64 (243),
  B64 (244), B64 (245), B64 (246), B64 (247),
  B64 (248), B64 (249), B64 (250), B64 (251),
  B64 (252), B64 (253), B64 (254), B64 (255)
 };
 #if UCHAR_MAX == 255
 # define uchar_in_range(c) true
 #else
 # define uchar_in_range(c) ((c) <= 255)
 #endif
 /* Return true if CH is a character from the Base64 alphabet, and
   false otherwise.  Note that '=' is padding and not considered to be
   part of the alphabet.  */
 bool
 isbase64 (char ch)
 {
  return uchar_in_range (to_uchar (ch)) && 0 <= b64[to_uchar (ch)];
 }
 /* Initialize decode-context buffer, CTX.  */
 void
 base64_decode_ctx_init (struct base64_decode_context *ctx)
 {
  ctx->i = 0;
 }
 /* If CTX->i is 0 or 4, there are four or more bytes in [*IN..IN_END), and
   none of those four is a newline, then return *IN.  Otherwise, copy up to
   4 - CTX->i non-newline bytes from that range into CTX->buf, starting at
   index CTX->i and setting CTX->i to reflect the number of bytes copied,
   and return CTX->buf.  In either case, advance *IN to point to the byte
   after the last one processed, and set *N_NON_NEWLINE to the number of
   verified non-newline bytes accessible through the returned pointer.  */
 static const char *
 get_4 (struct base64_decode_context *ctx,
       char const *restrict *in, char const *restrict in_end,
       size_t *n_non_newline)
 {
  if (ctx->i == 4)
    ctx->i = 0;
  if (ctx->i == 0)
    {
      char const *t = *in;
      if (4 <= in_end - *in && memchr (t, '\n', 4) == NULL)
        {
          /* This is the common case: no newline.  */
          *in += 4;
          *n_non_newline = 4;
          return (const char *) t;
        }
    }
  {
    /* Copy non-newline bytes into BUF.  */
    char const *p = *in;
    while (p < in_end)
      {
        char c = *p++;
        if (c != '\n')
          {
            ctx->buf[ctx->i++] = c;
            if (ctx->i == 4)
              break;
          }
      }
    *in = p;
    *n_non_newline = ctx->i;
    return ctx->buf;
  }
 }
 #define return_false                            \
  do                                            \
    {                                           \
      *outp = out;                              \
      return false;                             \
    }                                           \
  while (false)
 /* Decode up to four bytes of base64-encoded data, IN, of length INLEN
   into the output buffer, *OUT, of size *OUTLEN bytes.  Return true if
   decoding is successful, false otherwise.  If *OUTLEN is too small,
   as many bytes as possible are written to *OUT.  On return, advance
   *OUT to point to the byte after the last one written, and decrement
   *OUTLEN to reflect the number of bytes remaining in *OUT.  */
 static bool
 decode_4 (char const *restrict in, size_t inlen,
          char *restrict *outp, size_t *outleft)
 {
  char *out = *outp;
  if (inlen < 2)
    return false;
  if (!isbase64 (in[0]) || !isbase64 (in[1]))
    return false;
  if (*outleft)
    {
      *out++ = ((b64[to_uchar (in[0])] << 2)
                | (b64[to_uchar (in[1])] >> 4));
      --*outleft;
    }
  if (inlen == 2)
    return_false;
  if (in[2] == '=')
    {
      if (inlen != 4)
        return_false;
      if (in[3] != '=')
        return_false;
    }
  else
    {
      if (!isbase64 (in[2]))
        return_false;
      if (*outleft)
        {
          *out++ = (((b64[to_uchar (in[1])] << 4) & 0xf0)
                    | (b64[to_uchar (in[2])] >> 2));
          --*outleft;
        }
      if (inlen == 3)
        return_false;
      if (in[3] == '=')
        {
          if (inlen != 4)
            return_false;
        }
      else
        {
          if (!isbase64 (in[3]))
            return_false;
          if (*outleft)
            {
              *out++ = (((b64[to_uchar (in[2])] << 6) & 0xc0)
                        | b64[to_uchar (in[3])]);
              --*outleft;
            }
        }
    }
  *outp = out;
  return true;
 }
 /* Decode base64-encoded input array IN of length INLEN to output array
   OUT that can hold *OUTLEN bytes.  The input data may be interspersed
   with newlines.  Return true if decoding was successful, i.e. if the
   input was valid base64 data, false otherwise.  If *OUTLEN is too
   small, as many bytes as possible will be written to OUT.  On return,
   *OUTLEN holds the length of decoded bytes in OUT.  Note that as soon
   as any non-alphabet, non-newline character is encountered, decoding
   is stopped and false is returned.  If INLEN is zero, then process
   only whatever data is stored in CTX.
   Initially, CTX must have been initialized via base64_decode_ctx_init.
   Subsequent calls to this function must reuse whatever state is recorded
   in that buffer.  It is necessary for when a quadruple of base64 input
   bytes spans two input buffers.
   If CTX is NULL then newlines are treated as garbage and the input
   buffer is processed as a unit.  */
 bool
 base64_decode_ctx (struct base64_decode_context *ctx,
                   const char *restrict in, size_t inlen,
                   char *restrict out, size_t *outlen)
 {
  size_t outleft = *outlen;
  bool ignore_newlines = ctx != NULL;
  bool flush_ctx = false;
  unsigned int ctx_i = 0;
  if (ignore_newlines)
    {
      ctx_i = ctx->i;
      flush_ctx = inlen == 0;
    }
  while (true)
    {
      size_t outleft_save = outleft;
      if (ctx_i == 0 && !flush_ctx)
        {
          while (true)
            {
              /* Save a copy of outleft, in case we need to re-parse this
                 block of four bytes.  */
              outleft_save = outleft;
              if (!decode_4 (in, inlen, &out, &outleft))
                break;
              in += 4;
              inlen -= 4;
            }
        }
      if (inlen == 0 && !flush_ctx)
        break;
      /* Handle the common case of 72-byte wrapped lines.
         This also handles any other multiple-of-4-byte wrapping.  */
      if (inlen && *in == '\n' && ignore_newlines)
        {
          ++in;
          --inlen;
          continue;
        }
      /* Restore OUT and OUTLEFT.  */
      out -= outleft_save - outleft;
      outleft = outleft_save;
      {
        char const *in_end = in + inlen;
        char const *non_nl;
        if (ignore_newlines)
          non_nl = get_4 (ctx, &in, in_end, &inlen);
        else
          non_nl = in;  /* Might have nl in this case. */
        /* If the input is empty or consists solely of newlines (0 non-newlines),
           then we're done.  Likewise if there are fewer than 4 bytes when not
           flushing context and not treating newlines as garbage.  */
        if (inlen == 0 || (inlen < 4 && !flush_ctx && ignore_newlines))
          {
            inlen = 0;
            break;
          }
        if (!decode_4 (non_nl, inlen, &out, &outleft))
          break;
        inlen = in_end - in;
      }
    }
  *outlen -= outleft;
  return inlen == 0;
 }
 /* Allocate an output buffer in *OUT, and decode the base64 encoded
   data stored in IN of size INLEN to the *OUT buffer.  On return, the
   size of the decoded data is stored in *OUTLEN.  OUTLEN may be NULL,
   if the caller is not interested in the decoded length.  *OUT may be
   NULL to indicate an out of memory error, in which case *OUTLEN
   contains the size of the memory block needed.  The function returns
   true on successful decoding and memory allocation errors.  (Use the
   *OUT and *OUTLEN parameters to differentiate between successful
   decoding and memory error.)  The function returns false if the
   input was invalid, in which case *OUT is NULL and *OUTLEN is
   undefined. */
 bool
 base64_decode_alloc_ctx (struct base64_decode_context *ctx,
                         const char *in, size_t inlen, char **out,
                         size_t *outlen)
 {
  /* This may allocate a few bytes too many, depending on input,
     but it's not worth the extra CPU time to compute the exact size.
     The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the
     input ends with "=" and minus another 1 if the input ends with "==".
     Dividing before multiplying avoids the possibility of overflow.  */
  size_t needlen = 3 * (inlen / 4) + 3;
  *out = malloc (needlen);
  if (!*out)
    return true;
  if (!base64_decode_ctx (ctx, in, inlen, *out, &needlen))
    {
      free (*out);
      *out = NULL;
      return false;
    }
  if (outlen)
    *outlen = needlen;
  return true;
 }
--- a/lib/base64.h
+++ b/lib/base64.h
@@ -1,68 +0,0 @@
 /* base64.h -- Encode binary data using printable characters.
   Copyright (C) 2004-2006, 2009-2019 Free Software Foundation, Inc.
   Written by Simon Josefsson.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2, or (at your option)
   any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   You should have received a copy of the GNU General Public License
   along with this program; if not, see <https://www.gnu.org/licenses/>.  */
 #ifndef BASE64_H
 # define BASE64_H
 /* Get size_t. */
 # include <stddef.h>
 /* Get bool. */
 # include <stdbool.h>
 # ifdef __cplusplus
 extern "C" {
 # endif
 /* This uses that the expression (n+(k-1))/k means the smallest
   integer >= n/k, i.e., the ceiling of n/k.  */
 # define BASE64_LENGTH(inlen) ((((inlen) + 2) / 3) * 4)
 struct base64_decode_context
 {
  unsigned int i;
  char buf[4];
 };
 extern bool isbase64 (char ch) __attribute__ ((__const__));
 extern void base64_encode (const char *restrict in, size_t inlen,
                           char *restrict out, size_t outlen);
 extern size_t base64_encode_alloc (const char *in, size_t inlen, char **out);
 extern void base64_decode_ctx_init (struct base64_decode_context *ctx);
 extern bool base64_decode_ctx (struct base64_decode_context *ctx,
                               const char *restrict in, size_t inlen,
                               char *restrict out, size_t *outlen);
 extern bool base64_decode_alloc_ctx (struct base64_decode_context *ctx,
                                     const char *in, size_t inlen,
                                     char **out, size_t *outlen);
 #define base64_decode(in, inlen, out, outlen) \
        base64_decode_ctx (NULL, in, inlen, out, outlen)
 #define base64_decode_alloc(in, inlen, out, outlen) \
        base64_decode_alloc_ctx (NULL, in, inlen, out, outlen)
 # ifdef __cplusplus
 }
 # endif
 #endif /* BASE64_H */
--- a/lib/bitlk/bitlk.c
+++ b/lib/bitlk/bitlk.c
@@ -1,9 +1,9 @@
 /*
 * BITLK (BitLocker-compatible) volume handling
 *
- * Copyright (C) 2019-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2020 Milan Broz
+ * Copyright (C) 2019-2022 Milan Broz
- * Copyright (C) 2019-2020 Vojtech Trefny
+ * Copyright (C) 2019-2022 Vojtech Trefny
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -24,7 +24,6 @@
 #include <string.h>
 #include <uuid/uuid.h>
 #include <time.h>
 #include <iconv.h>
 #include <limits.h>
 #include "bitlk.h"
@@ -54,6 +53,9 @@
 #define BITLK_RECOVERY_PARTS 8
 #define BITLK_RECOVERY_PART_LEN 6
 #define BITLK_BEK_FILE_HEADER_LEN 48
 #define BITLK_STARTUP_KEY_HEADER_LEN 24
 #define BITLK_KDF_HASH "sha256"
 #define BITLK_KDF_ITERATION_COUNT 0x100000
@@ -162,6 +164,18 @@ struct bitlk_kdf_data {
 	uint64_t count;
 };
 struct bitlk_bek_header {
 	uint32_t metadata_size;
 	uint32_t metadata_version;
 	uint32_t metadata_header_size;
 	uint32_t metada_size_copy;
 	struct bitlk_guid guid;
 	uint32_t next_nonce;
 	uint16_t encryption;
 	uint16_t unknown;
 	uint64_t creation_time;
 } __attribute__ ((packed));
 static BITLKVMKProtection get_vmk_protection(uint16_t protection)
 {
 	switch (protection) {
@@ -219,86 +233,11 @@ static const char* get_bitlk_type_string(BITLKEncryptionType type)
 	}
 }
 /* TODO -- move to some utils file */
 static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep)
 {
 	int i;
 	for(i = 0; i < n; i++)
 		log_std(cd, "%02hhx%s", (const char)d[i], sep);
 }
 static uint64_t filetime_to_unixtime(uint64_t time)
 {
 	return (time - EPOCH_AS_FILETIME) / HUNDREDS_OF_NANOSECONDS;
 }
 static int convert_to_utf8(struct crypt_device *cd, uint8_t *input, size_t inlen, char **out)
 {
 	char *outbuf = NULL;
 	iconv_t ic;
 	size_t ic_inlen = inlen;
 	size_t ic_outlen = inlen;
 	char *ic_outbuf = NULL;
 	size_t r = 0;
 	outbuf = malloc(inlen);
 	if (outbuf == NULL)
 		return -ENOMEM;
 	memset(outbuf, 0, inlen);
 	ic_outbuf = outbuf;
 	ic = iconv_open("UTF-8", "UTF-16LE");
 	r = iconv(ic, (char **) &input, &ic_inlen, &ic_outbuf, &ic_outlen);
 	iconv_close(ic);
 	if (r == 0)
 		*out = strdup(outbuf);
 	else {
 		*out = NULL;
 		log_dbg(cd, "Failed to convert volume description: %s", strerror(errno));
 		r = 0;
 	}
 	free(outbuf);
 	return r;
 }
 static int passphrase_to_utf16(struct crypt_device *cd, char *input, size_t inlen, char **out)
 {
 	char *outbuf = NULL;
 	iconv_t ic;
 	size_t ic_inlen = inlen;
 	size_t ic_outlen = inlen * 2;
 	char *ic_outbuf = NULL;
 	size_t r = 0;
 	if (inlen == 0)
 		return r;
 	outbuf = crypt_safe_alloc(inlen * 2);
 	if (outbuf == NULL)
 		return -ENOMEM;
 	memset(outbuf, 0, inlen * 2);
 	ic_outbuf = outbuf;
 	ic = iconv_open("UTF-16LE", "UTF-8");
 	r = iconv(ic, &input, &ic_inlen, &ic_outbuf, &ic_outlen);
 	iconv_close(ic);
 	if (r == 0) {
 		*out = outbuf;
 	} else {
 		*out = NULL;
 		crypt_safe_free(outbuf);
 		log_dbg(cd, "Failed to convert passphrase: %s", strerror(errno));
 		r = -errno;
 	}
 	return r;
 }
 static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, int end, struct bitlk_vmk **vmk)
 {
 	uint16_t key_entry_size = 0;
@@ -309,9 +248,12 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
 	const char *key = NULL;
 	struct volume_key *vk = NULL;
 	bool supported = false;
 	int r = 0;
 	/* only passphrase or recovery passphrase vmks are supported (can be used to activate) */
-	supported = (*vmk)->protection == BITLK_PROTECTION_PASSPHRASE || (*vmk)->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE;
+	supported = (*vmk)->protection == BITLK_PROTECTION_PASSPHRASE ||
 		    (*vmk)->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE ||
 		    (*vmk)->protection == BITLK_PROTECTION_STARTUP_KEY;
 	while (end - start > 2) {
 		/* size of this entry */
@@ -376,9 +318,14 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) {
 			;
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) {
-			if (convert_to_utf8(cd, data + start + BITLK_ENTRY_HEADER_LEN, key_entry_size - BITLK_ENTRY_HEADER_LEN, &string) < 0) {
+			string = malloc((key_entry_size - BITLK_ENTRY_HEADER_LEN) * 2 + 1);
-				log_err(cd, _("Invalid string found when parsing Volume Master Key."));
+			if (!string)
 				return -ENOMEM;
 			r = crypt_utf16_to_utf8(&string, CONST_CAST(char16_t *)(data + start + BITLK_ENTRY_HEADER_LEN),
 						     key_entry_size - BITLK_ENTRY_HEADER_LEN);
 			if (r < 0 || !string) {
 				free(string);
 				log_err(cd, _("Invalid string found when parsing Volume Master Key."));
 				return -EINVAL;
 			} else if ((*vmk)->name != NULL) {
 				if (supported) {
@@ -394,6 +341,9 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
 				(*vmk)->name = string;
 				string = NULL;
 			}
 		/* no idea what this is, lets hope it's not important */
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_USE_KEY && (*vmk)->protection == BITLK_PROTECTION_STARTUP_KEY) {
 			;
 		} else {
 			if (supported) {
 				log_err(cd, _("Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."), key_entry_value);
@@ -436,6 +386,9 @@ void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk)
 void BITLK_bitlk_metadata_free(struct bitlk_metadata *metadata)
 {
 	if (!metadata)
 		return;
 	free(metadata->guid);
 	if (metadata->description)
 		free(metadata->description);
@@ -463,6 +416,7 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	int end = 0;
 	size_t key_size = 0;
 	const char *key = NULL;
 	char *description = NULL;
 	struct bitlk_vmk *vmk = NULL;
 	struct bitlk_vmk *vmk_p = params->vmks;
@@ -476,7 +430,19 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	/* read and check the signature */
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 		device_alignment(device), &sig, sizeof(sig), 0) != sizeof(sig)) {
-		log_err(cd, _("Failed to read BITLK signature from %s."), device_path(device));
+		log_dbg(cd, "Failed to read BITLK signature from %s.", device_path(device));
 		r = -EIO;
 		goto out;
 	}
 	if (memcmp(sig.signature, BITLK_SIGNATURE, sizeof(sig.signature)) == 0) {
 		params->togo = false;
 		fve_offset = BITLK_HEADER_METADATA_OFFSET;
 	} else if (memcmp(sig.signature, BITLK_SIGNATURE_TOGO, sizeof(sig.signature)) == 0) {
 		params->togo = true;
 		fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO;
 	} else {
 		log_dbg(cd, "Invalid or unknown signature for BITLK device.");
 		r = -EINVAL;
 		goto out;
 	}
@@ -493,19 +459,12 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		goto out;
 	}
-	if (memcmp(sig.signature, BITLK_SIGNATURE, sizeof(sig.signature)) == 0) {
+	params->sector_size = le16_to_cpu(sig.sector_size);
-		params->togo = false;
+	if (params->sector_size == 0) {
-		fve_offset = BITLK_HEADER_METADATA_OFFSET;
+		log_dbg(cd, "Got sector size 0, assuming 512.");
-	} else if (memcmp(sig.signature, BITLK_SIGNATURE_TOGO, sizeof(sig.signature)) == 0) {
+		params->sector_size = SECTOR_SIZE;
 		params->togo = true;
 		fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO;
 	} else {
 		log_err(cd, _("Invalid or unknown signature for BITLK device."));
 		r = -EINVAL;
 		goto out;
 	}
 	params->sector_size = le16_to_cpu(sig.sector_size);
 	if (!(params->sector_size == 512 || params->sector_size == 4096)) {
 		log_err(cd, _("Unsupported sector size %" PRIu16 "."), params->sector_size);
 		r = -EINVAL;
@@ -553,18 +512,19 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 			le16_to_cpu(fve.curr_state), le16_to_cpu(fve.next_state));
 	}
 	params->volume_size = le64_to_cpu(fve.volume_size);
 	params->metadata_version = le16_to_cpu(fve.fve_version);
 	fve_metadata_size = le32_to_cpu(fve.metadata_size);
 	switch (le16_to_cpu(fve.encryption)) {
 	/* AES-CBC with Elephant difuser */
 	case 0x8000:
-		params->key_size = 128;
+		params->key_size = 256;
 		params->cipher = "aes";
 		params->cipher_mode = "cbc-elephant";
 		break;
 	case 0x8001:
-		params->key_size = 256;
+		params->key_size = 512;
 		params->cipher = "aes";
 		params->cipher_mode = "cbc-elephant";
 		break;
@@ -581,12 +541,12 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		break;
 	/* AES-XTS */
 	case 0x8004:
-		params->key_size = 128;
+		params->key_size = 256;
 		params->cipher = "aes";
 		params->cipher_mode = "xts-plain64";
 		break;
 	case 0x8005:
-		params->key_size = 256;
+		params->key_size = 512;
 		params->cipher = "aes";
 		params->cipher_mode = "xts-plain64";
 		break;
@@ -623,7 +583,7 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 		device_alignment(device), fve_entries, fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN,
-		params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN) {
+		params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != (ssize_t)(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN)) {
 		log_err(cd, _("Failed to read BITLK metadata entries from %s."), device_path(device));
 		r = -EINVAL;
 		goto out;
@@ -649,6 +609,10 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 			       sizeof(entry_vmk));
 			vmk = malloc(sizeof(struct bitlk_vmk));
 			if (!vmk) {
 				r = -ENOMEM;
 				goto out;
 			}
 			memset(vmk, 0, sizeof(struct bitlk_vmk));
 			guid_to_string(&entry_vmk.guid, guid_buf);
@@ -677,6 +641,10 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		/* FVEK */
 		} else if (entry_type == BITLK_ENTRY_TYPE_FVEK) {
 			params->fvek = malloc(sizeof(struct bitlk_fvek));
 			if (!params->fvek) {
 				r = -ENOMEM;
 				goto out;
 			}
 			memcpy(params->fvek->nonce,
 			       fve_entries + start + BITLK_ENTRY_HEADER_LEN,
 			       sizeof(params->fvek->nonce));
@@ -702,13 +670,18 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 			params->volume_header_size = le64_to_cpu(entry_header.size);
 		/* volume description (utf-16 string) */
 		} else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION) {
-			r = convert_to_utf8(cd, fve_entries + start + BITLK_ENTRY_HEADER_LEN,
+			description = malloc((entry_size - BITLK_ENTRY_HEADER_LEN - BITLK_ENTRY_HEADER_LEN) * 2 + 1);
-					    entry_size - BITLK_ENTRY_HEADER_LEN,
+			if (!description)
-					    &(params->description));
+				return -ENOMEM;
-			if (r < 0) {
+			r = crypt_utf16_to_utf8(&description, CONST_CAST(char16_t *)(fve_entries + start + BITLK_ENTRY_HEADER_LEN),
 					                  entry_size - BITLK_ENTRY_HEADER_LEN);
 			if (r < 0 || !description) {
 				free(description);
 				BITLK_bitlk_vmk_free(vmk);
 				log_err(cd, _("Failed to convert BITLK volume description"));
 				goto out;
 			}
 			params->description = description;
 		}
 		start += entry_size;
@@ -731,6 +704,7 @@ int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_meta
 	log_std(cd, "Version:      \t%u\n", params->metadata_version);
 	log_std(cd, "GUID:         \t%s\n", params->guid);
 	log_std(cd, "Sector size:  \t%u [bytes]\n", params->sector_size);
 	log_std(cd, "Volume size:  \t%" PRIu64 " [bytes]\n", params->volume_size);
 	log_std(cd, "Created:      \t%s", ctime((time_t *)&(params->creation_time)));
 	log_std(cd, "Description:  \t%s\n", params->description);
 	log_std(cd, "Cipher name:  \t%s\n", params->cipher);
@@ -749,7 +723,7 @@ int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_meta
 		log_std(cd, "\tGUID:       \t%s\n", vmk_p->guid);
 		log_std(cd, "\tProtection: \t%s\n", get_vmk_protection_string (vmk_p->protection));
 		log_std(cd, "\tSalt:       \t");
-		hexprint(cd, (const char *) vmk_p->salt, 16, "");
+		crypt_log_hex(cd, (const char *) vmk_p->salt, 16, "", 0, NULL);
 		log_std(cd, "\n");
 		vk_p = vmk_p->vk;
@@ -833,6 +807,135 @@ static int get_recovery_key(struct crypt_device *cd,
 	return 0;
 }
 static int parse_external_key_entry(struct crypt_device *cd,
 				    const char *data,
 				    int start,
 				    int end,
 				    struct volume_key **vk,
 				    const struct bitlk_metadata *params)
 {
 	uint16_t key_entry_size = 0;
 	uint16_t key_entry_type = 0;
 	uint16_t key_entry_value = 0;
 	size_t key_size = 0;
 	const char *key = NULL;
 	struct bitlk_guid guid;
 	char guid_buf[UUID_STR_LEN] = {0};
 	while (end - start > 2) {
 		/* size of this entry */
 		memcpy(&key_entry_size, data + start, sizeof(key_entry_size));
 		key_entry_size = le16_to_cpu(key_entry_size);
 		if (key_entry_size == 0)
 			break;
 		/* type and value of this entry */
 		memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type));
 		memcpy(&key_entry_value,
 		       data + start + sizeof(key_entry_size) + sizeof(key_entry_type),
 		       sizeof(key_entry_value));
 		key_entry_type = le16_to_cpu(key_entry_type);
 		key_entry_value = le16_to_cpu(key_entry_value);
 		if (key_entry_type != BITLK_ENTRY_TYPE_PROPERTY && key_entry_type != BITLK_ENTRY_TYPE_VOLUME_GUID) {
 			log_err(cd, _("Unexpected metadata entry type '%u' found when parsing external key."), key_entry_type);
 			return -EINVAL;
 		}
 		if (key_entry_value == BITLK_ENTRY_VALUE_KEY) {
 			key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + 4);
 			key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + 4;
 			*vk = crypt_alloc_volume_key(key_size, key);
 			if (*vk == NULL)
 				return -ENOMEM;
 			return 0;
 		/* optional "ExternalKey" string, we can safely ignore it */
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING)
 			;
 		/* GUID of the BitLocker device we are trying to open with this key */
 		else if (key_entry_value == BITLK_ENTRY_VALUE_GUID) {
 			memcpy(&guid, data + start + BITLK_ENTRY_HEADER_LEN, sizeof(struct bitlk_guid));
 			guid_to_string(&guid, guid_buf);
 			if (strcmp(guid_buf, params->guid) != 0) {
 				log_err(cd, _("BEK file GUID '%s' does not match GUID of the volume."), guid_buf);
 				return -EINVAL;
 			}
 		} else {
 			log_err(cd, _("Unexpected metadata entry value '%u' found when parsing external key."), key_entry_value);
 			return -EINVAL;
 		}
 		start += key_entry_size;
 	}
 	/* if we got here we failed to parse the metadata */
 	return -EINVAL;
 }
 /* check if given passphrase can be a startup key (has right format) and convert it */
 static int get_startup_key(struct crypt_device *cd,
 			   const char *password,
 			   size_t passwordLen,
 			   const struct bitlk_vmk *vmk,
 			   struct volume_key **su_key,
 			   const struct bitlk_metadata *params)
 {
 	struct bitlk_bek_header bek_header = {0};
 	char guid_buf[UUID_STR_LEN] = {0};
 	uint16_t key_entry_size = 0;
 	uint16_t key_entry_type = 0;
 	uint16_t key_entry_value = 0;
 	if (passwordLen < BITLK_BEK_FILE_HEADER_LEN)
 		return -EPERM;
 	memcpy(&bek_header, password, BITLK_BEK_FILE_HEADER_LEN);
 	/* metadata should contain GUID of the VMK this startup key is used for */
 	guid_to_string(&bek_header.guid, guid_buf);
 	if (strcmp(guid_buf, vmk->guid) == 0)
 		log_dbg(cd, "Found matching startup key for VMK %s", vmk->guid);
 	else
 		return -EPERM;
 	if (bek_header.metadata_version != 1) {
 		log_err(cd, _("Unsupported BEK metadata version %" PRIu32), bek_header.metadata_version);
 		return -ENOTSUP;
 	}
 	if (bek_header.metadata_size != passwordLen) {
 		log_err(cd, _("Unexpected BEK metadata size %" PRIu32 " does not match BEK file length"), bek_header.metadata_size);
 		return -EINVAL;
 	}
 	/* we are expecting exactly one metadata entry starting immediately after the header */
 	memcpy(&key_entry_size, password + BITLK_BEK_FILE_HEADER_LEN, sizeof(key_entry_size));
 	key_entry_size = le16_to_cpu(key_entry_size);
 	if (key_entry_size < BITLK_ENTRY_HEADER_LEN) {
 		log_dbg(cd, "Unexpected metadata entry size %" PRIu16 " when parsing BEK file", key_entry_size);
 		return -EINVAL;
 	}
 	/* type and value of this entry */
 	memcpy(&key_entry_type, password + BITLK_BEK_FILE_HEADER_LEN + sizeof(key_entry_size), sizeof(key_entry_type));
 	memcpy(&key_entry_value,
 	       password + BITLK_BEK_FILE_HEADER_LEN + sizeof(key_entry_size) + sizeof(key_entry_type),
 	       sizeof(key_entry_value));
 	key_entry_type = le16_to_cpu(key_entry_type);
 	key_entry_value = le16_to_cpu(key_entry_value);
 	if (key_entry_type == BITLK_ENTRY_TYPE_STARTUP_KEY && key_entry_value == BITLK_ENTRY_VALUE_EXTERNAL_KEY) {
 		return parse_external_key_entry(cd, password,
 						BITLK_BEK_FILE_HEADER_LEN + BITLK_ENTRY_HEADER_LEN + BITLK_STARTUP_KEY_HEADER_LEN,
 						passwordLen, su_key, params);
 	} else {
 		log_err(cd, _("Unexpected metadata entry found when parsing startup key."));
 		log_dbg(cd, "Entry type: %u, entry value: %u", key_entry_type, key_entry_value);
 		return -EINVAL;
 	}
 }
 static int bitlk_kdf(struct crypt_device *cd,
 		     const char *password,
 		     size_t passwordLen,
@@ -843,7 +946,7 @@ static int bitlk_kdf(struct crypt_device *cd,
 	struct bitlk_kdf_data kdf = {};
 	struct crypt_hash *hd = NULL;
 	int len = 0;
-	char *utf16Password = NULL;
+	char16_t *utf16Password = NULL;
 	int i = 0;
 	int r = 0;
@@ -860,11 +963,16 @@ static int bitlk_kdf(struct crypt_device *cd,
 	if (!recovery) {
 		/* passphrase: convert to UTF-16 first, then sha256(sha256(pw)) */
-		r = passphrase_to_utf16(cd, CONST_CAST(char*)password, passwordLen, &utf16Password);
+		utf16Password = crypt_safe_alloc(sizeof(char16_t) * (passwordLen + 1));
 		if (!utf16Password) {
 			r = -ENOMEM;
 			goto out;
 		}
 		r = crypt_utf8_to_utf16(&utf16Password, CONST_CAST(char*)password, passwordLen);
 		if (r < 0)
 			goto out;
-		crypt_hash_write(hd, utf16Password, passwordLen * 2);
+		crypt_hash_write(hd, (char*)utf16Password, passwordLen * 2);
 		r = crypt_hash_final(hd, kdf.initial_sha256, len);
 		if (r < 0)
 			goto out;
@@ -908,7 +1016,7 @@ static int decrypt_key(struct crypt_device *cd,
 {
 	char *outbuf;
 	int r;
-	uint32_t key_size = 0;
+	uint16_t key_size = 0;
 	outbuf = crypt_safe_alloc(enc_key->keylength);
 	if (!outbuf)
@@ -923,16 +1031,18 @@ static int decrypt_key(struct crypt_device *cd,
 	}
 	/* key_data has it's size as part of the metadata */
-	memcpy(&key_size, outbuf, 4);
+	memcpy(&key_size, outbuf, 2);
-	key_size = le32_to_cpu(key_size);
+	key_size = le16_to_cpu(key_size);
 	if (enc_key->keylength != key_size) {
-		log_err(cd, _("Wrong key size."));
+		log_err(cd, _("Unexpected key data size."));
 		log_dbg(cd, "Expected key data size: %zu, got %" PRIu16 "", enc_key->keylength, key_size);
 		r = -EINVAL;
 		goto out;
 	}
 	if (is_fvek && strcmp(crypt_get_cipher_mode(cd), "cbc-elephant") == 0 &&
-		crypt_get_volume_key_size(cd) == 16) {
+		crypt_get_volume_key_size(cd) == 32) {
 		/* 128bit AES-CBC with Elephant -- key size is 256 bit (2 keys) but key data is 512 bits,
 		   data: 16B CBC key, 16B empty, 16B elephant key, 16B empty */
 		memcpy(outbuf + 16 + BITLK_OPEN_KEY_METADATA_LEN,
@@ -949,56 +1059,34 @@ out:
 	return r;
 }
-int BITLK_activate(struct crypt_device *cd,
+int BITLK_get_volume_key(struct crypt_device *cd,
-		   const char *name,
+			 const char *password,
-		   const char *password,
+			 size_t passwordLen,
-		   size_t passwordLen,
+			 const struct bitlk_metadata *params,
-		   const struct bitlk_metadata *params,
+			 struct volume_key **open_fvek_key)
 		   uint32_t flags)
 {
 	int r = 0;
 	int i = 0;
 	int j = 0;
 	int min = 0;
 	int num_segments = 0;
 	struct crypt_dm_active_device dmd = {
 		.flags = flags,
 	};
 	struct dm_target *next_segment = NULL;
 	struct volume_key *open_vmk_key = NULL;
 	struct volume_key *open_fvek_key = NULL;
 	struct volume_key *vmk_dec_key = NULL;
 	struct volume_key *recovery_key = NULL;
 	const struct bitlk_vmk *next_vmk = NULL;
 	struct segment segments[MAX_BITLK_SEGMENTS] = {};
 	struct segment temp;
 	uint64_t next_start = 0;
 	uint64_t next_end = 0;
 	uint64_t last_segment = 0;
 	uint32_t dmt_flags;
 	if (!params->state) {
 		log_err(cd, _("This BITLK device is in an unsupported state and cannot be activated."));
 		r = -ENOTSUP;
 		goto out;
 	}
 	if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
 		log_err(cd, _("BITLK devices with type '%s' cannot be activated."), get_bitlk_type_string(params->type));
 		r = -ENOTSUP;
 		goto out;
 	}
 	next_vmk = params->vmks;
 	while (next_vmk) {
 		if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {
 			r = bitlk_kdf(cd, password, passwordLen, false, next_vmk->salt, &vmk_dec_key);
-			if (r)
+			if (r) {
-				return r;
+				/* something wrong happened, but we still want to check other key slots */
 				next_vmk = next_vmk->next;
 				continue;
 			}
 		} else if (next_vmk->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE) {
 			r = get_recovery_key(cd, password, passwordLen, &recovery_key);
-			if (r)
+			if (r) {
-				return r;
+				/* something wrong happened, but we still want to check other key slots */
 				next_vmk = next_vmk->next;
 				continue;
 			}
 			if (recovery_key == NULL) {
 				/* r = 0 but no key -> given passphrase is not a recovery passphrase */
 				r = -EPERM;
@@ -1011,8 +1099,15 @@ int BITLK_activate(struct crypt_device *cd,
 			crypt_free_volume_key(recovery_key);
 			if (r)
 				return r;
 		} else if (next_vmk->protection == BITLK_PROTECTION_STARTUP_KEY) {
 			r = get_startup_key(cd, password, passwordLen, next_vmk, &vmk_dec_key, params);
 			if (r) {
 				next_vmk = next_vmk->next;
 				continue;
 			}
 			log_dbg(cd, "Trying to use external key found in provided password.");
 		} else {
-			/* only passphrase and recovery passphrase VMKs supported right now */
+			/* only passphrase, recovery passphrase and startup key VMKs supported right now */
 			log_dbg(cd, "Skipping %s", get_vmk_protection_string(next_vmk->protection));
 			next_vmk = next_vmk->next;
 			if (r == 0)
@@ -1035,7 +1130,7 @@ int BITLK_activate(struct crypt_device *cd,
 		}
 		crypt_free_volume_key(vmk_dec_key);
-		r = decrypt_key(cd, &open_fvek_key, params->fvek->vk, open_vmk_key,
+		r = decrypt_key(cd, open_fvek_key, params->fvek->vk, open_vmk_key,
 				params->fvek->mac_tag, BITLK_VMK_MAC_TAG_SIZE,
 				params->fvek->nonce, BITLK_NONCE_SIZE, true);
 		if (r < 0) {
@@ -1056,28 +1151,71 @@ int BITLK_activate(struct crypt_device *cd,
 		return r;
 	}
-	/* Password verify only */
+	return 0;
-	if (!name) {
+}
-		crypt_free_volume_key(open_fvek_key);
+
-		return r;
+static int _activate_check(struct crypt_device *cd,
 		           const struct bitlk_metadata *params)
 {
 	const struct bitlk_vmk *next_vmk = NULL;
 	if (!params->state) {
 		log_err(cd, _("This BITLK device is in an unsupported state and cannot be activated."));
 		return -ENOTSUP;
 	}
 	if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
 		log_err(cd, _("BITLK devices with type '%s' cannot be activated."), get_bitlk_type_string(params->type));
 		return -ENOTSUP;
 	}
 	next_vmk = params->vmks;
 	while (next_vmk) {
 		if (next_vmk->protection == BITLK_PROTECTION_CLEAR_KEY) {
 			crypt_free_volume_key(open_fvek_key);
 			log_err(cd, _("Activation of partially decrypted BITLK device is not supported."));
 			return -ENOTSUP;
 		}
 		next_vmk = next_vmk->next;
 	}
 	return 0;
 }
 static int _activate(struct crypt_device *cd,
 		     const char *name,
 		     struct volume_key *open_fvek_key,
 		     const struct bitlk_metadata *params,
 		     uint32_t flags)
 {
 	int r = 0;
 	int i = 0;
 	int j = 0;
 	int min = 0;
 	int num_segments = 0;
 	struct crypt_dm_active_device dmd = {
 		.flags = flags,
 	};
 	struct dm_target *next_segment = NULL;
 	struct segment segments[MAX_BITLK_SEGMENTS] = {};
 	struct segment temp;
 	uint64_t next_start = 0;
 	uint64_t next_end = 0;
 	uint64_t last_segment = 0;
 	uint32_t dmt_flags = 0;
 	r = _activate_check(cd, params);
 	if (r)
 		return r;
 	r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
 				0, &dmd.size, &dmd.flags);
-	if (r) {
+	if (r)
 		crypt_free_volume_key(open_fvek_key);
 		return r;
-	}
+
 	if (dmd.size * SECTOR_SIZE != params->volume_size)
 		log_std(cd, _("WARNING: BitLocker volume size %" PRIu64 " does not match the underlying device size %" PRIu64 ""),
 			params->volume_size,
 			dmd.size * SECTOR_SIZE);
 	/* there will be always 4 dm-zero segments: 3x metadata, 1x FS header */
 	for (i = 0; i < 3; i++) {
@@ -1209,9 +1347,68 @@ int BITLK_activate(struct crypt_device *cd,
 			log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."));
 			r = -ENOTSUP;
 		}
 		if ((dmd.flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED)) {
 			log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for large sector size."));
 			r = -ENOTSUP;
 		}
 		if (dm_flags(cd, DM_ZERO, &dmt_flags) < 0) {
 			log_err(cd, _("Cannot activate device, kernel dm-zero module is missing."));
 			r = -ENOTSUP;
 		}
 	}
 out:
 	dm_targets_free(cd, &dmd);
 	return r;
 }
 int BITLK_activate_by_passphrase(struct crypt_device *cd,
 				 const char *name,
 				 const char *password,
 				 size_t passwordLen,
 				 const struct bitlk_metadata *params,
 				 uint32_t flags)
 {
 	int r = 0;
 	struct volume_key *open_fvek_key = NULL;
 	r = _activate_check(cd, params);
 	if (r)
 		return r;
 	r = BITLK_get_volume_key(cd, password, passwordLen, params, &open_fvek_key);
 	if (r < 0)
 		goto out;
 	/* Password verify only */
 	if (!name)
 		goto out;
 	r = _activate(cd, name, open_fvek_key, params, flags);
 out:
 	crypt_free_volume_key(open_fvek_key);
 	return r;
 }
 int BITLK_activate_by_volume_key(struct crypt_device *cd,
 				 const char *name,
 				 const char *volume_key,
 				 size_t volume_key_size,
 				 const struct bitlk_metadata *params,
 				 uint32_t flags)
 {
 	int r = 0;
 	struct volume_key *open_fvek_key = NULL;
 	r = _activate_check(cd, params);
 	if (r)
 		return r;
 	open_fvek_key = crypt_alloc_volume_key(volume_key_size, volume_key);
 	if (!open_fvek_key)
 		return -ENOMEM;
 	r = _activate(cd, name, open_fvek_key, params, flags);
 	crypt_free_volume_key(open_fvek_key);
 	return r;
 }
--- a/lib/bitlk/bitlk.h
+++ b/lib/bitlk/bitlk.h
@@ -1,9 +1,9 @@
 /*
 * BITLK (BitLocker-compatible) header definition
 *
- * Copyright (C) 2019-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2020 Milan Broz
+ * Copyright (C) 2019-2022 Milan Broz
- * Copyright (C) 2019-2020 Vojtech Trefny
+ * Copyright (C) 2019-2022 Vojtech Trefny
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -29,6 +29,7 @@
 struct crypt_device;
 struct device;
 struct volume_key;
 #define BITLK_NONCE_SIZE 12
 #define BITLK_SALT_SIZE 16
@@ -60,6 +61,7 @@ typedef enum {
 	BITLK_ENTRY_TYPE_STARTUP_KEY = 0x0006,
 	BITLK_ENTRY_TYPE_DESCRIPTION = 0x0007,
 	BITLK_ENTRY_TYPE_VOLUME_HEADER = 0x000f,
 	BITLK_ENTRY_TYPE_VOLUME_GUID = 0x0019,
 } BITLKFVEEntryType;
 typedef enum {
@@ -75,6 +77,7 @@ typedef enum {
 	BITLK_ENTRY_VALUE_EXTERNAL_KEY = 0x0009,
 	BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f,
 	BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015,
 	BITLK_ENTRY_VALUE_GUID = 0x0017,
 } BITLKFVEEntryValue;
 struct bitlk_vmk {
@@ -96,6 +99,7 @@ struct bitlk_fvek {
 struct bitlk_metadata {
 	uint16_t sector_size;
 	uint64_t volume_size;
 	bool togo;
 	bool state;
 	BITLKEncryptionType type;
@@ -117,12 +121,25 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params);
 int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params);
-int BITLK_activate(struct crypt_device *cd,
+int BITLK_get_volume_key(struct crypt_device *cd,
-		   const char *name,
+			 const char *password,
-		   const char *password,
+			 size_t passwordLen,
-		   size_t passwordLen,
+			 const struct bitlk_metadata *params,
-		   const struct bitlk_metadata *params,
+			 struct volume_key **open_fvek_key);
-		   uint32_t flags);
+
 int BITLK_activate_by_passphrase(struct crypt_device *cd,
 				 const char *name,
 				 const char *password,
 				 size_t passwordLen,
 				 const struct bitlk_metadata *params,
 				 uint32_t flags);
 int BITLK_activate_by_volume_key(struct crypt_device *cd,
 				 const char *name,
 				 const char *volume_key,
 				 size_t volume_key_size,
 				 const struct bitlk_metadata *params,
 				 uint32_t flags);
 void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek);
 void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk);
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -2,8 +2,8 @@
 * cryptsetup plain device helper functions
 *
 * Copyright (C) 2004 Jana Saout <jana@saout.de>
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/crypto_backend/Makemodule.am
+++ b/lib/crypto_backend/Makemodule.am
@@ -9,6 +9,8 @@ libcrypto_backend_la_SOURCES = \
 	lib/crypto_backend/crypto_storage.c \
 	lib/crypto_backend/pbkdf_check.c \
 	lib/crypto_backend/crc32.c \
 	lib/crypto_backend/base64.c \
 	lib/crypto_backend/utf8.c \
 	lib/crypto_backend/argon2_generic.c \
 	lib/crypto_backend/cipher_generic.c \
 	lib/crypto_backend/cipher_check.c
--- a/lib/crypto_backend/argon2/argon2.c
+++ b/lib/crypto_backend/argon2/argon2.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
@@ -450,6 +450,8 @@ const char *argon2_error_message(int error_code) {
 size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism,
                         uint32_t saltlen, uint32_t hashlen, argon2_type type) {
  if (!argon2_type2string(type, 0))
      return 0;
  return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
         numlen(t_cost) + numlen(m_cost) + numlen(parallelism) +
         b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1;
--- a/lib/crypto_backend/argon2/argon2.h
+++ b/lib/crypto_backend/argon2/argon2.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/blake2/blake2-impl.h
+++ b/lib/crypto_backend/argon2/blake2/blake2-impl.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/blake2/blake2.h
+++ b/lib/crypto_backend/argon2/blake2/blake2.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/blake2/blake2b.c
+++ b/lib/crypto_backend/argon2/blake2/blake2b.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/blake2/blamka-round-opt.h
+++ b/lib/crypto_backend/argon2/blake2/blamka-round-opt.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/blake2/blamka-round-ref.h
+++ b/lib/crypto_backend/argon2/blake2/blamka-round-ref.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/core.c
+++ b/lib/crypto_backend/argon2/core.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
    }
 }
 void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
 #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
 void secure_wipe_memory(void *v, size_t n) {
    SecureZeroMemory(v, n);
 }
 #elif defined memset_s
 void secure_wipe_memory(void *v, size_t n) {
    memset_s(v, n, 0, n);
 }
 #elif defined(HAVE_EXPLICIT_BZERO)
 void secure_wipe_memory(void *v, size_t n) {
    explicit_bzero(v, n);
 }
 #else
 void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
    static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
    memset_sec(v, 0, n);
 #endif
 }
 #endif
 /* Memory clear flag defaults to true. */
 int FLAG_clear_internal_memory = 1;
@@ -273,7 +279,6 @@ static void *fill_segment_thr(void *thread_data)
 {
    argon2_thread_data *my_data = thread_data;
    fill_segment(my_data->instance_ptr, my_data->pos);
    argon2_thread_exit();
    return 0;
 }
--- a/lib/crypto_backend/argon2/core.h
+++ b/lib/crypto_backend/argon2/core.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/encoding.c
+++ b/lib/crypto_backend/argon2/encoding.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/encoding.h
+++ b/lib/crypto_backend/argon2/encoding.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/opt.c
+++ b/lib/crypto_backend/argon2/opt.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/ref.c
+++ b/lib/crypto_backend/argon2/ref.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
--- a/lib/crypto_backend/argon2/thread.c
+++ b/lib/crypto_backend/argon2/thread.c
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
@@ -46,12 +46,4 @@ int argon2_thread_join(argon2_thread_handle_t handle) {
 #endif
 }
 void argon2_thread_exit(void) {
 #if defined(_WIN32)
    _endthreadex(0);
 #else
    pthread_exit(NULL);
 #endif
 }
 #endif /* ARGON2_NO_THREADS */
--- a/lib/crypto_backend/argon2/thread.h
+++ b/lib/crypto_backend/argon2/thread.h
@@ -8,8 +8,8 @@
 * License/Waiver or the Apache Public License 2.0, at your option. The terms of
 * these licenses can be found at:
 *
- * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
 *
 * You should have received a copy of both of these licenses along with this
 * software. If not, they may be obtained at the above URLs.
@@ -58,10 +58,5 @@ int argon2_thread_create(argon2_thread_handle_t *handle,
 */
 int argon2_thread_join(argon2_thread_handle_t handle);
 /* Terminate the current thread. Must be run inside a thread created by
 * argon2_thread_create.
 */
 void argon2_thread_exit(void);
 #endif /* ARGON2_NO_THREADS */
 #endif
--- a/lib/crypto_backend/argon2_generic.c
+++ b/lib/crypto_backend/argon2_generic.c
@@ -1,8 +1,8 @@
 /*
 * Argon2 PBKDF2 library wrapper
 *
- * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2020 Milan Broz
+ * Copyright (C) 2016-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/base64.c
+++ b/lib/crypto_backend/base64.c
@@ -0,0 +1,276 @@
 /*
 * Base64 "Not encryption" helpers, copied and adapted from systemd project.
 *
 * Copyright (C) 2010 Lennart Poettering
 *
 * cryptsetup related changes
 * Copyright (C) 2021-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include <errno.h>
 #include <stdlib.h>
 #include <limits.h>
 #include "crypto_backend.h"
 #define WHITESPACE " \t\n\r"
 /* https://tools.ietf.org/html/rfc4648#section-4 */
 static char base64char(int x)
 {
 	static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 				      "abcdefghijklmnopqrstuvwxyz"
 				      "0123456789+/";
 	return table[x & 63];
 }
 static int unbase64char(char c)
 {
 	unsigned offset;
 	if (c >= 'A' && c <= 'Z')
 		return c - 'A';
 	offset = 'Z' - 'A' + 1;
 	if (c >= 'a' && c <= 'z')
 		return c - 'a' + offset;
 	offset += 'z' - 'a' + 1;
 	if (c >= '0' && c <= '9')
 		return c - '0' + offset;
 	offset += '9' - '0' + 1;
 	if (c == '+')
 		return offset;
 	offset++;
 	if (c == '/')
 		return offset;
 	return -EINVAL;
 }
 int crypt_base64_encode(char **out, size_t *out_length, const char *in, size_t in_length)
 {
 	char *r, *z;
 	const uint8_t *x;
 	assert(in || in_length == 0);
 	assert(out);
 	/* three input bytes makes four output bytes, padding is added so we must round up */
 	z = r = malloc(4 * (in_length + 2) / 3 + 1);
 	if (!r)
 		return -ENOMEM;
 	for (x = (const uint8_t *)in; x < (const uint8_t*)in + (in_length / 3) * 3; x += 3) {
 		/* x[0] == XXXXXXXX; x[1] == YYYYYYYY; x[2] == ZZZZZZZZ */
 		*(z++) = base64char(x[0] >> 2);                    /* 00XXXXXX */
 		*(z++) = base64char((x[0] & 3) << 4 | x[1] >> 4);  /* 00XXYYYY */
 		*(z++) = base64char((x[1] & 15) << 2 | x[2] >> 6); /* 00YYYYZZ */
 		*(z++) = base64char(x[2] & 63);                    /* 00ZZZZZZ */
 	}
 	switch (in_length % 3) {
 	case 2:
 		*(z++) = base64char(x[0] >> 2);                   /* 00XXXXXX */
 		*(z++) = base64char((x[0] & 3) << 4 | x[1] >> 4); /* 00XXYYYY */
 		*(z++) = base64char((x[1] & 15) << 2);            /* 00YYYY00 */
 		*(z++) = '=';
 		break;
 	case 1:
 		*(z++) = base64char(x[0] >> 2);        /* 00XXXXXX */
 		*(z++) = base64char((x[0] & 3) << 4);  /* 00XX0000 */
 		*(z++) = '=';
 		*(z++) = '=';
 		break;
 	}
 	*z = 0;
 	*out = r;
 	if (out_length)
 		*out_length = z - r;
 	return 0;
 }
 static int unbase64_next(const char **p, size_t *l)
 {
 	int ret;
 	assert(p);
 	assert(l);
 	/* Find the next non-whitespace character, and decode it. If we find padding, we return it as INT_MAX. We
 	 * greedily skip all preceding and all following whitespace. */
 	for (;;) {
 		if (*l == 0)
 			return -EPIPE;
 		if (!strchr(WHITESPACE, **p))
 			break;
 		/* Skip leading whitespace */
 		(*p)++, (*l)--;
 	}
 	if (**p == '=')
 		ret = INT_MAX; /* return padding as INT_MAX */
 	else {
 		ret = unbase64char(**p);
 		if (ret < 0)
 			return ret;
 	}
 	for (;;) {
 		(*p)++, (*l)--;
 		if (*l == 0)
 			break;
 		if (!strchr(WHITESPACE, **p))
 			break;
 		/* Skip following whitespace */
 	}
 	return ret;
 }
 int crypt_base64_decode(char **out, size_t *out_length, const char *in, size_t in_length)
 {
 	uint8_t *buf = NULL;
 	const char *x;
 	uint8_t *z;
 	size_t len;
 	int r;
 	assert(in || in_length == 0);
 	assert(out);
 	assert(out_length);
 	if (in_length == (size_t) -1)
 		in_length = strlen(in);
 	/* A group of four input bytes needs three output bytes, in case of padding we need to add two or three extra
 	 * bytes. Note that this calculation is an upper boundary, as we ignore whitespace while decoding */
 	len = (in_length / 4) * 3 + (in_length % 4 != 0 ? (in_length % 4) - 1 : 0);
 	buf = malloc(len + 1);
 	if (!buf)
 		return -ENOMEM;
 	for (x = in, z = buf;;) {
 		int a, b, c, d; /* a == 00XXXXXX; b == 00YYYYYY; c == 00ZZZZZZ; d == 00WWWWWW */
 		a = unbase64_next(&x, &in_length);
 		if (a == -EPIPE) /* End of string */
 			break;
 		if (a < 0) {
 			r = a;
 			goto err;
 		}
 		if (a == INT_MAX) { /* Padding is not allowed at the beginning of a 4ch block */
 			r = -EINVAL;
 			goto err;
 		}
 		b = unbase64_next(&x, &in_length);
 		if (b < 0) {
 			r = b;
 			goto err;
 		}
 		if (b == INT_MAX) { /* Padding is not allowed at the second character of a 4ch block either */
 			r = -EINVAL;
 			goto err;
 		}
 		c = unbase64_next(&x, &in_length);
 		if (c < 0) {
 			r = c;
 			goto err;
 		}
 		d = unbase64_next(&x, &in_length);
 		if (d < 0) {
 			r = d;
 			goto err;
 		}
 		if (c == INT_MAX) { /* Padding at the third character */
 			if (d != INT_MAX) { /* If the third character is padding, the fourth must be too */
 				r = -EINVAL;
 				goto err;
 			}
 			/* b == 00YY0000 */
 			if (b & 15) {
 				r = -EINVAL;
 				goto err;
 			}
 			if (in_length > 0) { /* Trailing rubbish? */
 				r = -ENAMETOOLONG;
 				goto err;
 			}
 			*(z++) = (uint8_t) a << 2 | (uint8_t) (b >> 4); /* XXXXXXYY */
 			break;
 		}
 		if (d == INT_MAX) {
 			/* c == 00ZZZZ00 */
 			if (c & 3) {
 				r = -EINVAL;
 				goto err;
 			}
 			if (in_length > 0) { /* Trailing rubbish? */
 				r = -ENAMETOOLONG;
 				goto err;
 			}
 			*(z++) = (uint8_t) a << 2 | (uint8_t) b >> 4; /* XXXXXXYY */
 			*(z++) = (uint8_t) b << 4 | (uint8_t) c >> 2; /* YYYYZZZZ */
 			break;
 		}
 		*(z++) = (uint8_t) a << 2 | (uint8_t) b >> 4; /* XXXXXXYY */
 		*(z++) = (uint8_t) b << 4 | (uint8_t) c >> 2; /* YYYYZZZZ */
 		*(z++) = (uint8_t) c << 6 | (uint8_t) d;      /* ZZWWWWWW */
 	}
 	*z = 0;
 	*out_length = (size_t) (z - buf);
 	*out = (char *)buf;
 	return 0;
 err:
 	free(buf);
 	/* Ignore other errors in crypt_backend */
 	if (r != -ENOMEM)
 		r = -EINVAL;
 	return r;
 }
--- a/lib/crypto_backend/cipher_check.c
+++ b/lib/crypto_backend/cipher_check.c
@@ -1,8 +1,8 @@
 /*
 * Cipher performance check
 *
- * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2020 Milan Broz
+ * Copyright (C) 2018-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/cipher_generic.c
+++ b/lib/crypto_backend/cipher_generic.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel cipher generic utilities
 *
- * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2020 Milan Broz
+ * Copyright (C) 2018-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -31,7 +31,6 @@ struct cipher_alg {
 	bool wrapped_key;
 };
 /* FIXME: Getting block size should be dynamic from cipher backend. */
 static const struct cipher_alg cipher_algs[] = {
 	{ "cipher_null", NULL, 16, false },
 	{ "aes",         NULL, 16, false },
--- a/lib/crypto_backend/crc32.c
+++ b/lib/crypto_backend/crc32.c
@@ -97,12 +97,71 @@ static const uint32_t crc32_tab[] = {
 	0x2d02ef8dL
 };
 static const uint32_t crc32c_tab[] = {
 	0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, 0xC79A971FL,
 	0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, 0x8AD958CFL, 0x78B2DBCCL,
 	0x6BE22838L, 0x9989AB3BL, 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L,
 	0x5E133C24L, 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
 	0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, 0x9A879FA0L,
 	0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, 0x5D1D08BFL, 0xAF768BBCL,
 	0xBC267848L, 0x4E4DFB4BL, 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L,
 	0x33ED7D2AL, 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
 	0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, 0x6DFE410EL,
 	0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, 0x30E349B1L, 0xC288CAB2L,
 	0xD1D83946L, 0x23B3BA45L, 0xF779DEAEL, 0x05125DADL, 0x1642AE59L,
 	0xE4292D5AL, 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
 	0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, 0x417B1DBCL,
 	0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, 0x86E18AA3L, 0x748A09A0L,
 	0x67DAFA54L, 0x95B17957L, 0xCBA24573L, 0x39C9C670L, 0x2A993584L,
 	0xD8F2B687L, 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
 	0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, 0x96BF4DCCL,
 	0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, 0xDBFC821CL, 0x2997011FL,
 	0x3AC7F2EBL, 0xC8AC71E8L, 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L,
 	0x0F36E6F7L, 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
 	0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, 0xEB1FCBADL,
 	0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, 0x2C855CB2L, 0xDEEEDFB1L,
 	0xCDBE2C45L, 0x3FD5AF46L, 0x7198540DL, 0x83F3D70EL, 0x90A324FAL,
 	0x62C8A7F9L, 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
 	0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, 0x3CDB9BDDL,
 	0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, 0x82F63B78L, 0x709DB87BL,
 	0x63CD4B8FL, 0x91A6C88CL, 0x456CAC67L, 0xB7072F64L, 0xA457DC90L,
 	0x563C5F93L, 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
 	0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, 0x92A8FC17L,
 	0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, 0x55326B08L, 0xA759E80BL,
 	0xB4091BFFL, 0x466298FCL, 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL,
 	0x0B21572CL, 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
 	0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, 0x65D122B9L,
 	0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, 0x2892ED69L, 0xDAF96E6AL,
 	0xC9A99D9EL, 0x3BC21E9DL, 0xEF087A76L, 0x1D63F975L, 0x0E330A81L,
 	0xFC588982L, 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
 	0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, 0x38CC2A06L,
 	0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, 0xFF56BD19L, 0x0D3D3E1AL,
 	0x1E6DCDEEL, 0xEC064EEDL, 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L,
 	0xD0DDD530L, 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
 	0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, 0x8ECEE914L,
 	0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, 0xD3D3E1ABL, 0x21B862A8L,
 	0x32E8915CL, 0xC083125FL, 0x144976B4L, 0xE622F5B7L, 0xF5720643L,
 	0x07198540L, 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
 	0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, 0xE330A81AL,
 	0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, 0x24AA3F05L, 0xD6C1BC06L,
 	0xC5914FF2L, 0x37FACCF1L, 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L,
 	0x7AB90321L, 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
 	0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, 0x34F4F86AL,
 	0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, 0x79B737BAL, 0x8BDCB4B9L,
 	0x988C474DL, 0x6AE7C44EL, 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L,
 	0xAD7D5351L
 };
 /*
 * This a generic crc32() function, it takes seed as an argument,
 * and does __not__ xor at the end. Then individual users can do
 * whatever they need.
 */
-uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
+static uint32_t compute_crc32(
 	const uint32_t *crc32_tab,
 	uint32_t seed,
 	const unsigned char *buf,
 	size_t len)
 {
 	uint32_t crc = seed;
 	const unsigned char *p = buf;
@@ -112,3 +171,13 @@ uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
 	return crc;
 }
 uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
 {
 	return compute_crc32(crc32_tab, seed, buf, len);
 }
 uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len)
 {
 	return compute_crc32(crc32c_tab, seed, buf, len);
 }
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -1,8 +1,8 @@
 /*
 * crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -21,17 +21,24 @@
 #ifndef _CRYPTO_BACKEND_H
 #define _CRYPTO_BACKEND_H
 #include <assert.h>
 #include <stdint.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
 #ifdef HAVE_UCHAR_H
 #include <uchar.h>
 #else
 #define char32_t uint32_t
 #define char16_t uint16_t
 #endif
 struct crypt_hash;
 struct crypt_hmac;
 struct crypt_cipher;
 struct crypt_storage;
-int crypt_backend_init(void);
+int crypt_backend_init(bool fips);
 void crypt_backend_destroy(void);
 #define CRYPT_BACKEND_KERNEL (1 << 0)	/* Crypto uses kernel part, for benchmark */
@@ -62,7 +69,7 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips);
 /* PBKDF*/
 struct crypt_pbkdf_limits {
 	uint32_t min_iterations, max_iterations;
-	uint32_t min_memory, max_memory;
+	uint32_t min_memory, max_memory, min_bench_memory;
 	uint32_t min_parallel, max_parallel;
 };
@@ -82,6 +89,15 @@ int crypt_pbkdf_perf(const char *kdf, const char *hash,
 /* CRC32 */
 uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
 uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len);
 /* Base64 */
 int crypt_base64_encode(char **out, size_t *out_length, const char *in, size_t in_length);
 int crypt_base64_decode(char **out, size_t *out_length, const char *in, size_t in_length);
 /* UTF8/16 */
 int crypt_utf16_to_utf8(char **out, const char16_t *s, size_t length /* bytes! */);
 int crypt_utf8_to_utf16(char16_t **out, const char *s, size_t length);
 /* Block ciphers */
 int crypt_cipher_ivsize(const char *name, const char *mode);
@@ -109,7 +125,7 @@ int crypt_cipher_check_kernel(const char *name, const char *mode,
 /* Storage encryption wrappers */
 int crypt_storage_init(struct crypt_storage **ctx, size_t sector_size,
 		       const char *cipher, const char *cipher_mode,
-		       const void *key, size_t key_length);
+		       const void *key, size_t key_length, bool large_iv);
 void crypt_storage_destroy(struct crypt_storage *ctx);
 int crypt_storage_decrypt(struct crypt_storage *ctx, uint64_t iv_offset,
 			  uint64_t length, char *buffer);
@@ -135,4 +151,10 @@ static inline void crypt_backend_memzero(void *s, size_t n)
 #endif
 }
 /* Memcmp helper (memcmp in constant time) */
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n);
 /* crypto backend running in FIPS mode */
 bool crypt_fips_mode(void);
 #endif /* _CRYPTO_BACKEND_H */
--- a/lib/crypto_backend/crypto_backend_internal.h
+++ b/lib/crypto_backend/crypto_backend_internal.h
@@ -1,8 +1,8 @@
 /*
 * crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -23,7 +23,6 @@
 #include "crypto_backend.h"
 #if USE_INTERNAL_PBKDF2
 /* internal PBKDF2 implementation */
 int pkcs5_pbkdf2(const char *hash,
 		 const char *P, size_t Plen,
@@ -31,7 +30,6 @@ int pkcs5_pbkdf2(const char *hash,
 		 unsigned int c,
 		 unsigned int dkLen, char *DK,
 		 unsigned int hash_block_size);
 #endif
 /* Argon2 implementation wrapper */
 int argon2(const char *type, const char *password, size_t password_length,
@@ -60,4 +58,18 @@ int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
 				   const char *iv, size_t iv_length,
 				   const char *tag, size_t tag_length);
 /* Internal implementation for constant time memory comparison */
 static inline int crypt_internal_memeq(const void *m1, const void *m2, size_t n)
 {
 	const unsigned char *_m1 = (const unsigned char *) m1;
 	const unsigned char *_m2 = (const unsigned char *) m2;
 	unsigned char result = 0;
 	size_t i;
 	for (i = 0; i < n; i++)
 		result |= _m1[i] ^ _m2[i];
 	return result;
 }
 #endif /* _CRYPTO_BACKEND_INTERNAL_H */
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel userspace API crypto backend implementation (skcipher)
 *
- * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2020 Milan Broz
+ * Copyright (C) 2012-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -96,11 +96,14 @@ int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "skcipher",
 	};
 	int r;
 	if (!strcmp(name, "cipher_null"))
 		key_length = 0;
-	snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
+	r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
 	if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
 		return -EINVAL;
 	return _crypt_cipher_init(ctx, key, key_length, 0, &sa);
 }
@@ -152,6 +155,9 @@ static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
 	/* Set IV */
 	if (iv) {
 		header = CMSG_NXTHDR(&msg, header);
 		if (!header)
 			return -EINVAL;
 		header->cmsg_level = SOL_ALG;
 		header->cmsg_type = ALG_SET_IV;
 		header->cmsg_len = iv_msg_size;
@@ -161,15 +167,14 @@ static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
 	}
 	len = sendmsg(ctx->opfd, &msg, 0);
-	if (len != (ssize_t)(in_length)) {
+	if (len != (ssize_t)(in_length))
 		r = -EIO;
-		goto bad;
+	else {
 		len = read(ctx->opfd, out, out_length);
 		if (len != (ssize_t)out_length)
 			r = -EIO;
 	}
 	len = read(ctx->opfd, out, out_length);
 	if (len != (ssize_t)out_length)
 		r = -EIO;
 bad:
 	crypt_backend_memzero(buffer, sizeof(buffer));
 	return r;
 }
@@ -227,7 +232,10 @@ int crypt_cipher_check_kernel(const char *name, const char *mode,
 	}
 	salg_type = aead ? "aead" : "skcipher";
-	snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
+	r = snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
 	if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
 		return -EINVAL;
 	memset(tmp_salg_name, 0, sizeof(tmp_salg_name));
 	/* FIXME: this is duplicating a part of devmapper backend */
@@ -240,7 +248,7 @@ int crypt_cipher_check_kernel(const char *name, const char *mode,
 	else
 		r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name);
-	if (r <= 0 || r > (int)(sizeof(sa.salg_name) - 1))
+	if (r < 0 || (size_t)r >= sizeof(tmp_salg_name))
 		return -EINVAL;
 	memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name));
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -1,8 +1,8 @@
 /*
 * GCRYPT crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -22,7 +22,6 @@
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>
 #include <assert.h>
 #include <gcrypt.h>
 #include "crypto_backend_internal.h"
@@ -51,9 +50,14 @@ struct crypt_cipher {
 	} u;
 };
 struct hash_alg {
 	const char *name;
 	const char *gcrypt_name;
 };
 /*
 * Test for wrong Whirlpool variant,
- * Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
+ * Ref: https://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
 */
 static void crypt_hash_test_whirlpool_bug(void)
 {
@@ -89,8 +93,10 @@ static void crypt_hash_test_whirlpool_bug(void)
 		crypto_backend_whirlpool_bug = 1;
 }
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
 {
 	int r;
 	if (crypto_backend_initialised)
 		return 0;
@@ -99,7 +105,7 @@ int crypt_backend_init(void)
 			return -ENOSYS;
 		}
-/* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
+/* If gcrypt compiled to support POSIX 1003.1e capabilities,
 * it drops all privileges during secure memory initialisation.
 * For now, the only workaround is to disable secure memory in gcrypt.
 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
@@ -120,11 +126,12 @@ int crypt_backend_init(void)
 	crypto_backend_initialised = 1;
 	crypt_hash_test_whirlpool_bug();
-	snprintf(version, 64, "gcrypt %s%s%s",
+	r = snprintf(version, sizeof(version), "gcrypt %s%s%s",
 		 gcry_check_version(NULL),
 		 crypto_backend_secmem ? "" : ", secmem disabled",
-		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : ""
+		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "");
-		);
+	if (r < 0 || (size_t)r >= sizeof(version))
 		return -EINVAL;
 	return 0;
 }
@@ -150,10 +157,24 @@ uint32_t crypt_backend_flags(void)
 static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)
 {
 	const char *hash_name = name;
 	int i;
 	static struct hash_alg hash_algs[] = {
 	{ "blake2b-160", "blake2b_160" },
 	{ "blake2b-256", "blake2b_256" },
 	{ "blake2b-384", "blake2b_384" },
 	{ "blake2b-512", "blake2b_512" },
 	{ "blake2s-128", "blake2s_128" },
 	{ "blake2s-160", "blake2s_160" },
 	{ "blake2s-224", "blake2s_224" },
 	{ "blake2s-256", "blake2s_256" },
 	{ NULL,          NULL,         }};
 	if (!name)
 		return NULL;
 	/* "whirlpool_gcryptbug" is out shortcut to flawed whirlpool
 	 * in libgcrypt < 1.6.0 */
-	if (name && !strcasecmp(name, "whirlpool_gcryptbug")) {
+	if (!strcasecmp(name, "whirlpool_gcryptbug")) {
 #if GCRYPT_VERSION_NUMBER >= 0x010601
 		if (flags)
 			*flags |= GCRY_MD_FLAG_BUGEMU1;
@@ -161,6 +182,15 @@ static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)
 		hash_name = "whirlpool";
 	}
 	i = 0;
 	while (hash_algs[i].name) {
 		if (!strcasecmp(name, hash_algs[i].name)) {
 			hash_name =  hash_algs[i].gcrypt_name;
 			break;
 		}
 		i++;
 	}
 	return hash_name;
 }
@@ -316,7 +346,7 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx)
 }
 /* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips __attribute__((unused)))
 {
 	switch(quality) {
 	case CRYPT_RND_NORMAL:
@@ -519,3 +549,25 @@ out:
 	return -ENOTSUP;
 #endif
 }
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	return crypt_internal_memeq(m1, m2, n);
 }
 #if !ENABLE_FIPS
 bool crypt_fips_mode(void) { return false; }
 #else
 bool crypt_fips_mode(void)
 {
 	static bool fips_mode = false, fips_checked = false;
 	if (fips_checked)
 		return fips_mode;
 	fips_mode = gcry_fips_mode_active();
 	fips_checked = true;
 	return fips_mode;
 }
 #endif /* ENABLE FIPS */
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel userspace API crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -29,7 +29,6 @@
 #include <linux/if_alg.h>
 #include "crypto_backend_internal.h"
 /* FIXME: remove later */
 #ifndef AF_ALG
 #define AF_ALG 38
 #endif
@@ -62,6 +61,14 @@ static struct hash_alg hash_algs[] = {
 	{ "stribog256","streebog256", 32,  64 },
 	{ "stribog512","streebog512", 64,  64 },
 	{ "sm3",       "sm3",         32,  64 },
 	{ "blake2b-160","blake2b-160",20, 128 },
 	{ "blake2b-256","blake2b-256",32, 128 },
 	{ "blake2b-384","blake2b-384",48, 128 },
 	{ "blake2b-512","blake2b-512",64, 128 },
 	{ "blake2s-128","blake2s-128",16,  64 },
 	{ "blake2s-160","blake2s-160",20,  64 },
 	{ "blake2s-224","blake2s-224",28,  64 },
 	{ "blake2s-256","blake2s-256",32,  64 },
 	{ NULL,        NULL,           0,   0 }
 };
@@ -110,7 +117,7 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op
 	return 0;
 }
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
 {
 	struct utsname uts;
 	struct sockaddr_alg sa = {
@@ -118,7 +125,7 @@ int crypt_backend_init(void)
 		.salg_type = "hash",
 		.salg_name = "sha256",
 	};
-	int tfmfd = -1, opfd = -1;
+	int r, tfmfd = -1, opfd = -1;
 	if (crypto_backend_initialised)
 		return 0;
@@ -126,15 +133,17 @@ int crypt_backend_init(void)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
 	r = snprintf(version, sizeof(version), "%s %s kernel cryptoAPI",
 		uts.sysname, uts.release);
 	if (r < 0 || (size_t)r >= sizeof(version))
 		return -EINVAL;
 	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
 		return -EINVAL;
 	close(tfmfd);
 	close(opfd);
 	snprintf(version, sizeof(version), "%s %s kernel cryptoAPI",
 		 uts.sysname, uts.release);
 	crypto_backend_initialised = 1;
 	return 0;
 }
@@ -255,6 +264,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "hash",
 	};
 	int r;
 	h = malloc(sizeof(*h));
 	if (!h)
@@ -267,8 +277,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	}
 	h->hash_len = ha->length;
-	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
+	r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);
 	if (r < 0 || (size_t)r >= sizeof(sa.salg_name)) {
 		free(h);
 		return -EINVAL;
 	}
 	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, key, key_length) < 0) {
 		free(h);
@@ -315,7 +329,8 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx)
 }
 /* RNG - N/A */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer __attribute__((unused)), size_t length __attribute__((unused)),
 	int quality __attribute__((unused)), int fips __attribute__((unused)))
 {
 	return -EINVAL;
 }
@@ -388,7 +403,7 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 	return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
 }
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
 {
 	return true;
 }
@@ -401,3 +416,13 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
 					      iv, iv_length, tag, tag_length);
 }
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	return crypt_internal_memeq(m1, m2, n);
 }
 bool crypt_fips_mode(void)
 {
 	return false;
 }
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -1,8 +1,8 @@
 /*
 * Nettle crypto backend implementation
 *
- * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2020 Milan Broz
+ * Copyright (C) 2011-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -26,6 +26,7 @@
 #include <nettle/sha3.h>
 #include <nettle/hmac.h>
 #include <nettle/pbkdf2.h>
 #include <nettle/memops.h>
 #include "crypto_backend_internal.h"
 #if HAVE_NETTLE_VERSION_H
@@ -213,7 +214,7 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
 {
 	return 0;
 }
@@ -301,12 +302,16 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	h->hash = _get_alg(name);
-	if (!h->hash)
+	if (!h->hash) {
-		goto bad;
+		free(h);
 		return -EINVAL;
 	}
 	h->key = malloc(key_length);
-	if (!h->key)
+	if (!h->key) {
-		goto bad;
+		free(h);
 		return -ENOMEM;
 	}
 	memcpy(h->key, key, key_length);
 	h->key_length = key_length;
@@ -316,9 +321,6 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	*ctx = h;
 	return 0;
 bad:
 	free(h);
 	return -EINVAL;
 }
 static void crypt_hmac_restart(struct crypt_hmac *ctx)
@@ -351,7 +353,10 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx)
 }
 /* RNG - N/A */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer __attribute__((unused)),
 		      size_t length __attribute__((unused)),
 		      int quality __attribute__((unused)),
 		      int fips __attribute__((unused)))
 {
 	return -EINVAL;
 }
@@ -429,7 +434,7 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 	return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
 }
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
 {
 	return true;
 }
@@ -442,3 +447,14 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
 					      iv, iv_length, tag, tag_length);
 }
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	/* The logic is inverse to memcmp... */
 	return !memeql_sec(m1, m2, n);
 }
 bool crypt_fips_mode(void)
 {
 	return false;
 }
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -1,8 +1,8 @@
 /*
 * NSS crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -75,8 +75,10 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
 {
 	int r;
 	if (crypto_backend_initialised)
 		return 0;
@@ -84,10 +86,13 @@ int crypt_backend_init(void)
 		return -EINVAL;
 #if HAVE_DECL_NSS_GETVERSION
-	snprintf(version, 64, "NSS %s", NSS_GetVersion());
+	r = snprintf(version, sizeof(version), "NSS %s", NSS_GetVersion());
 #else
-	snprintf(version, 64, "NSS");
+	r = snprintf(version, sizeof(version), "NSS");
 #endif
 	if (r < 0 || (size_t)r >= sizeof(version))
 		return -EINVAL;
 	crypto_backend_initialised = 1;
 	return 0;
 }
@@ -220,28 +225,28 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	h->hash = _get_alg(name);
 	if (!h->hash)
-		goto bad;
+		goto err;
 	h->slot = PK11_GetInternalKeySlot();
 	if (!h->slot)
-		goto bad;
+		goto err;
 	h->key = PK11_ImportSymKey(h->slot, h->hash->ck_type, PK11_OriginUnwrap,
 				   CKA_SIGN,  &keyItem, NULL);
 	if (!h->key)
-		goto bad;
+		goto err;
 	h->md = PK11_CreateContextBySymKey(h->hash->ck_type, CKA_SIGN, h->key,
 					   &noParams);
 	if (!h->md)
-		goto bad;
+		goto err;
 	if (PK11_DigestBegin(h->md) != SECSuccess)
-		goto bad;
+		goto err;
 	*ctx = h;
 	return 0;
-bad:
+err:
 	crypt_hmac_destroy(h);
 	return -EINVAL;
 }
@@ -298,7 +303,7 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx)
 }
 /* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length, int quality __attribute__((unused)), int fips)
 {
 	if (fips)
 		return -EINVAL;
@@ -377,7 +382,7 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 	return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
 }
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
 {
 	return true;
 }
@@ -390,3 +395,13 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
 					      iv, iv_length, tag, tag_length);
 }
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	return NSS_SecureMemcmp(m1, m2, n);
 }
 bool crypt_fips_mode(void)
 {
 	return false;
 }
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -1,8 +1,8 @@
 /*
 * OPENSSL crypto backend implementation
 *
- * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2020 Milan Broz
+ * Copyright (C) 2010-2022 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -30,10 +30,20 @@
 #include <string.h>
 #include <errno.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include "crypto_backend_internal.h"
 #if OPENSSL_VERSION_MAJOR >= 3
 #include <openssl/provider.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
 static OSSL_PROVIDER *ossl_legacy = NULL;
 static OSSL_PROVIDER *ossl_default = NULL;
 static OSSL_LIB_CTX  *ossl_ctx = NULL;
 static char backend_version[256] = "OpenSSL";
 #endif
 #define CONST_CAST(x) (x)(uintptr_t)
@@ -46,8 +56,14 @@ struct crypt_hash {
 };
 struct crypt_hmac {
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_MAC *mac;
 	EVP_MAC_CTX *md;
 	EVP_MAC_CTX *md_org;
 #else
 	HMAC_CTX *md;
 	const EVP_MD *hash_id;
 #endif
 	int hash_len;
 };
@@ -58,20 +74,31 @@ struct crypt_cipher {
 	struct {
 		EVP_CIPHER_CTX *hd_enc;
 		EVP_CIPHER_CTX *hd_dec;
 		const EVP_CIPHER *cipher_type;
 		size_t iv_length;
 	} lib;
 	} u;
 };
 struct hash_alg {
 	const char *name;
 	const char *openssl_name;
 };
 /*
 * Compatible wrappers for OpenSSL < 1.1.0 and LibreSSL < 2.7.0
 */
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
-static void openssl_backend_init(void)
+static int openssl_backend_init(bool fips __attribute__((unused)))
 {
 	OpenSSL_add_all_algorithms();
 	return 0;
 }
 static void openssl_backend_exit(void)
 {
 }
 static const char *openssl_backend_version(void)
@@ -111,22 +138,79 @@ static void HMAC_CTX_free(HMAC_CTX *md)
 	free(md);
 }
 #else
-static void openssl_backend_init(void)
+static void openssl_backend_exit(void)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	if (ossl_legacy)
 		OSSL_PROVIDER_unload(ossl_legacy);
 	if (ossl_default)
 		OSSL_PROVIDER_unload(ossl_default);
 	if (ossl_ctx)
 		OSSL_LIB_CTX_free(ossl_ctx);
 	ossl_legacy = NULL;
 	ossl_default = NULL;
 	ossl_ctx = NULL;
 #endif
 }
 static int openssl_backend_init(bool fips)
 {
 /*
 * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
 */
 #if OPENSSL_VERSION_MAJOR >= 3
 	int r;
 	/*
 	 * In FIPS mode we keep default OpenSSL context & global config
 	 */
 	if (!fips) {
 		ossl_ctx = OSSL_LIB_CTX_new();
 		if (!ossl_ctx)
 			return -EINVAL;
 		ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0);
 		if (!ossl_default) {
 			OSSL_LIB_CTX_free(ossl_ctx);
 			return -EINVAL;
 		}
 		/* Optional */
 		ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
 	}
 	r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s",
 		OpenSSL_version(OPENSSL_VERSION),
 		ossl_default ? "[default]" : "",
 		ossl_legacy  ? "[legacy]" : "",
 		fips  ? "[fips]" : "");
 	if (r < 0 || (size_t)r >= sizeof(backend_version)) {
 		openssl_backend_exit();
 		return -EINVAL;
 	}
 #endif
 	return 0;
 }
 static const char *openssl_backend_version(void)
 {
-    return OpenSSL_version(OPENSSL_VERSION);
+#if OPENSSL_VERSION_MAJOR >= 3
 	return backend_version;
 #else
 	return OpenSSL_version(OPENSSL_VERSION);
 #endif
 }
 #endif
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips)
 {
 	if (crypto_backend_initialised)
 		return 0;
-	openssl_backend_init();
+	if (openssl_backend_init(fips))
 		return -EINVAL;
 	crypto_backend_initialised = 1;
 	return 0;
@@ -134,7 +218,15 @@ int crypt_backend_init(void)
 void crypt_backend_destroy(void)
 {
 	/*
 	 * If Destructor was already called, we must not call it again
 	 */
 	if (!crypto_backend_initialised)
 		return;
 	crypto_backend_initialised = 0;
 	openssl_backend_exit();
 }
 uint32_t crypt_backend_flags(void)
@@ -147,15 +239,75 @@ const char *crypt_backend_version(void)
 	return openssl_backend_version();
 }
 static const char *crypt_hash_compat_name(const char *name)
 {
 	const char *hash_name = name;
 	int i;
 	static struct hash_alg hash_algs[] = {
 	{ "blake2b-512", "blake2b512" },
 	{ "blake2s-256", "blake2s256" },
 	{ NULL,          NULL,         }};
 	if (!name)
 		return NULL;
 	i = 0;
 	while (hash_algs[i].name) {
 		if (!strcasecmp(name, hash_algs[i].name)) {
 			hash_name =  hash_algs[i].openssl_name;
 			break;
 		}
 		i++;
 	}
 	return hash_name;
 }
 static const EVP_MD *hash_id_get(const char *name)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	return EVP_MD_fetch(ossl_ctx, crypt_hash_compat_name(name), NULL);
 #else
 	return EVP_get_digestbyname(crypt_hash_compat_name(name));
 #endif
 }
 static void hash_id_free(const EVP_MD *hash_id)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_MD_free(CONST_CAST(EVP_MD*)hash_id);
 #endif
 }
 static const EVP_CIPHER *cipher_type_get(const char *name)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	return EVP_CIPHER_fetch(ossl_ctx, name, NULL);
 #else
 	return EVP_get_cipherbyname(name);
 #endif
 }
 static void cipher_type_free(const EVP_CIPHER *cipher_type)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type);
 #endif
 }
 /* HASH */
 int crypt_hash_size(const char *name)
 {
-	const EVP_MD *hash_id = EVP_get_digestbyname(name);
+	int size;
 	const EVP_MD *hash_id;
 	hash_id = hash_id_get(name);
 	if (!hash_id)
 		return -EINVAL;
-	return EVP_MD_size(hash_id);
+	size = EVP_MD_size(hash_id);
 	hash_id_free(hash_id);
 	return size;
 }
 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
@@ -172,7 +324,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 		return -ENOMEM;
 	}
-	h->hash_id = EVP_get_digestbyname(name);
+	h->hash_id = hash_id_get(name);
 	if (!h->hash_id) {
 		EVP_MD_CTX_free(h->md);
 		free(h);
@@ -180,6 +332,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 	}
 	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
 		hash_id_free(h->hash_id);
 		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
@@ -231,6 +384,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 void crypt_hash_destroy(struct crypt_hash *ctx)
 {
 	hash_id_free(ctx->hash_id);
 	EVP_MD_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -246,7 +400,39 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 		    const void *key, size_t key_length)
 {
 	struct crypt_hmac *h;
 #if OPENSSL_VERSION_MAJOR >= 3
 	OSSL_PARAM params[] = {
 		OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, CONST_CAST(void*)name, 0),
 		OSSL_PARAM_END
 	};
 	h = malloc(sizeof(*h));
 	if (!h)
 		return -ENOMEM;
 	h->mac = EVP_MAC_fetch(ossl_ctx, OSSL_MAC_NAME_HMAC, NULL);
 	if (!h->mac) {
 		free(h);
 		return -EINVAL;
 	}
 	h->md = EVP_MAC_CTX_new(h->mac);
 	if (!h->md) {
 		EVP_MAC_free(h->mac);
 		free(h);
 		return -ENOMEM;
 	}
 	if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
 		EVP_MAC_CTX_free(h->md);
 		EVP_MAC_free(h->mac);
 		free(h);
 		return -EINVAL;
 	}
 	h->hash_len = EVP_MAC_CTX_get_mac_size(h->md);
 	h->md_org = EVP_MAC_CTX_dup(h->md);
 #else
 	h = malloc(sizeof(*h));
 	if (!h)
 		return -ENOMEM;
@@ -257,7 +443,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 		return -ENOMEM;
 	}
-	h->hash_id = EVP_get_digestbyname(name);
+	h->hash_id = hash_id_get(name);
 	if (!h->hash_id) {
 		HMAC_CTX_free(h->md);
 		free(h);
@@ -267,51 +453,82 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	HMAC_Init_ex(h->md, key, key_length, h->hash_id, NULL);
 	h->hash_len = EVP_MD_size(h->hash_id);
 #endif
 	*ctx = h;
 	return 0;
 }
-static void crypt_hmac_restart(struct crypt_hmac *ctx)
+static int crypt_hmac_restart(struct crypt_hmac *ctx)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_MAC_CTX_free(ctx->md);
 	ctx->md = EVP_MAC_CTX_dup(ctx->md_org);
 	if (!ctx->md)
 		return -EINVAL;
 #else
 	HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
 #endif
 	return 0;
 }
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	return EVP_MAC_update(ctx->md, (const unsigned char *)buffer, length) == 1 ? 0 : -EINVAL;
 #else
 	HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
 	return 0;
 #endif
 }
 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 {
 	unsigned char tmp[EVP_MAX_MD_SIZE];
 #if OPENSSL_VERSION_MAJOR >= 3
 	size_t tmp_len = 0;
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 	if (EVP_MAC_final(ctx->md, tmp,  &tmp_len, sizeof(tmp)) != 1)
 		return -EINVAL;
 #else
 	unsigned int tmp_len = 0;
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 	HMAC_Final(ctx->md, tmp, &tmp_len);
-
+#endif
 	memcpy(buffer, tmp, length);
 	crypt_backend_memzero(tmp, sizeof(tmp));
 	if (tmp_len < length)
 		return -EINVAL;
-	crypt_hmac_restart(ctx);
+	if (crypt_hmac_restart(ctx))
 		return -EINVAL;
 	return 0;
 }
 void crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_MAC_CTX_free(ctx->md);
 	EVP_MAC_CTX_free(ctx->md_org);
 	EVP_MAC_free(ctx->mac);
 #else
 	hash_id_free(ctx->hash_id);
 	HMAC_CTX_free(ctx->md);
 #endif
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 }
 /* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length,
 	int quality __attribute__((unused)), int fips __attribute__((unused)))
 {
 	if (RAND_bytes((unsigned char *)buffer, length) != 1)
 		return -EINVAL;
@@ -319,48 +536,91 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
 	return 0;
 }
 static int openssl_pbkdf2(const char *password, size_t password_length,
 	const char *salt, size_t salt_length, uint32_t iterations,
 	const char *hash, char *key, size_t key_length)
 {
 	int r;
 #if OPENSSL_VERSION_MAJOR >= 3
 	EVP_KDF_CTX *ctx;
 	EVP_KDF *pbkdf2;
 	OSSL_PARAM params[] = {
 		OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD,
 			CONST_CAST(void*)password, password_length),
 		OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT,
 			CONST_CAST(void*)salt, salt_length),
 		OSSL_PARAM_uint32(OSSL_KDF_PARAM_ITER, &iterations),
 		OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST,
 			CONST_CAST(void*)hash, 0),
 		OSSL_PARAM_END
 	};
 	pbkdf2 = EVP_KDF_fetch(ossl_ctx, "pbkdf2", NULL);
 	if (!pbkdf2)
 		return -EINVAL;
 	ctx = EVP_KDF_CTX_new(pbkdf2);
 	if (!ctx) {
 		EVP_KDF_free(pbkdf2);
 		return -EINVAL;
 	}
 	r = EVP_KDF_derive(ctx, (unsigned char*)key, key_length, params);
 	EVP_KDF_CTX_free(ctx);
 	EVP_KDF_free(pbkdf2);
 #else
 	const EVP_MD *hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash));
 	if (!hash_id)
 		return -EINVAL;
 	r = PKCS5_PBKDF2_HMAC(password, (int)password_length, (const unsigned char *)salt,
 		(int)salt_length, iterations, hash_id, (int)key_length, (unsigned char*) key);
 #endif
 	return r == 1 ? 0 : -EINVAL;
 }
 static int openssl_argon2(const char *type, const char *password, size_t password_length,
 	const char *salt, size_t salt_length, char *key, size_t key_length,
 	uint32_t iterations, uint32_t memory, uint32_t parallel)
 {
 	return argon2(type, password, password_length, salt, salt_length,
 		      key, key_length, iterations, memory, parallel);
 }
 /* PBKDF */
 int crypt_pbkdf(const char *kdf, const char *hash,
 		const char *password, size_t password_length,
 		const char *salt, size_t salt_length,
 		char *key, size_t key_length,
 		uint32_t iterations, uint32_t memory, uint32_t parallel)
 {
 	const EVP_MD *hash_id;
 	if (!kdf)
 		return -EINVAL;
-	if (!strcmp(kdf, "pbkdf2")) {
+	if (!strcmp(kdf, "pbkdf2"))
-		hash_id = EVP_get_digestbyname(hash);
+		return openssl_pbkdf2(password, password_length, salt, salt_length,
-		if (!hash_id)
+				      iterations, hash, key, key_length);
-			return -EINVAL;
+	if (!strncmp(kdf, "argon2", 6))
-
+		return openssl_argon2(kdf, password, password_length, salt, salt_length,
-		if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
+				      key, key_length, iterations, memory, parallel);
 		    (const unsigned char *)salt, (int)salt_length,
 	            (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 			return -EINVAL;
 		return 0;
 	} else if (!strncmp(kdf, "argon2", 6)) {
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
 	}
 	return -EINVAL;
 }
 /* Block ciphers */
-static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec)
+static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type)
 {
 	EVP_CIPHER_CTX_free(*hd_enc);
 	*hd_enc = NULL;
 	EVP_CIPHER_CTX_free(*hd_dec);
 	*hd_dec = NULL;
 	cipher_type_free(*cipher_type);
 	*cipher_type = NULL;
 }
-static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const char *name,
+static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type, const char *name,
 			const char *mode, const void *key, size_t key_length, size_t *iv_length)
 {
 	char cipher_name[256];
@@ -372,35 +632,41 @@ static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const
 		key_bits /= 2;
 	r = snprintf(cipher_name, sizeof(cipher_name), "%s-%d-%s", name, key_bits, mode);
-	if (r < 0 || r >= (int)sizeof(cipher_name))
+	if (r < 0 || (size_t)r >= sizeof(cipher_name))
 		return -EINVAL;
-	type = EVP_get_cipherbyname(cipher_name);
+	type = cipher_type_get(cipher_name);
 	if (!type)
 		return -ENOENT;
-	if (EVP_CIPHER_key_length(type) != (int)key_length)
+	if (EVP_CIPHER_key_length(type) != (int)key_length) {
 		cipher_type_free(type);
 		return -EINVAL;
 	}
 	*hd_enc = EVP_CIPHER_CTX_new();
 	*hd_dec = EVP_CIPHER_CTX_new();
 	*iv_length = EVP_CIPHER_iv_length(type);
-	if (!*hd_enc || !*hd_dec)
+	if (!*hd_enc || !*hd_dec) {
 		cipher_type_free(type);
 		return -EINVAL;
 	}
 	if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 ||
 	    EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) {
-		_cipher_destroy(hd_enc, hd_dec);
+		_cipher_destroy(hd_enc, hd_dec, &type);
 		return -EINVAL;
 	}
 	if (EVP_CIPHER_CTX_set_padding(*hd_enc, 0) != 1 ||
 	    EVP_CIPHER_CTX_set_padding(*hd_dec, 0) != 1) {
-		_cipher_destroy(hd_enc, hd_dec);
+		_cipher_destroy(hd_enc, hd_dec, &type);
 		return -EINVAL;
 	}
 	*cipher_type = type;
 	return 0;
 }
@@ -414,7 +680,7 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	if (!h)
 		return -ENOMEM;
-	if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, name, mode, key,
+	if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, &h->u.lib.cipher_type, name, mode, key,
 			  key_length, &h->u.lib.iv_length)) {
 		h->use_kernel = false;
 		*ctx = h;
@@ -437,7 +703,7 @@ void crypt_cipher_destroy(struct crypt_cipher *ctx)
 	if (ctx->use_kernel)
 		crypt_cipher_destroy_kernel(&ctx->u.kernel);
 	else
-		_cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec);
+		_cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec, &ctx->u.lib.cipher_type);
 	free(ctx);
 }
@@ -508,7 +774,7 @@ bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
 	return ctx->use_kernel;
 }
-int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
+int crypt_bitlk_decrypt_key(const void *key, size_t key_length __attribute__((unused)),
 			    const char *in, char *out, size_t length,
 			    const char *iv, size_t iv_length,
 			    const char *tag, size_t tag_length)
@@ -524,9 +790,6 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 	if (EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL) != 1)
 		goto out;
 	//EVP_CIPHER_CTX_key_length(ctx)
 	//EVP_CIPHER_CTX_iv_length(ctx)
 	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_length, NULL) != 1)
 		goto out;
 	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_length, CONST_CAST(void*)tag) != 1)
@@ -544,3 +807,34 @@ out:
 	return -ENOTSUP;
 #endif
 }
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	return CRYPTO_memcmp(m1, m2, n);
 }
 #if !ENABLE_FIPS
 bool crypt_fips_mode(void) { return false; }
 #else
 static bool openssl_fips_mode(void)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
 	return EVP_default_properties_is_fips_enabled(NULL);
 #else
 	return FIPS_mode();
 #endif
 }
 bool crypt_fips_mode(void)
 {
 	static bool fips_mode = false, fips_checked = false;
 	if (fips_checked)
 		return fips_mode;
 	fips_mode = openssl_fips_mode();
 	fips_checked = true;
 	return fips_mode;
 }
 #endif /* ENABLE FIPS */
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`Please see issues tracked at https://gitlab.com/cryptsetup/cryptsetup/issues.`