Set 1.7.3 version.

It is possible to overflow integers during memory allocation with
insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while
parsing them, it's still a good idea to fix any form of possible
overflow attacks against cryptsetup in these allocation functions.

ChangeLog

@@ -3,4 +3,4 @@ Since version 1.6 this file is no longer maintained.
 See docs/*ReleaseNotes for release changes documentation.
 
 See version control history for full commit messages.
-  http://code.google.com/p/cryptsetup/source/list
+  https://gitlab.com/cryptsetup/cryptsetup/commits/master

FAQ

@@ -808,7 +808,7 @@ A. Contributors
 
   For device set-up, do the following:
 
-    cryptsetup open --type plain -d /dev/urandom /dev/<block-device>  target
+    cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped
 
   This maps the container as plain under /dev/mapper/to_be_wiped with a
   random password.  For the actual wipe you have several options. 
@@ -828,6 +828,29 @@ A. Contributors
 
   Remove the mapping at the end and you are done.
 
+  * 2.20 How to I wipe only the LUKS header?
+
+  This is not the emergency wipe procedure. That is in Item 5.4. This procedure
+  is intended to be used when the data should stay intact, e.g. when you change
+  your LUKS container to use a detached header and want to remove the old one.
+
+  Most safe way is this (backup is still a good idea):
+ 
+  01) Determine header size in 512 Byte sectors with "luksDump":
+
+     cryptsetup luksDump <device with LUKS container>
+
+->   ...
+     Payload offset: <number>
+     ...
+
+  02) Take the result number and write number * 512 zeros to the start of the
+      device, e.g. like this:
+
+     dd bs=512 count=<number> if=/dev/zero of=<device>
+
+  That is it.   
+
 
 3. Common Problems
 

README.md

@@ -36,13 +36,19 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest cryptsetup version is 1.7.0**
+**The latest cryptsetup version is 1.7.2**
-  * [cryptsetup-1.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz)
+  * [cryptsetup-1.7.2.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.xz)
-  * Signature [cryptsetup-1.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign)
+  * Signature [cryptsetup-1.7.2.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 1.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
+  * [Cryptsetup 1.7.2 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.2-ReleaseNotes).
 
 Previous versions
+ * [Version 1.7.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.1-ReleaseNotes).
+ * [Version 1.7.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
  * [Version 1.6.8](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.xz) -
    [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.sign) -
    [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.8-ReleaseNotes).
@@ -66,6 +72,8 @@ mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.g
 
 For libcryptsetup documentation see [libcryptsetup API](https://gitlab.com/cryptsetup/cryptsetup/wikis/API/index.html) page.
 
+The libcryptsetup API/ABI changes are tracked in [compatibility report](https://gitlab.com/cryptsetup/cryptsetup/wikis/ABI-tracker/timeline/libcryptsetup/index.html).
+
 NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
 
 Help!

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.7.1-git])
+AC_INIT([cryptsetup],[1.7.3])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@ -37,7 +37,7 @@ PKG_PROG_PKG_CONFIG
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
-	ctype.h unistd.h locale.h byteswap.h endian.h)
+	sys/sysmacros.h ctype.h unistd.h locale.h byteswap.h endian.h)
 
 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
@@ -417,14 +417,19 @@ AC_ARG_WITH([python_version],
 if test "x$with_python" = "xyes"; then
 	AM_PATH_PYTHON([$PYTHON_VERSION])
 
-	if ! test -x "$PYTHON-config" ; then
+	AC_PATH_PROGS([PYTHON_CONFIG], [python${PYTHON_VERSION}-config python-config], [no])
-            AC_MSG_ERROR([Cannot find python development packages to build bindings])
+	if test "${PYTHON_CONFIG}" = "no"; then
+		AC_MSG_ERROR([cannot find python${PYTHON_VERSION}-config or python-config in PATH])
 	fi
 
-	PYTHON_INCLUDES=$($PYTHON-config --includes)
+	AC_MSG_CHECKING(for python headers using $PYTHON_CONFIG --includes)
+	PYTHON_INCLUDES=$($PYTHON_CONFIG --includes)
+	AC_MSG_RESULT($PYTHON_INCLUDES)
 	AC_SUBST(PYTHON_INCLUDES)
 
-	PYTHON_LIBS=$($PYTHON-config --libs)
+	AC_MSG_CHECKING(for python libraries using $PYTHON_CONFIG --libs)
+	PYTHON_LIBS=$($PYTHON_CONFIG --libs)
+	AC_MSG_RESULT($PYTHON_LIBS)
 	AC_SUBST(PYTHON_LIBS)
 fi
 AM_CONDITIONAL([PYTHON_CRYPTSETUP], [test "x$with_python" = "xyes"])

docs/v1.7.1-ReleaseNotes

@@ -0,0 +1,36 @@
+Cryptsetup 1.7.1 Release Notes
+==============================
+
+Changes since version 1.7.0
+
+* Code now uses kernel crypto API backend according to new
+  changes introduced in mainline kernel
+
+  While mainline kernel should contain backward compatible
+  changes, some stable series kernels do not contain fully
+  backported compatibility patches.
+  Without these patches  most of cryptsetup operations
+  (like unlocking device) fail.
+
+  This change in cryptsetup ensures that all operations using
+  kernel crypto API works even on these kernels.
+
+* The cryptsetup-reencrypt utility now properly detects removal
+  of underlying link to block device and does not remove
+  ongoing re-encryption log.
+  This allows proper recovery (resume) of reencrypt operation later.
+
+  NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
+  this link disappears once the device metadata is temporarily
+  removed from device.
+
+* Cryptsetup now allows special "-" (standard input) keyfile handling
+  even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
+
+* Cryptsetup now fails if there are more keyfiles specified
+  for non-TCRYPT device.
+
+* The luksKillSlot command now does not suppress provided password
+  in batch mode (if password is wrong slot is not destroyed).
+  Note that not providing password in batch mode means that keyslot
+  is destroyed unconditionally.

docs/v1.7.2-ReleaseNotes

@@ -0,0 +1,37 @@
+Cryptsetup 1.7.2 Release Notes
+==============================
+
+Changes since version 1.7.1
+
+* Update LUKS documentation format.
+  Clarify fixed sector size and keyslots alignment.
+
+* Support activation options for error handling modes in Linux kernel
+  dm-verity module:
+
+  --ignore-corruption - dm-verity just logs detected corruption
+
+  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected
+
+  If the options above are not specified, default behavior for dm-verity remains.
+  Default is that I/O operation fails with I/O error if corrupted block is detected.
+
+  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
+  to contain zeroes and always return zeroes directly instead.
+
+  NOTE that these options could have security or functional impacts,
+  do not use them without assessing the risks!
+
+* Fix help text for cipher benchmark specification (mention --cipher option).
+
+* Fix off-by-one error in maximum keyfile size.
+  Allow keyfiles up to compiled-in default and not that value minus one.
+
+* Support resume of interrupted decryption in cryptsetup-reencrypt utility.
+  To resume decryption, LUKS device UUID (--uuid option) option must be used.
+
+* Do not use direct-io for LUKS header with unaligned keyslots.
+  Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005).
+
+* Fix device block size detection to properly work on particular file-based
+  containers over underlying devices with 4k sectors.

docs/v1.7.3-ReleaseNotes

@@ -0,0 +1,24 @@
+Cryptsetup 1.7.3 Release Notes
+==============================
+
+Changes since version 1.7.2
+
+* Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup.
+
+* Set configured (compile-time) default iteration time for devices created directly through
+  libcryptsetup (default was hardcoded 1 second, the configured value applied only
+  for cryptsetup application).
+
+* Fix PBKDF2 benchmark to not double iteration count for specific corner case.
+  If the measurement function returns exactly 500 ms, the iteration calculation loop
+  doubled iteration count but instead of repeating measurement it used this value directly.
+
+* Verify passphrase in cryptsetup-reencrypt when encrypting a new drive.
+
+* OpenSSL backend: fix memory leak if hash context was repeatedly reused.
+
+* OpenSSL backend: add support for OpenSSL 1.1.0.
+
+* Fix several minor spelling errors.
+
+* Properly check maximal buffer size when parsing UUID from /dev/disk/.

lib/crypto_backend/crypto_cipher_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -88,33 +88,8 @@ int crypt_cipher_blocksize(const char *name)
 	return ca ? ca->blocksize : -EINVAL;
 }
 
-/* Shared with hash kernel backend */
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
-
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
-{
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		return -ENOTSUP;
-
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -ENOENT;
-	}
-
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 /*
- *ciphers
+ * ciphers
  *
  * ENOENT - algorithm not available
  * ENOTSUP - AF_ALG family not available
@@ -128,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "skcipher",
 	};
-	int r;
 
 	h = malloc(sizeof(*h));
 	if (!h)
@@ -137,14 +111,28 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "%s(%s)", mode, name);
 
-	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
+	h->opfd = -1;
-	if (r < 0) {
+	h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-		free(h);
+	if (h->tfmfd < 0) {
-		return r;
+		crypt_cipher_destroy(h);
+		return -ENOTSUP;
 	}
 
-	if (length && strcmp(name, "cipher_null") &&
+	if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
-	    setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+		crypt_cipher_destroy(h);
+		return -ENOENT;
+	}
+
+	if (!strcmp(name, "cipher_null"))
+		length = 0;
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	h->opfd = accept(h->tfmfd, NULL, 0);
+	if (h->opfd < 0) {
 		crypt_cipher_destroy(h);
 		return -EINVAL;
 	}
@@ -239,9 +227,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 
 int crypt_cipher_destroy(struct crypt_cipher *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/crypto_backend/crypto_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -68,8 +68,34 @@ struct crypt_hmac {
 	int hash_len;
 };
 
-/* Defined in crypt_kernel_ciphers.c */
+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd,
-extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+				    const void *key, size_t key_length)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd < 0)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
 
 int crypt_backend_init(struct crypt_device *ctx)
 {
@@ -87,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
 
-	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
 		return -EINVAL;
 
 	close(tfmfd);
@@ -152,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -188,9 +214,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -227,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) {
 		free(h);
 		return -EINVAL;
 	}
 
-	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
-		crypt_hmac_destroy(h);
-		return -EINVAL;
-	}
-
 	*ctx = h;
 	return 0;
 }
@@ -268,9 +289,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/crypto_backend/crypto_nettle.c

@@ -1,8 +1,8 @@
 /*
  * Nettle crypto backend implementation
  *
- * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2016 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2014, Milan Broz
+ * Copyright (C) 2011-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -30,9 +30,9 @@
 static char *version = "Nettle";
 
 typedef void (*init_func) (void *);
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
 
 struct hash_alg {
 	const char *name;

lib/crypto_backend/crypto_openssl.c

@@ -1,8 +1,8 @@
 /*
  * OPENSSL crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -38,13 +38,13 @@
 static int crypto_backend_initialised = 0;
 
 struct crypt_hash {
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
 
 struct crypt_hmac {
-	HMAC_CTX md;
+	HMAC_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
@@ -70,6 +70,43 @@ const char *crypt_backend_version(void)
 	return SSLeay_version(SSLEAY_VERSION);
 }
 
+/*
+ * Compatible wrappers for OpenSSL < 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+	EVP_MD_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		EVP_MD_CTX_init(md);
+
+	return md;
+}
+
+static void EVP_MD_CTX_free(EVP_MD_CTX *md)
+{
+	EVP_MD_CTX_cleanup(md);
+	free(md);
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		HMAC_CTX_init(md);
+
+	return md;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *md)
+{
+	HMAC_CTX_cleanup(md);
+	free(md);
+}
+#endif
+
 /* HASH */
 int crypt_hash_size(const char *name)
 {
@@ -89,13 +126,21 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 	if (!h)
 		return -ENOMEM;
 
+	h->md = EVP_MD_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	if (EVP_DigestInit(&h->md, h->hash_id) != 1) {
+	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
@@ -107,7 +152,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 static int crypt_hash_restart(struct crypt_hash *ctx)
 {
-	if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1)
+	if (EVP_DigestInit_ex(ctx->md, ctx->hash_id, NULL) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -115,7 +160,7 @@ static int crypt_hash_restart(struct crypt_hash *ctx)
 
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
 {
-	if (EVP_DigestUpdate(&ctx->md, buffer, length) != 1)
+	if (EVP_DigestUpdate(ctx->md, buffer, length) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -129,7 +174,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	if (EVP_DigestFinal_ex(&ctx->md, tmp, &tmp_len) != 1)
+	if (EVP_DigestFinal_ex(ctx->md, tmp, &tmp_len) != 1)
 		return -EINVAL;
 
 	memcpy(buffer, tmp, length);
@@ -146,7 +191,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	EVP_MD_CTX_cleanup(&ctx->md);
+	EVP_MD_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -167,14 +212,20 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	if (!h)
 		return -ENOMEM;
 
+	h->md = HMAC_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		HMAC_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	HMAC_CTX_init(&h->md);
+	HMAC_Init_ex(h->md, buffer, length, h->hash_id, NULL);
-	HMAC_Init_ex(&h->md, buffer, length, h->hash_id, NULL);
 
 	h->hash_len = EVP_MD_size(h->hash_id);
 	*ctx = h;
@@ -183,12 +234,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 
 static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
-	HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL);
+	HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
 }
 
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
 {
-	HMAC_Update(&ctx->md, (const unsigned char *)buffer, length);
+	HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
 	return 0;
 }
 
@@ -200,7 +251,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	HMAC_Final(&ctx->md, tmp, &tmp_len);
+	HMAC_Final(ctx->md, tmp, &tmp_len);
 
 	memcpy(buffer, tmp, length);
 	crypt_backend_memzero(tmp, sizeof(tmp));
@@ -215,7 +266,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	HMAC_CTX_cleanup(&ctx->md);
+	HMAC_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -250,7 +301,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		return -EINVAL;
 
 	if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
-	    (unsigned char *)salt, (int)salt_length,
+	    (const unsigned char *)salt, (int)salt_length,
             (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 		return -EINVAL;
 

lib/crypto_backend/pbkdf_check.c

@@ -71,7 +71,7 @@ int crypt_pbkdf_check(const char *kdf, const char *hash,
 		return -ENOMEM;
 
 	iterations = 1 << 15;
-	while (ms < 500) {
+	while (1) {
 		if (getrusage(RUSAGE_SELF, &rstart) < 0) {
 			r = -EINVAL;
 			goto out;

lib/internal.h

@@ -57,8 +57,8 @@ struct volume_key {
 	char key[];
 };
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key);
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength);
 void crypt_free_volume_key(struct volume_key *vk);
 
 /* Device backend */
@@ -75,6 +75,8 @@ int device_block_size(struct device *device);
 int device_read_ahead(struct device *device, uint32_t *read_ahead);
 int device_size(struct device *device, uint64_t *size);
 int device_open(struct device *device, int flags);
+void device_disable_direct_io(struct device *device);
+
 
 enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
 int device_block_adjust(struct crypt_device *cd,

lib/libcryptsetup.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -752,6 +752,12 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
 /** use submit_from_crypt_cpus for dm-crypt */
 #define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
+/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
+#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8)
+/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
+#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
+/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
+#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
 
 
 /**

lib/libdevmapper.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -159,6 +159,15 @@ static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
 {
 	if (verity_maj > 0)
 		_dm_crypt_flags |= DM_VERITY_SUPPORTED;
+	else
+		return;
+	/*
+	 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
+	 * ignore_zero_blocks since 1.3 (kernel 4.5)
+	 * (but some dm-verity targets 1.2 don't support it)
+	 */
+	if (_dm_satisfies_version(1, 3, verity_maj, verity_min))
+		_dm_crypt_flags |= DM_VERITY_ON_CORRUPTION_SUPPORTED;
 
 	log_dbg("Detected dm-verity version %i.%i.%i.",
 		verity_maj, verity_min, verity_patch);
@@ -357,14 +366,35 @@ out:
 
 /* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity */
 static char *get_dm_verity_params(struct crypt_params_verity *vp,
-				   struct crypt_dm_active_device *dmd)
+				   struct crypt_dm_active_device *dmd, uint32_t flags)
 {
-	int max_size, r;
+	int max_size, r, num_options = 0;
 	char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
+	char features[256];
 
 	if (!vp || !dmd)
 		return NULL;
 
+	/* These flags are not compatible */
+	if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) &&
+	    (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION))
+		flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+
+	if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
+		num_options++;
+
+	if (num_options)
+		snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
+		(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
+		(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
+		(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "");
+	else
+		*features = '\0';
+
 	hexroot = crypt_safe_alloc(dmd->u.verity.root_hash_size * 2 + 1);
 	if (!hexroot)
 		goto out;
@@ -388,12 +418,12 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
 		goto out;
 
 	r = snprintf(params, max_size,
-		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s",
+		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s %s",
 		     vp->hash_type, device_block_path(dmd->data_device),
 		     device_block_path(dmd->u.verity.hash_device),
 		     vp->data_block_size, vp->hash_block_size,
 		     vp->data_size, dmd->u.verity.hash_offset,
-		     vp->hash_name, hexroot, hexsalt);
+		     vp->hash_name, hexroot, hexsalt, features);
 	if (r < 0 || r >= max_size) {
 		crypt_safe_free(params);
 		params = NULL;
@@ -434,7 +464,7 @@ static int _dm_simple(int task, const char *name, int udev_wait)
 	if (udev_wait)
 		(void)_dm_udev_wait(cookie);
 
-      out:
+out:
 	dm_task_destroy(dmt);
 	return r;
 }
@@ -591,9 +621,6 @@ static int _dm_create_device(const char *name, const char *type,
 
 		if (!dm_task_set_uuid(dmt, dev_uuid))
 			goto out_no_removal;
-
-		if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
-			goto out_no_removal;
 	}
 
 	if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt))
@@ -610,6 +637,9 @@ static int _dm_create_device(const char *name, const char *type,
 	    !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG))
 		goto out_no_removal;
 #endif
+	/* do not set cookie for DM_DEVICE_RELOAD task */
+	if (!reload && _dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
+		goto out_no_removal;
 
 	if (!dm_task_run(dmt))
 		goto out_no_removal;
@@ -676,7 +706,7 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (dmd->target == DM_CRYPT)
 		table_params = get_dm_crypt_params(dmd, dmd_flags);
 	else if (dmd->target == DM_VERITY)
-		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd);
+		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd, dmd_flags);
 
 	r = _dm_create_device(name, type, dmd->data_device, dmd_flags,
 			      dmd->uuid, dmd->size, table_params, reload);
@@ -696,7 +726,13 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (r == -EINVAL &&
 	    dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
 	    !(dm_flags() & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
-		log_err(cd, _("Requested dmcrypt performance options are not supported.\n"));
+		log_err(cd, _("Requested dm-crypt performance options are not supported.\n"));
+
+	if (r == -EINVAL && dmd_flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+					  CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+					  CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) &&
+	    !(dm_flags() & DM_VERITY_ON_CORRUPTION_SUPPORTED))
+		log_err(cd, _("Requested dm-verity data corruption handling options are not supported.\n"));
 
 	crypt_safe_free(table_params);
 	dm_exit_context();
@@ -893,7 +929,7 @@ static int _dm_query_crypt(uint32_t get_flags,
 				return -EINVAL;
 		}
 
-		/* All parameters shold be processed */
+		/* All parameters should be processed */
 		if (params)
 			return -EINVAL;
 	}
@@ -936,7 +972,8 @@ static int _dm_query_verity(uint32_t get_flags,
 	uint32_t val32;
 	uint64_t val64;
 	ssize_t len;
-	char *str, *str2;
+	char *str, *str2, *arg;
+	unsigned int i;
 	int r;
 
 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
@@ -1032,8 +1069,6 @@ static int _dm_query_verity(uint32_t get_flags,
 
 	/* salt */
 	str = strsep(&params, " ");
-	if (params)
-		return -EINVAL;
 	if (vp) {
 		if (!strcmp(str, "-")) {
 			vp->salt_size = 0;
@@ -1047,6 +1082,33 @@ static int _dm_query_verity(uint32_t get_flags,
 		}
 	}
 
+	/* Features section, available since verity target version 1.3 */
+	if (params) {
+		/* Number of arguments */
+		val64 = strtoull(params, &params, 10);
+		if (*params != ' ')
+			return -EINVAL;
+		params++;
+
+		for (i = 0; i < val64; i++) {
+			if (!params)
+				return -EINVAL;
+			arg = strsep(&params, " ");
+			if (!strcasecmp(arg, "ignore_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+			else if (!strcasecmp(arg, "restart_on_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+			else if (!strcasecmp(arg, "ignore_zero_blocks"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+			else /* unknown option */
+				return -EINVAL;
+		}
+
+		/* All parameters should be processed */
+		if (params)
+			return -EINVAL;
+	}
+
 	return 0;
 }
 

lib/luks1/keymanage.c

@@ -62,7 +62,7 @@ int LUKS_keyslot_area(struct luks_phdr *hdr,
 	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 		return -EINVAL;
 
-	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
 	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
 
 	return 0;
@@ -206,7 +206,6 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 		r = -EIO;
 		goto out;
 	}
-	close(devfd);
 
 	r = 0;
 out:
@@ -260,6 +259,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
@@ -306,6 +306,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	/* Be sure to reload new data */
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
@@ -545,6 +546,16 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (!r)
 		r = LUKS_check_device_size(ctx, hdr->keyBytes);
 
+	/*
+	 * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
+	 * Disable direct-io to avoid possible IO errors if underlying device
+	 * has bigger sector size.
+	 */
+	if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
+		log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
+		device_disable_direct_io(device);
+	}
+
 	close(devfd);
 	return r;
 }
@@ -674,9 +685,9 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 	/* Set Magic */
 	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
 	header->version=1;
-	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
+	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
-	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
+	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
-	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L);
+	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
 
 	header->keyBytes=vk->keylength;
 

lib/random.c

@@ -234,9 +234,11 @@ void crypt_random_exit(void)
 
 int crypt_random_default_key_rng(void)
 {
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
 		return CRYPT_RNG_RANDOM;
 
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
 		return CRYPT_RNG_URANDOM;
 

lib/setup.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -626,7 +626,7 @@ int crypt_init(struct crypt_device **cd, const char *device)
 
 	dm_backend_init();
 
-	h->iteration_time = 1000;
+	h->iteration_time = DEFAULT_LUKS1_ITER_TIME;
 	h->password_verify = 0;
 	h->tries = 3;
 	h->rng_type = crypt_random_default_key_rng();
@@ -969,7 +969,7 @@ out:
 	if (r < 0) {
 		crypt_free(*cd);
 		*cd = NULL;
-	} else if (!(*cd)->type && name) {
+	} else if (!(*cd)->type) {
 		/* For anonymous device (no header found) remember initialized name */
 		(*cd)->u.none.active_name = strdup(name);
 	}
@@ -2215,7 +2215,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
 		}
 
 		r = VERITY_activate(cd, name, volume_key, volume_key_size,
-				    &cd->u.verity.hdr, CRYPT_ACTIVATE_READONLY);
+				    &cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
 
 		if (r == -EPERM) {
 			free(cd->u.verity.root_hash);
@@ -2366,7 +2366,7 @@ void crypt_set_password_retry(struct crypt_device *cd, int tries)
 
 void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms)
 {
-	log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms);
+	log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
 	cd->iteration_time = iteration_time_ms;
 }
 void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms)

lib/tcrypt/tcrypt.c

@@ -314,12 +314,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
 {
 	char backend_key[TCRYPT_HDR_KEY_LEN];
 	char iv[TCRYPT_HDR_IV_LEN] = {};
-	char mode_name[MAX_CIPHER_LEN];
+	char mode_name[MAX_CIPHER_LEN + 1];
 	struct crypt_cipher *cipher;
 	char *c, *buf = (char*)&hdr->e;
 	int r;
 
 	/* Remove IV if present */
+	mode_name[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode_name, mode, MAX_CIPHER_LEN);
 	c = strchr(mode_name, '-');
 	if (c)
@@ -612,10 +613,10 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 			return -EINVAL;
 
 		r = device_alloc(&base_device, base_device_path);
+		free(base_device_path);
 		if (r < 0)
 			return r;
 		devfd = device_open(base_device, O_RDONLY);
-		free(base_device_path);
 		device_free(base_device);
 	} else
 		devfd = device_open(device, O_RDONLY);
@@ -723,6 +724,9 @@ int TCRYPT_activate(struct crypt_device *cd,
 	if (!algs)
 		return -EINVAL;
 
+	if (hdr->d.sector_size == 0)
+		return -EINVAL;
+
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		dmd.size = 0;
 	else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
@@ -772,7 +776,8 @@ int TCRYPT_activate(struct crypt_device *cd,
 
 	for (i = algs->chain_count; i > 0; i--) {
 		if (i == 1) {
-			strncpy(dm_name, name, sizeof(dm_name));
+			dm_name[sizeof(dm_name)-1] = '\0';
+			strncpy(dm_name, name, sizeof(dm_name)-1);
 			dmd.flags = flags;
 		} else {
 			snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
@@ -914,7 +919,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 			struct tcrypt_phdr *tcrypt_hdr)
 {
 	struct tcrypt_algs *algs;
-	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp;
+	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp;
 	size_t key_size;
 	int r;
 
@@ -928,6 +933,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	if (!tmp)
 		return -EINVAL;
 	*tmp = '\0';
+	mode[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
 
 	key_size = dmd->u.crypt.vk->keylength;

lib/utils.c

@@ -105,9 +105,9 @@ ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count)
 		if (r < bsize)
 			bsize = r;
 
-		r = lseek(fd, -bsize, SEEK_CUR);
+		if (lseek(fd, -bsize, SEEK_CUR) < 0)
-		if (r < 0)
 			goto out;
+
 		memcpy(hangover_buf, (char*)buf + solid, hangover);
 
 		r = write(fd, hangover_buf, bsize);

lib/utils_crypt.c

@@ -22,6 +22,7 @@
 
 #include <stdlib.h>
 #include <stddef.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
@@ -98,7 +99,7 @@ void *crypt_safe_alloc(size_t size)
 {
 	struct safe_allocation *alloc;
 
-	if (!size)
+	if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data)))
 		return NULL;
 
 	alloc = malloc(size + offsetof(struct safe_allocation, data));
@@ -360,7 +361,7 @@ int crypt_get_key(const char *prompt,
 
 	/* If not requsted otherwise, we limit input to prevent memory exhaustion */
 	if (keyfile_size_max == 0) {
-		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024;
+		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
 		unlimited_read = 1;
 	}
 

lib/utils_device.c

@@ -50,8 +50,10 @@ static int device_block_size_fd(int fd, size_t *min_size)
 	if (fstat(fd, &st) < 0)
 		return -EINVAL;
 
-	if (S_ISREG(st.st_mode))
+	if (S_ISREG(st.st_mode)) {
 		r = (int)crypt_getpagesize();
+		bsize = r;
+	}
 	else if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
 		r = bsize;
 	else
@@ -528,3 +530,8 @@ size_t size_round_up(size_t size, unsigned int block)
 	size_t s = (size + (block - 1)) / block;
 	return s * block;
 }
+
+void device_disable_direct_io(struct device *device)
+{
+	device->o_direct = 0;
+}

lib/utils_devpath.c

@@ -31,6 +31,9 @@
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include "internal.h"
 
 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
@@ -276,24 +279,30 @@ char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t
 		major(st.st_rdev), minor(st.st_rdev)) < 0)
 		return NULL;
 
-	len = readlink(path, link, sizeof(link) - 1);
+	dir = opendir(path);
-	if (len < 0)
+	if (!dir)
 		return NULL;
 
+	len = readlink(path, link, sizeof(link) - 1);
+	if (len < 0) {
+		closedir(dir);
+		return NULL;
+	}
+
 	/* Get top level disk name for sysfs search */
 	link[len] = '\0';
 	devname = strrchr(link, '/');
-	if (!devname)
+	if (!devname) {
+		closedir(dir);
 		return NULL;
+	}
 	devname++;
 
 	/* DM devices do not use kernel partitions. */
-	if (dm_is_dm_kernel_name(devname))
+	if (dm_is_dm_kernel_name(devname)) {
-		return NULL;
+		closedir(dir);
-
-	dir = opendir(path);
-	if (!dir)
 		return NULL;
+	}
 
 	devname_len = strlen(devname);
 	while((entry = readdir(dir))) {

lib/utils_dm.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -42,6 +42,7 @@ struct device;
 #define DM_TCW_SUPPORTED      (1 << 6)	/* tcw (TCRYPT CBC with whitening) */
 #define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */
 #define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
+#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
 
 uint32_t dm_flags(void);
 

lib/utils_loop.c

@@ -28,6 +28,9 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <linux/loop.h>
 
 #include "utils_loop.h"
@@ -100,6 +103,7 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 		      int autoclear, int *readonly)
 {
 	struct loop_info64 lo64 = {0};
+	char *lo_file_name;
 	int loop_fd = -1, file_fd = -1, r = 1;
 
 	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
@@ -114,7 +118,9 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 	if (loop_fd < 0)
 		goto out;
 
-	strncpy((char*)lo64.lo_file_name, file, LO_NAME_SIZE);
+	lo_file_name = (char*)lo64.lo_file_name;
+	lo_file_name[LO_NAME_SIZE-1] = '\0';
+	strncpy(lo_file_name, file, LO_NAME_SIZE-1);
 	lo64.lo_offset = offset;
 	if (autoclear)
 		lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;

lib/utils_wipe.c

@@ -29,6 +29,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <fcntl.h>
 
 #include "libcryptsetup.h"
@@ -128,7 +131,7 @@ int crypt_wipe(struct device *device,
 	ssize_t written;
 
 	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
-		log_dbg("Unsuported wipe size for device %s: %ld.",
+		log_dbg("Unsupported wipe size for device %s: %ld.",
 			device_path(device), (unsigned long)size);
 		return -EINVAL;
 	}
@@ -183,7 +186,7 @@ int crypt_wipe(struct device *device,
 			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
 			break;
 		default:
-			log_dbg("Unsuported wipe type requested: (%d)", type);
+			log_dbg("Unsupported wipe type requested: (%d)", type);
 			written = -1;
 	}
 

lib/verity/verity.c

@@ -156,6 +156,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
+	char *algorithm;
 	uuid_t uuid;
 	int r, devfd = 0;
 
@@ -187,7 +188,9 @@ int VERITY_write_sb(struct crypt_device *cd,
 	sb.hash_block_size = cpu_to_le32(params->hash_block_size);
 	sb.salt_size       = cpu_to_le16(params->salt_size);
 	sb.data_blocks     = cpu_to_le64(params->data_size);
-	strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm));
+	algorithm = (char *)sb.algorithm;
+	algorithm[sizeof(sb.algorithm)-1] = '\0';
+	strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1);
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));
 

lib/volumekey.c

@@ -20,22 +20,31 @@
  */
 
 #include <string.h>
+#include <stdint.h>
 #include <stdlib.h>
 
 #include "internal.h"
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key)
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
 {
-	struct volume_key *vk = malloc(sizeof(*vk) + keylength);
+	struct volume_key *vk;
 
+	if (keylength > (SIZE_MAX - sizeof(*vk)))
+		return NULL;
+
+	vk = malloc(sizeof(*vk) + keylength);
 	if (!vk)
 		return NULL;
 
 	vk->keylength = keylength;
-	if (key)
+
-		memcpy(&vk->key, key, keylength);
+	/* keylength 0 is valid => no key */
-	else
+	if (vk->keylength) {
-		crypt_memzero(&vk->key, keylength);
+		if (key)
+			memcpy(&vk->key, key, keylength);
+		else
+			crypt_memzero(&vk->key, keylength);
+	}
 
 	return vk;
 }
@@ -49,7 +58,7 @@ void crypt_free_volume_key(struct volume_key *vk)
 	}
 }
 
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength)
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength)
 {
 	int r;
 	struct volume_key *vk;

man/cryptsetup-reencrypt.8

@@ -37,7 +37,8 @@ To start (or continue) re-encryption for <device> use:
 \fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher, \-\-debug,
 \-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom,
 \-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
-\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log]
+\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log,
+\-\-uuid]
 
 To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination
 with \fI\-\-reduce-device-size\fR.
@@ -153,7 +154,7 @@ Use with extreme care - shrinked filesystems are usually unrecoverable.
 
 You cannot shrink device more than by 64 MiB (131072 sectors).
 .TP
-.B "\-\-new, N"
+.B "\-\-new, \-N"
 Create new header (encrypt not yet encrypted device).
 
 This option must be used together with \-\-reduce-device-size.
@@ -180,6 +181,12 @@ log files as well.
 Update log file after every block write. This can slow down reencryption
 but will minimize data loss in the case of system crash.
 .TP
+.B "\-\-uuid" \fI<uuid>\fR
+Use only while resuming an interrupted decryption process (see \-\-decrypt).
+
+To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new]
+of the interrupted decryption process.
+.TP
 .B "\-\-batch-mode, \-q"
 Suppresses all warnings and reencryption progress output.
 .TP

man/cryptsetup.8

@@ -253,7 +253,7 @@ as positional argument or via \-\-key-file.
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key\-file), batch-mode (\-q) will be implicitely
+to \-\-key\-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
@@ -286,8 +286,9 @@ inaccessible.
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
-Wipe the key-slot number <key slot> from the LUKS device. A remaining
+Wipe the key-slot number <key slot> from the LUKS device. Except running
-passphrase must be supplied, either interactively or via \-\-key-file.
+in batch-mode (\-q) a remaining passphrase must be supplied,
+either interactively or via \-\-key-file.
 This command can remove the last remaining key-slot, but requires
 an interactive confirmation when doing so. Removing the last
 passphrase makes a LUKS container permanently inaccessible.
@@ -297,11 +298,16 @@ passphrase makes a LUKS container permanently inaccessible.
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key-file), batch-mode (\-q) will be implicitely
+to \-\-key-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
 inaccessible.
+
+\fBNOTE:\fR If there is no passphrase provided (on stdin or through
+\-\-key-file argument) and batch-mode (\-q) is active, the
+key-slot is removed without any other warning.
+
 .PP
 \fIerase\fR <device>
 .br
@@ -593,7 +599,7 @@ The current default in the distributed sources is
 "aes-cbc-essiv:sha256" for plain dm-crypt and
 "aes-xts-plain64" for LUKS.
 
-If a hash is part of the cipher spefification, then it is
+If a hash is part of the cipher specification, then it is
 used as part of the IV generation. For example, ESSIV
 needs a hash function, while "plain64" does not and
 hence none is specified.

man/veritysetup.8

@@ -37,7 +37,8 @@ Creates a mapping with <name> backed by device <data_device> and using
 
 The <root_hash> is a hexadecimal string.
 
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
+\-\-ignore-corruption or \-\-restart-on-corruption, \-\-ignore-zero-blocks]
 
 If option \-\-no-superblock is used, you have to use as the same options
 as in initial format operation.
@@ -82,7 +83,7 @@ Create or use dm-verity without permanent on-disk superblock.
 .TP
 .B "\-\-format=number"
 Specifies the hash version type.
-Format type 0 is original Chrome OS verion. Format type 1 is current version.
+Format type 0 is original Chrome OS version. Format type 1 is current version.
 .TP
 .B "\-\-data-block-size=bytes"
 Used block size for the data device.
@@ -110,6 +111,24 @@ Use the provided UUID for format command instead of generating new one.
 The UUID must be provided in standard UUID format,
 e.g. 12345678-1234-1234-1234-123456789abc.
 .TP
+.B "\-\-ignore-corruption", "\-\-restart-on-corruption"
+Defines what to do if data integrity problem is detected (data corruption).
+
+Without these options kernel fails the IO operation with I/O error.
+With \-\-ignore-corruption option the corruption is only logged.
+With \-\-restart-on-corruption the kernel is restarted immediatelly.
+(You have to provide way how to avoid restart loops.)
+
+\fBWARNING:\fR Use these options only for very specific cases.
+These options are available since Linux kernel version 4.1.
+.TP
+.B "\-\-ignore-zero-blocks"
+Instruct kernel to not verify blocks that are expected to contain zeroes
+and always directly return zeroes instead.
+
+\fBWARNING:\fR Use this option only in very specific cases.
+This option is available since Linux kernel version 4.5.
+.TP
 .B "\-\-version"
 Show the program version.
 .SH RETURN CODES
@@ -130,9 +149,9 @@ The first implementation of veritysetup was written by Chrome OS authors.
 This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
 and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2013 Red Hat, Inc.
+Copyright \(co 2012-2016 Red Hat, Inc.
 .br
-Copyright \(co 2012-2014 Milan Broz
+Copyright \(co 2012-2016 Milan Broz
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

misc/dracut_90reencrypt/README

@@ -11,9 +11,11 @@ e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
 will be reencrypted (default is whole device).
 (Name is kernel name of device.)
 
-Also, you may specify keyslot which you want to use for reencryption,
+If there's more than single active keyslot in the target luks device
-rd.luks.reencrypt_keyslot=<keyslot_number>. Bear in mind that if you
+you're required to select one keyslot explicitly for reencryption via
-use this option, all other keyslots will be deactivated.
+rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
+if you use this option, all other keyslots will get deactivated in the
+process.
 
 Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
 can be used to read password for specific keyslot from device containing

misc/dracut_90reencrypt/module-setup.sh

@@ -24,6 +24,8 @@ install() {
 
     dracut_install cryptsetup-reencrypt
 
+    # moddir variable is assigned in dracut general shell lib
+    # shellcheck disable=SC2154
     inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
     inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
 }

misc/dracut_90reencrypt/reencrypt.sh

@@ -39,7 +39,8 @@ reenc_readkey() {
 }
 
 reenc_run() {
-    local cwd=$(pwd)
+    local cwd
+    cwd=$(pwd)
     local _prompt="LUKS password for REENCRYPTING $device"
     cd /tmp
     if [ "$1" = "none" ] ; then

po/LINGUAS

@@ -8,6 +8,7 @@ id
 it
 nl
 pl
+pt_BR
 sr
 sv
 uk

po/fi.po

@@ -13,6 +13,7 @@ msgstr ""
 "Last-Translator: Jorma Karvonen <karvonen.jorma@gmail.com>\n"
 "Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
 "Language: fi\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

po/id.po

@@ -11,6 +11,7 @@ msgstr ""
 "PO-Revision-Date: 2010-01-27 07:30+0700\n"
 "Last-Translator: Arif E. Nugroho <arif_endro@yahoo.com>\n"
 "Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=ISO-8859-1\n"
 "Content-Transfer-Encoding: 8bit\n"

python/pycryptsetup.c

@@ -640,7 +640,7 @@ static char
 CryptSetup_iterationTime_HELP[] =
 "Set iteration time\n\n\
   iterationTime(time_ms)\n\n\
-  time_ms - time in miliseconds";
+  time_ms - time in milliseconds";
 
 static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {

src/Makefile.am

@@ -77,7 +77,8 @@ cryptsetup_reencrypt_SOURCES = \
 	cryptsetup_reencrypt.c			\
 	cryptsetup.h
 
-cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD)
+cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) \
+	@UUID_LIBS@
 cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS)
 
 sbin_PROGRAMS += cryptsetup-reencrypt

src/cryptsetup.c

@@ -28,6 +28,7 @@ static const char *opt_hash = NULL;
 static int opt_verify_passphrase = 0;
 
 static const char *opt_key_file = NULL;
+static const char *opt_keyfile_stdin = NULL;
 static int opt_keyfiles_count = 0;
 static const char *opt_keyfiles[MAX_KEYFILES];
 
@@ -239,11 +240,14 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
 {
 	int r, tries = opt_tries, eperm = 0;
 
+	if (opt_keyfile_stdin)
+		tries = 1;
+
 	do {
 		/* TCRYPT header is encrypted, get passphrase now */
 		r = tools_get_key(_("Enter passphrase: "),
 				  CONST_CAST(char**)&params->passphrase,
-				  &params->passphrase_size, 0, 0, NULL, opt_timeout,
+				  &params->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout,
 				 _verify_passphrase(0), 0, cd);
 		if (r < 0)
 			continue;
@@ -827,7 +831,8 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 	int i, r;
 
 	ki = crypt_keyslot_status(cd, key_slot);
-	if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL))
+	if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file &&
+	    msg_last && !yesDialog(msg_last, NULL))
 		return -EPERM;
 
 	r = tools_get_key(msg_pass, &password, &passwordLen,
@@ -854,6 +859,10 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 		}
 	}
 
+	/* Handle inactive keyslots the same as bad password here */
+	if (r == -ENOENT)
+		r = -EPERM;
+
 	if (r == -EPERM)
 		log_err(_("No key available with this passphrase.\n"));
 out:
@@ -887,7 +896,7 @@ static int action_luksKillSlot(void)
 		goto out;
 	}
 
-	if (!opt_batch_mode) {
+	if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) {
 		r = verify_keyslot(cd, opt_key_slot,
 			_("This is the last keyslot. Device will become unusable after purging this key."),
 			_("Enter any remaining passphrase: "),
@@ -1372,7 +1381,7 @@ static struct action_type {
 	{ "close",        action_close,        1, 1, N_("<name>"), N_("close device (remove mapping)") },
 	{ "resize",       action_resize,       1, 1, N_("<name>"), N_("resize active device") },
 	{ "status",       action_status,       1, 0, N_("<name>"), N_("show device status") },
-	{ "benchmark",    action_benchmark,    0, 0, N_("<name>"), N_("benchmark cipher") },
+	{ "benchmark",    action_benchmark,    0, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
 	{ "repair",       action_luksRepair,   1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
 	{ "erase",        action_luksErase ,   1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
 	{ "luksFormat",   action_luksFormat,   1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
@@ -1529,7 +1538,7 @@ int main(int argc, const char **argv)
 	poptContext popt_context;
 	struct action_type *action;
 	const char *aname;
-	int r;
+	int r, total_keyfiles = 0;
 
 	crypt_set_log_callback(NULL, tool_log, NULL);
 
@@ -1543,11 +1552,15 @@ int main(int argc, const char **argv)
 
 	while((r = poptGetNextOpt(popt_context)) > 0) {
 		unsigned long long ull_value;
-		char *endp;
+		char *endp, *kf;
 
 		if (r == 5) {
-			if (opt_keyfiles_count < MAX_KEYFILES)
+			kf = poptGetOptArg(popt_context);
-				opt_keyfiles[opt_keyfiles_count++] = poptGetOptArg(popt_context);
+			if (tools_is_stdin(kf))
+				opt_keyfile_stdin = kf;
+			else if (opt_keyfiles_count < MAX_KEYFILES)
+				opt_keyfiles[opt_keyfiles_count++] = kf;
+			total_keyfiles++;
 			continue;
 		}
 
@@ -1699,6 +1712,10 @@ int main(int argc, const char **argv)
 		      _("Negative number for option not permitted."),
 		      poptGetInvocationName(popt_context));
 
+	if (total_keyfiles > 1 && strcmp(opt_type, "tcrypt"))
+		usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_random && opt_urandom)
 		usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
 		      poptGetInvocationName(popt_context));

src/cryptsetup_reencrypt.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup-reencrypt - crypt utility for offline re-encryption
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2015, Milan Broz All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
@@ -24,6 +24,7 @@
 #include <sys/time.h>
 #include <linux/fs.h>
 #include <arpa/inet.h>
+#include <uuid/uuid.h>
 
 #define PACKAGE_REENC "crypt_reencrypt"
 
@@ -33,6 +34,7 @@
 static const char *opt_cipher = NULL;
 static const char *opt_hash = NULL;
 static const char *opt_key_file = NULL;
+static const char *opt_uuid = NULL;
 static long opt_keyfile_size = 0;
 static long opt_keyfile_offset = 0;
 static int opt_iteration_time = 1000;
@@ -68,6 +70,7 @@ struct reenc_ctx {
 	uint64_t device_offset;
 	uint64_t device_shift;
 
+	int stained:1;
 	int in_progress:1;
 	enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
 	enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;
@@ -148,7 +151,7 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 				rc->device);
 			return -EBUSY;
 		}
-		log_err(_("Cannot open device %s\n"), rc->device);
+		log_err(_("Cannot open device %s.\n"), rc->device);
 		return -EINVAL;
 	}
 
@@ -179,11 +182,6 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 		log_verbose(_("Marking LUKS device %s unusable.\n"), rc->device);
 		memcpy(buf, NOMAGIC, MAGIC_L);
 		r = 0;
-	} else if (set_magic == MAKE_USABLE && !memcmp(buf, NOMAGIC, MAGIC_L) &&
-		   version == 1) {
-		log_verbose(_("Marking LUKS device %s usable.\n"), rc->device);
-		memcpy(buf, MAGIC, MAGIC_L);
-		r = 0;
 	} else if (set_magic == CHECK_UNUSABLE && version == 1) {
 		r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0;
 		if (!r)
@@ -200,6 +198,8 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 			log_err(_("Cannot write device %s.\n"), rc->device);
 			r = -EIO;
 		}
+		if (s > 0 && set_magic == MAKE_UNUSABLE)
+			rc->stained = 1;
 	} else
 		log_dbg("LUKS signature check failed for %s.", rc->device);
 out:
@@ -370,6 +370,7 @@ static int open_log(struct reenc_ctx *rc)
 	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
 	if (rc->log_fd != -1) {
 		log_dbg("Created LUKS reencryption log file %s.", rc->log_file);
+		rc->stained = 0;
 	} else if (errno == EEXIST) {
 		log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
 		rc->log_fd = open(rc->log_file, O_RDWR|flags);
@@ -653,8 +654,10 @@ static int restore_luks_header(struct reenc_ctx *rc)
 	crypt_free(cd);
 	if (r)
 		log_err(_("Cannot restore LUKS header on device %s.\n"), rc->device);
-	else
+	else {
 		log_verbose(_("LUKS header on device %s restored.\n"), rc->device);
+		rc->stained = 0;
+	}
 	return r;
 }
 
@@ -791,6 +794,9 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 	if (write_log(rc) < 0)
 		return -EIO;
 
+	/* dirty the device during ENCRYPT mode */
+	rc->stained = 1;
+
 	while (!quit && rc->device_offset) {
 		if (rc->device_offset < block_size) {
 			working_offset = 0;
@@ -955,6 +961,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL;
 	int r;
+	uuid_t device_uuid;
 
 	log_dbg("Initialising UUID.");
 
@@ -963,6 +970,16 @@ static int initialize_uuid(struct reenc_ctx *rc)
 		return 0;
 	}
 
+	if (opt_decrypt && opt_uuid) {
+		r = uuid_parse(opt_uuid, device_uuid);
+		if (!r)
+			rc->device_uuid = strdup(opt_uuid);
+		else
+			log_err(_("Provided UUID is invalid.\n"));
+
+		return r;
+	}
+
 	/* Try to load LUKS from device */
 	if ((r = crypt_init(&cd, rc->device)))
 		return r;
@@ -979,7 +996,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 }
 
 static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
-			    const char *msg, int slot_to_check, int check)
+			    const char *msg, int slot_to_check, int check, int verify)
 {
 	char *password;
 	int r = -EINVAL, retry_count;
@@ -990,11 +1007,15 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
 		set_int_handler(0);
 		r = crypt_get_key(msg, &password, &passwordLen,
 			0, 0, NULL /*opt_key_file*/,
-			0, 0, cd);
+			0, verify, cd);
 		if (r < 0)
 			return r;
-		if (quit)
+		if (quit) {
+			crypt_safe_free(password);
+			password = NULL;
+			passwordLen = 0;
 			return -EAGAIN;
+		}
 
 		/* library uses sigint internally, until it is fixed...*/
 		set_int_block(1);
@@ -1077,7 +1098,7 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	log_dbg("Passhrases initialization.");
 
 	if (rc->reencrypt_mode == ENCRYPT && !rc->in_progress) {
-		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0);
+		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0, 1);
 		return r > 0 ? 0 : r;
 	}
 
@@ -1099,14 +1120,14 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	} else if (rc->in_progress ||
 		   opt_key_slot != CRYPT_ANY_SLOT ||
 		   rc->reencrypt_mode == DECRYPT) {
-		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1);
+		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1, 0);
 	} else for (i = 0; i < MAX_SLOT; i++) {
 		ki = crypt_keyslot_status(cd, i);
 		if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
 			continue;
 
 		snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), i);
-		r = init_passphrase1(rc, cd, msg, i, 1);
+		r = init_passphrase1(rc, cd, msg, i, 1, 0);
 		if (r < 0)
 			break;
 	}
@@ -1119,7 +1140,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 {
 	log_dbg("Initialising reencryption context.");
 
-	rc->log_fd =-1;
+	rc->log_fd = -1;
 
 	if (!(rc->device = strndup(device, PATH_MAX)))
 		return -ENOMEM;
@@ -1159,6 +1180,12 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 	}
 
 	if (!rc->in_progress) {
+		if (opt_uuid) {
+			log_err(_("No decryption in progress, provided UUID can "
+			"be used only to resume suspended decryption process.\n"));
+			return -EINVAL;
+		}
+
 		if (!opt_reduce_size)
 			rc->reencrypt_direction = FORWARD;
 		else {
@@ -1186,10 +1213,7 @@ static void destroy_context(struct reenc_ctx *rc)
 	close_log(rc);
 	remove_headers(rc);
 
-	if ((rc->reencrypt_direction == FORWARD &&
+	if (!rc->stained) {
-	     rc->device_offset == rc->device_size) ||
-	    (rc->reencrypt_direction == BACKWARD &&
-	     (rc->device_offset == 0 || rc->device_offset == (uint64_t)~0))) {
 		unlink(rc->log_file);
 		unlink(rc->header_file_org);
 		unlink(rc->header_file_new);
@@ -1205,7 +1229,9 @@ static void destroy_context(struct reenc_ctx *rc)
 static int run_reencrypt(const char *device)
 {
 	int r = -EINVAL;
-	static struct reenc_ctx rc = {};
+	static struct reenc_ctx rc = {
+		.stained = 1
+	};
 
 	if (initialize_context(&rc, device))
 		goto out;
@@ -1231,7 +1257,7 @@ static int run_reencrypt(const char *device)
 				goto out;
 		}
 	} else {
-		if ((r = initialize_passphrase(&rc, rc.header_file_new)))
+		if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new)))
 			goto out;
 	}
 
@@ -1248,6 +1274,8 @@ static int run_reencrypt(const char *device)
 	// FIXME: fix error path above to not skip this
 	if (rc.reencrypt_mode != DECRYPT)
 		r = restore_luks_header(&rc);
+	else
+		rc.stained = 0;
 out:
 	destroy_context(&rc);
 	return r;
@@ -1301,6 +1329,7 @@ int main(int argc, const char **argv)
 		{ "device-size",       '\0', POPT_ARG_STRING, &opt_device_size_str,     0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
 		{ "new",               'N',  POPT_ARG_NONE, &opt_new,                   0, N_("Create new header on not encrypted device."), NULL },
 		{ "decrypt",           '\0', POPT_ARG_NONE, &opt_decrypt,               0, N_("Permanently decrypt device (remove encryption)."), NULL },
+		{ "uuid",              '\0', POPT_ARG_STRING, &opt_uuid,                0, N_("The uuid used to resume decryption."), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
@@ -1401,6 +1430,10 @@ int main(int argc, const char **argv)
 		usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."),
 		      poptGetInvocationName(popt_context));
 
+	if (opt_uuid && !opt_decrypt)
+		usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

src/utils_tools.c

@@ -206,7 +206,7 @@ const char *uuid_or_device(const char *spec)
 		strcpy(device, "/dev/disk/by-uuid/");
 		ptr = &device[strlen(device)];
 		i = uuid_len;
-		while ((s = spec[i++]) && i < PATH_MAX) {
+		while ((s = spec[i++]) && i < (PATH_MAX - 13)) {
 			if (!isxdigit(s) && s != '-')
 				return spec; /* Bail it out */
 			if (isalpha(s))
@@ -319,7 +319,7 @@ int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
 	}
 
 	tmp = *size * mult;
-	if ((tmp / *size) != mult) {
+	if (*size && (tmp / *size) != mult) {
 		log_dbg("Device size overflow.");
 		return -EINVAL;
 	}

src/veritysetup.c

@@ -1,8 +1,8 @@
 /*
  * veritysetup - setup cryptographic volumes for dm-verity
  *
- * Copyright (C) 2012-2013, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2013, Milan Broz
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -33,6 +33,9 @@ static uint64_t data_blocks = 0;
 static const char *salt_string = NULL;
 static uint64_t hash_offset = 0;
 static const char *opt_uuid = NULL;
+static int opt_restart_on_corruption = 0;
+static int opt_ignore_corruption = 0;
+static int opt_ignore_zero_blocks = 0;
 
 static int opt_version_mode = 0;
 
@@ -127,6 +130,13 @@ static int _activate(const char *dm_device,
 	if ((r = crypt_init(&cd, hash_device)))
 		goto out;
 
+	if (opt_ignore_corruption)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+	if (opt_restart_on_corruption)
+		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+	if (opt_ignore_zero_blocks)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+
 	if (use_superblock) {
 		params.flags = flags;
 		params.hash_area_offset = hash_offset;
@@ -273,6 +283,14 @@ static int action_status(int arg)
 		}
 		log_std("  hash offset: %" PRIu64 " sectors\n",
 			vp.hash_area_offset * vp.hash_block_size / 512);
+
+		if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+				 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+				 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS))
+			log_std("  flags:       %s%s%s\n",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks" : "");
 	}
 out:
 	crypt_free(cd);
@@ -383,6 +401,9 @@ int main(int argc, const char **argv)
 		{ "hash",            'h',  POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
 		{ "salt",            's',  POPT_ARG_STRING, &salt_string,    0, N_("Salt"), N_("hex string") },
 		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use."), NULL },
+		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
+		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
+		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
 		POPT_TABLEEND
 	};
 
@@ -468,6 +489,16 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 	}
 
+	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "create"))
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for create operation.\n"),
+		poptGetInvocationName(popt_context));
+
+	if (opt_ignore_corruption && opt_restart_on_corruption)
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

tests/align-test

@@ -14,8 +14,10 @@ cleanup() {
 	    rmdir $MNT_DIR 2>/dev/null
 	fi
 	[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove $DEV_STACKED >/dev/null 2>&1
+	# FIXME scsi_debug sometimes in-use here
+	sleep 1
 	rmmod scsi_debug 2>/dev/null
-	sleep 2
+	sleep 1
 }
 
 fail()
@@ -141,7 +143,7 @@ cleanup
 
 echo "# Create enterprise-class 4K drive"
 echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format 256 4096
 format 256 2560 8
 format 128 2048
@@ -187,7 +189,7 @@ format_null 512 4096 2048
 cleanup
 
 echo "# Offset check: 4096B sector drive"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format_null  64 2048    0 8:72:136:200:264:328:392:456
 format_null  64  520    1
 format_null  64  520    8
@@ -213,7 +215,7 @@ cleanup
 echo "# Create enterprise-class 4K drive with fs and LUKS images."
 # loop device here presents 512 block but images have 4k block
 # cryptsetup should properly use 4k block on direct-io
-add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
 for file in $(ls img_fs_*.img.bz2) ; do
     echo "Format using fs image $file."
     bzip2 -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"

tests/api-test.c

@@ -1808,6 +1808,8 @@ static void VerityTest(void)
 	/* hash fail */
 	root_hash[1] = ~root_hash[1];
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	/* Be sure there was some read activity to mark device corrupted. */
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));
@@ -1816,6 +1818,7 @@ static void VerityTest(void)
 	/* data fail */
 	OK_(crypt_set_data_device(cd, DEVICE_1));
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));

tests/compat-test

@@ -327,6 +327,8 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
 echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d - $KEY2 || fail
 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
 
 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
@@ -355,6 +357,12 @@ $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
+# if password or keyfile is provided, batch mode must not suppress it
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
 # kill slot using passphrase from 1
 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail

tests/luks1-compat-test

@@ -61,7 +61,7 @@ if [ $(id -u) != 0 ]; then
 fi
 
 test_required
-[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner
 
 echo "ACTIVATION FS UUID CHECK"
 for file in $(ls $TST_DIR/luks1_*) ; do

tests/tcrypt-compat-test

@@ -67,7 +67,7 @@ function test_required()
 test_required
 export LANG=C
 
-[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2 --no-same-owner
 
 echo "HEADER CHECK"
 for file in $(ls $TST_DIR/[tv]c_*) ; do

tests/verity-compat-test

@@ -55,6 +55,18 @@ function check_exists()
 	[ -b /dev/mapper/$DEV_NAME ] || fail
 }
 
+function check_version()
+{
+        VER_STR=$(dmsetup targets | grep verity | cut -f 3 -dv)
+        VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+        VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+
+        # option supported in 1.3
+        test $VER_MAJ -gt 1 && return 0
+        test $VER_MIN -ge 3 && return 0
+        return 1
+}
+
 function compare_out() # $1 what, $2 expected
 {
 	OPT=$(grep -v "^#" $DEV_OUT | grep -i "$1" | sed -e s/.*\:\ // )
@@ -78,7 +90,7 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	if [ $sb == yes ] ; then
 		VERIFY_PARAMS=""
 	else
-		FORMAT_PAFAMS="$FORMAT_PARAMS --no-superlock"
+		FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
 		VERIFY_PARAMS=$FORMAT_PARAMS
 	fi
 
@@ -132,6 +144,21 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	done
 }
 
+function check_option() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, $6 CLI option, $7 status option
+{
+	DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
+	FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
+
+	echo -n "Option $6 "
+	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >/dev/null 2>&1 || fail
+	$VERITYSETUP create $DEV_NAME $DEV_PARAMS $2 $6 >/dev/null 2>&1 || fail
+	check_exists
+	$VERITYSETUP status $DEV_NAME 2>/dev/null | grep flags | grep -q $7 || fail
+	dmsetup table $DEV_NAME 2>/dev/null | grep -q $7 || fail
+	$VERITYSETUP remove $DEV_NAME >/dev/null 2>&1 || fail
+	echo "[OK]"
+}
+
 function valgrind_setup()
 {
 	which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
@@ -181,5 +208,16 @@ check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4
 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
 
+if check_version ; then
+	echo "Verity data corruption options test."
+	SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
+	HASH=9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
+	prepare 8192 1024
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption" "ignore_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--restart-on-corruption" "restart_on_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-zero-blocks" "ignore_zero_blocks"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption --ignore-zero-blocks" "ignore_corruption"
+fi
+
 remove_mapping
 exit 0