Version 2.7.0.

Found by CodeQL.

.github/workflows/cibuild.yml

@@ -17,7 +17,7 @@ jobs:
       fail-fast: false
       matrix:
         env:
-          - { COMPILER: "gcc", COMPILER_VERSION: "11",  RUN_SSH_PLUGIN_TEST: "1" }
+          - { COMPILER: "gcc", COMPILER_VERSION: "13",  RUN_SSH_PLUGIN_TEST: "1" }
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout

.github/workflows/codeql.yml

@@ -41,7 +41,7 @@ jobs:
 
       - name: Install dependencies
         run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
-        env: { COMPILER: "gcc", COMPILER_VERSION: "11",  RUN_SSH_PLUGIN_TEST: "1" }
+        env: { COMPILER: "gcc", COMPILER_VERSION: "13",  RUN_SSH_PLUGIN_TEST: "1" }
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@v2

.github/workflows/coverity.yml

@@ -17,7 +17,7 @@ jobs:
         run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
         env:
           COMPILER: "gcc"
-          COMPILER_VERSION: "11"
+          COMPILER_VERSION: "13"
       - name: Install Coverity
         run: |
           wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=mbroz/cryptsetup" -O cov-analysis-linux64.tar.gz

README.md

@@ -39,21 +39,15 @@ Download
 Release notes and tarballs are available at
 [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest stable cryptsetup release candidate version is 2.7.0-rc1**
-  * [cryptsetup-2.7.0-rc1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0-rc1.tar.xz)
-  * Signature [cryptsetup-2.7.0-rc1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0-rc1.tar.sign)
+**The latest stable cryptsetup release version is 2.7.0**
+  * [cryptsetup-2.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.xz)
+  * Signature [cryptsetup-2.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.7.0-rc1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-rc1-ReleaseNotes).
-
-**The latest stable cryptsetup release version is 2.6.1**
-  * [cryptsetup-2.6.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz)
-  * Signature [cryptsetup-2.6.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign)
-    _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.6.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.1-ReleaseNotes).
+  * [Cryptsetup 2.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes).
 
 Previous versions
- * [Version 2.5.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) -
-   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) -
+ * [Version 2.6.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign) -
    [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes).
  * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) -
    [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) -

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.7.0-rc1])
+AC_INIT([cryptsetup],[2.7.0])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)

docs/Keyring.txt

@@ -12,30 +12,53 @@ no longer stored directly in dm-crypt target. Starting with cryptsetup 2.0 we
 load VK in kernel keyring by default for LUKSv2 devices (when dm-crypt with the
 feature is available).
 
-Currently cryptsetup loads VK in 'logon' type kernel key so that VK is passed in
-the kernel and can't be read from userspace afterward. Also cryptsetup loads VK in
-thread keyring (before passing the reference to dm-crypt target) so that the key
+Currently, cryptsetup loads VK in 'logon' type kernel key so that VK is passed in
+the kernel and can't be read from userspace afterwards. Also, cryptsetup loads VK in
+the thread keyring (before passing the reference to dm-crypt target) so that the key
 lifetime is directly bound to the process that performs the dm-crypt setup. When
-cryptsetup process exits (for whatever reason) the key gets unlinked in kernel
+cryptsetup process exits (for whatever reason) the key gets unlinked in the kernel
 automatically. In summary, the key description visible in dm-crypt table line is
 a reference to VK that usually no longer exists in kernel keyring service if you
-used cryptsetup to for device activation.
+used cryptsetup for device activation.
 
 Using this feature dm-crypt no longer maintains a direct key copy (but there's
-always at least one copy in kernel crypto layer).
+always at least one copy in the kernel crypto layer).
+
+Additionally, libcryptsetup supports the linking of volume keys to
+user-specified kernel keyring with crypt_set_keyring_to_link(). The user may
+specify keyring name, key type ('user' or 'logon') and key description where
+libcryptsetup should link the verified volume key upon subsequent device
+activation (or key verification alone).
+
+The volume key(s) (provided the key type is 'user') linked in the user keyring
+can be later used to activate the device via crypt_activate_by_keyslot_context()
+with CRYPT_KC_TYPE_VK_KEYRING type keyslot context
+(acquired by crypt_keyslot_context_init_by_vk_in_keyring()).
+
+Example of how to use volume key linked in custom user keyring from cryptsetup
+utility:
+
+1) Open the device and store the volume key to the session keyring:
+# cryptsetup open <device> --link-vk-to-keyring "@s::%user:testkey" tst
+
+2) Add a keyslot using the stored volume key in a keyring:
+# cryptsetup luksAddKey <device> --volume-key-keyring "%user:testkey"
+
+3) Activate the device using the volume key cached in a keyring ('user' type key)
+# cryptsetup open <device> <active_name> --volume-key-keyring "testkey"
 
 II) Keyslot passphrase
 The second use case for kernel keyring is to allow cryptsetup reading the keyslot
-passphrase stored in kernel keyring instead. The user may load passphrase in kernel
+passphrase stored in kernel keyring instead. The user may load the passphrase in the kernel
 keyring and notify cryptsetup to read it from there later. Currently, cryptsetup
 cli supports kernel keyring for passphrase only via LUKS2 internal token
-(luks2-keyring). Library also provides a general method for device activation by
-reading passphrase from keyring: crypt_activate_by_keyring(). The key type
+(luks2-keyring). The library also provides a general method for device activation by
+reading the passphrase from the keyring: crypt_activate_by_keyring(). The key type
 for use case II) must always be 'user' since we need to read the actual key
-data from userspace unlike with VK in I). Ability to read keyslot passphrase
-from kernel keyring also allows easily auto-activate LUKS2 devices.
+data from userspace unlike with VK in I). The ability to read keyslot passphrases
+from kernel keyring also allows easy auto-activate LUKS2 devices.
 
-Simple example how to use kernel keyring for keyslot passphrase:
+Simple example of how to use kernel keyring for keyslot passphrase:
 
 1) create LUKS2 keyring token for keyslot 0 (in LUKS2 device/image)
 cryptsetup token add --key-description my:key -S 0 /dev/device
@@ -43,7 +66,7 @@ cryptsetup token add --key-description my:key -S 0 /dev/device
 2) Load keyslot passphrase in user keyring
 read -s -p "Keyslot passphrase: "; echo -n $REPLY | keyctl padd user my:key @u
 
-3) Activate device using passphrase stored in kernel keyring
+3) Activate the device using the passphrase stored in the kernel keyring
 cryptsetup open /dev/device my_unlocked_device
 
 4a) unlink the key when no longer needed by
@@ -52,5 +75,5 @@ keyctl unlink %user:my:key @u
 4b) or revoke it immediately by
 keyctl revoke %user:my:key
 
-If cryptsetup asks for passphrase in step 3) something went wrong with keyring
+If cryptsetup asks for a passphrase in step 3) something went wrong with keyring
 activation. See --debug output then.

docs/LUKS2-locking.txt

@@ -5,7 +5,7 @@ Why
 ~~~
 
 LUKS2 format keeps two identical copies of metadata stored consecutively
-at the head of metadata device (file or bdev). The metadata
+at the head of the metadata device (file or bdev). The metadata
 area (both copies) must be updated in a single atomic operation to avoid
 header corruption during concurrent write.
 
@@ -15,17 +15,17 @@ locking with legacy format was not so obvious as it is with the LUKSv2 format.
 
 With LUKS2 the boundary between read-only and read-write is blurry and what
 used to be the exclusively read-only operation (i.e., cryptsetup open command) may
-easily become read-update operation silently without user's knowledge.
-Major feature of LUKS2 format is resilience against accidental
+easily become read-update operation silently without the user's knowledge.
+A major feature of the LUKS2 format is resilience against accidental
 corruption of metadata (i.e., partial header overwrite by parted or cfdisk
-while creating partition on mistaken block device).
-Such header corruption is detected early on header read and auto-recovery
+while creating a partition on a mistaken block device).
+Such header corruption is detected early on the header read and the auto-recovery
 procedure takes place (the corrupted header with checksum mismatch is being
 replaced by the secondary one if that one is intact).
-On current Linux systems header load operation may be triggered without user
-direct intervention for example by udev rule or from systemd service.
-Such clash of header read and auto-recovery procedure could have severe
-consequences with the worst case of having LUKS2 device unaccessible or being
+On current Linux systems header load operation may be triggered without the user
+direct intervention for example by an udev rule or from a systemd service.
+Such a clash of header read and auto-recovery procedure could have severe
+consequences with the worst case of having a LUKS2 device inaccessible or being
 broken beyond repair.
 
 The whole locking of LUKSv2 device headers split into two categories depending
@@ -36,17 +36,17 @@ I) block device
 
 We perform flock() on file descriptors of files stored in a private
 directory (by default /run/lock/cryptsetup). The file name is derived
-from major:minor couple of affected block device. Note we recommend
-that access to private locking directory is supposed to be limited
-to superuser only. For this method to work the distribution needs
+from major:minor couple of the affected block device. Note we recommend
+that access to the private locking directory is supposed to be limited
+to the superuser only. For this method to work the distribution needs
 to install the locking directory with appropriate access rights.
 
 II) regular files
 ~~~~~~~~~~~~~~~~~
 
-First notable difference between headers stored in a file
+A first notable difference between headers stored in a file
 vs. headers stored in a block device is that headers in a file may be
-manipulated by the regular user unlike headers on block devices. Therefore
+manipulated by the regular user, unlike headers on block devices. Therefore
 we perform flock() protection on file with the luks2 header directly.
 
 Limitations
@@ -58,4 +58,40 @@ while locking is enabled.
 We do not suppress any other negative effect that two or more concurrent
 writers of the same header may cause.
 
-b) The locking is not cluster aware in any way.
+b) The locking is not cluster-aware in any way.
+
+Additional LUKS2 locks
+======================
+
+LUKS2 reencryption device lock
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Device in LUKS2 reencryption is protected by an exclusive lock placed in the default
+locking directory. The lock's purpose is to exclude multiple processes from
+performing reencryption on the same device (identified by LUKS uuid). The lock
+is taken no matter the LUKS2 reencryption mode (online or offline).
+
+LUKS2 memory hard global lock
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+An optional global lock that makes libcryptsetup serialize memory hard
+pbkdf function when deriving a key encryption key from passphrase on unlocking
+LUKS2 keyslot. The lock has to be enabled via the CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
+flag. The lock is placed in the default locking directory.
+
+LUKS2 OPAL lock
+~~~~~~~~~~~~~~~
+
+Exclusive per device lock taken when manipulating LUKS2 device configured for use with
+SED OPAL2 locking range.
+
+Lock ordering
+=============
+
+To avoid a deadlock following rules must apply:
+
+- LUKS2 reencrytpion lock must be taken before LUKS2 OPAL lock.
+
+- LUKS2 OPAL lock must be taken before LUKS2 metadata lock.
+
+- LUKS2 memory hard global lock can not be used with other locks.

docs/doxyfile

@@ -1,4 +1,4 @@
-# Doxyfile 1.9.1
+# Doxyfile 1.9.8
 
 #---------------------------------------------------------------------------
 # Project related configuration options
@@ -10,9 +10,9 @@ PROJECT_BRIEF          = "Public cryptsetup API"
 PROJECT_LOGO           =
 OUTPUT_DIRECTORY       = doxygen_api_docs
 CREATE_SUBDIRS         = NO
+CREATE_SUBDIRS_LEVEL   = 8
 ALLOW_UNICODE_NAMES    = NO
 OUTPUT_LANGUAGE        = English
-OUTPUT_TEXT_DIRECTION  = None
 BRIEF_MEMBER_DESC      = YES
 REPEAT_BRIEF           = YES
 ABBREVIATE_BRIEF       =
@@ -39,6 +39,7 @@ OPTIMIZE_OUTPUT_SLICE  = NO
 EXTENSION_MAPPING      =
 MARKDOWN_SUPPORT       = YES
 TOC_INCLUDE_HEADINGS   = 5
+MARKDOWN_ID_STYLE      = DOXYGEN
 AUTOLINK_SUPPORT       = YES
 BUILTIN_STL_SUPPORT    = NO
 CPP_CLI_SUPPORT        = NO
@@ -52,6 +53,7 @@ INLINE_SIMPLE_STRUCTS  = NO
 TYPEDEF_HIDES_STRUCT   = YES
 LOOKUP_CACHE_SIZE      = 0
 NUM_PROC_THREADS       = 1
+TIMESTAMP              = NO
 #---------------------------------------------------------------------------
 # Build related configuration options
 #---------------------------------------------------------------------------
@@ -72,6 +74,7 @@ INTERNAL_DOCS          = NO
 CASE_SENSE_NAMES       = YES
 HIDE_SCOPE_NAMES       = NO
 HIDE_COMPOUND_REFERENCE= NO
+SHOW_HEADERFILE        = YES
 SHOW_INCLUDE_FILES     = YES
 SHOW_GROUPED_MEMB_INC  = NO
 FORCE_LOCAL_INCLUDES   = NO
@@ -101,9 +104,12 @@ QUIET                  = NO
 WARNINGS               = YES
 WARN_IF_UNDOCUMENTED   = YES
 WARN_IF_DOC_ERROR      = YES
+WARN_IF_INCOMPLETE_DOC = YES
 WARN_NO_PARAMDOC       = NO
+WARN_IF_UNDOC_ENUM_VAL = NO
 WARN_AS_ERROR          = NO
 WARN_FORMAT            = "$file:$line: $text"
+WARN_LINE_FORMAT       = "at line $line of file $file"
 WARN_LOGFILE           =
 #---------------------------------------------------------------------------
 # Configuration options related to the input files
@@ -111,6 +117,7 @@ WARN_LOGFILE           =
 INPUT                  = doxygen_index.h \
                          ../lib/libcryptsetup.h
 INPUT_ENCODING         = UTF-8
+INPUT_FILE_ENCODING    =
 FILE_PATTERNS          =
 RECURSIVE              = NO
 EXCLUDE                =
@@ -126,6 +133,7 @@ FILTER_PATTERNS        =
 FILTER_SOURCE_FILES    = NO
 FILTER_SOURCE_PATTERNS =
 USE_MDFILE_AS_MAINPAGE =
+FORTRAN_COMMENT_AFTER  = 72
 #---------------------------------------------------------------------------
 # Configuration options related to source browsing
 #---------------------------------------------------------------------------
@@ -158,15 +166,17 @@ HTML_FOOTER            =
 HTML_STYLESHEET        =
 HTML_EXTRA_STYLESHEET  =
 HTML_EXTRA_FILES       =
+HTML_COLORSTYLE        = AUTO_LIGHT
 HTML_COLORSTYLE_HUE    = 220
 HTML_COLORSTYLE_SAT    = 100
 HTML_COLORSTYLE_GAMMA  = 80
-HTML_TIMESTAMP         = YES
 HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
+HTML_CODE_FOLDING      = YES
 HTML_INDEX_NUM_ENTRIES = 100
 GENERATE_DOCSET        = NO
 DOCSET_FEEDNAME        = "Doxygen generated docs"
+DOCSET_FEEDURL         =
 DOCSET_BUNDLE_ID       = org.doxygen.Project
 DOCSET_PUBLISHER_ID    = org.doxygen.Publisher
 DOCSET_PUBLISHER_NAME  = Publisher
@@ -177,6 +187,7 @@ GENERATE_CHI           = NO
 CHM_INDEX_ENCODING     =
 BINARY_TOC             = NO
 TOC_EXPAND             = NO
+SITEMAP_URL            =
 GENERATE_QHP           = NO
 QCH_FILE               =
 QHP_NAMESPACE          = org.doxygen.Project
@@ -189,14 +200,16 @@ GENERATE_ECLIPSEHELP   = NO
 ECLIPSE_DOC_ID         = org.doxygen.Project
 DISABLE_INDEX          = NO
 GENERATE_TREEVIEW      = NO
+FULL_SIDEBAR           = NO
 ENUM_VALUES_PER_LINE   = 4
 TREEVIEW_WIDTH         = 250
 EXT_LINKS_IN_WINDOW    = NO
+OBFUSCATE_EMAILS       = YES
 HTML_FORMULA_FORMAT    = png
 FORMULA_FONTSIZE       = 10
-FORMULA_TRANSPARENT    = YES
 FORMULA_MACROFILE      =
 USE_MATHJAX            = NO
+MATHJAX_VERSION        = MathJax_2
 MATHJAX_FORMAT         = HTML-CSS
 MATHJAX_RELPATH        = http://www.mathjax.org/mathjax
 MATHJAX_EXTENSIONS     =
@@ -227,9 +240,7 @@ PDF_HYPERLINKS         = YES
 USE_PDFLATEX           = YES
 LATEX_BATCHMODE        = NO
 LATEX_HIDE_INDICES     = NO
-LATEX_SOURCE_CODE      = NO
 LATEX_BIB_STYLE        = plain
-LATEX_TIMESTAMP        = NO
 LATEX_EMOJI_DIRECTORY  =
 #---------------------------------------------------------------------------
 # Configuration options related to the RTF output
@@ -240,7 +251,6 @@ COMPACT_RTF            = NO
 RTF_HYPERLINKS         = NO
 RTF_STYLESHEET_FILE    =
 RTF_EXTENSIONS_FILE    =
-RTF_SOURCE_CODE        = NO
 #---------------------------------------------------------------------------
 # Configuration options related to the man page output
 #---------------------------------------------------------------------------
@@ -261,12 +271,17 @@ XML_NS_MEMB_FILE_SCOPE = NO
 #---------------------------------------------------------------------------
 GENERATE_DOCBOOK       = NO
 DOCBOOK_OUTPUT         = docbook
-DOCBOOK_PROGRAMLISTING = NO
 #---------------------------------------------------------------------------
 # Configuration options for the AutoGen Definitions output
 #---------------------------------------------------------------------------
 GENERATE_AUTOGEN_DEF   = NO
 #---------------------------------------------------------------------------
+# Configuration options related to Sqlite3 output
+#---------------------------------------------------------------------------
+GENERATE_SQLITE3       = NO
+SQLITE3_OUTPUT         = sqlite3
+SQLITE3_RECREATE_DB    = YES
+#---------------------------------------------------------------------------
 # Configuration options related to the Perl module output
 #---------------------------------------------------------------------------
 GENERATE_PERLMOD       = NO
@@ -294,15 +309,14 @@ ALLEXTERNALS           = NO
 EXTERNAL_GROUPS        = YES
 EXTERNAL_PAGES         = YES
 #---------------------------------------------------------------------------
-# Configuration options related to the dot tool
+# Configuration options related to diagram generator tools
 #---------------------------------------------------------------------------
-CLASS_DIAGRAMS         = YES
-DIA_PATH               =
 HIDE_UNDOC_RELATIONS   = YES
 HAVE_DOT               = NO
 DOT_NUM_THREADS        = 0
-DOT_FONTNAME           = Helvetica
-DOT_FONTSIZE           = 10
+DOT_COMMON_ATTR        = "fontname=Helvetica,fontsize=10"
+DOT_EDGE_ATTR          = "labelfontname=Helvetica,labelfontsize=10"
+DOT_NODE_ATTR          = "shape=box,height=0.2,width=0.4"
 DOT_FONTPATH           =
 CLASS_GRAPH            = YES
 COLLABORATION_GRAPH    = YES
@@ -318,18 +332,20 @@ CALL_GRAPH             = NO
 CALLER_GRAPH           = NO
 GRAPHICAL_HIERARCHY    = YES
 DIRECTORY_GRAPH        = YES
+DIR_GRAPH_MAX_DEPTH    = 1
 DOT_IMAGE_FORMAT       = png
 INTERACTIVE_SVG        = NO
 DOT_PATH               =
 DOTFILE_DIRS           =
-MSCFILE_DIRS           =
+DIA_PATH               =
 DIAFILE_DIRS           =
 PLANTUML_JAR_PATH      =
 PLANTUML_CFG_FILE      =
 PLANTUML_INCLUDE_PATH  =
 DOT_GRAPH_MAX_NODES    = 50
 MAX_DOT_GRAPH_DEPTH    = 0
-DOT_TRANSPARENT        = NO
 DOT_MULTI_TARGETS      = NO
 GENERATE_LEGEND        = YES
 DOT_CLEANUP            = YES
+MSCGEN_TOOL            =
+MSCFILE_DIRS           =

docs/examples/crypt_log_usage.c

@@ -1,7 +1,7 @@
 /*
  * libcryptsetup API log example
  *
- * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

docs/examples/crypt_luks_usage.c

@@ -1,7 +1,7 @@
 /*
  *  libcryptsetup API - using LUKS device example
  *
- * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

docs/v2.7.0-ReleaseNotes

@@ -1,20 +1,6 @@
-Cryptsetup 2.7.0-rc1 Release Notes
-==================================
-Stable release candidate with new features and bug fixes.
-
-Changes since version 2.7.0-rc0
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-* Used Argon2 PBKDF implementation is now reported in debug mode
-  in the cryptographic backend version. For native support in
-  OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
-  If libargon2 is used, "cryptsetup libargon2" (for embedded
-  library) or "external libargon2" is displayed.
-
-* Fix wiping of OPAL key in the kernel on luksSuspend.
-
-* Use metadata lock for OPAL disk manipulation to avoid unexpected
-  states if two processes manipulate the device.
+Cryptsetup 2.7.0 Release Notes
+==============================
+Stable release with new features and bug fixes.
 
 Changes since version 2.6.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -68,7 +54,7 @@ Changes since version 2.6.1
 
   Compatibility notes:
     - Linux kernel SED interface does NOT work through USB external
-    adapters due to the mising compatibility layer in Linux USB storage
+    adapters due to the missing compatibility layer in Linux USB storage
     drivers (even if USB hardware itself can support OPAL commands).
     - other TCG security subsystems like Ruby or Pyrite are not
     supported. Note that many drives support only Pyrite subsystem that
@@ -214,7 +200,7 @@ Changes since version 2.6.1
   <keyring_description>::<key_description>.
   The <keyring_description> contains the existing kernel keyring
   description (numeric id or keyctl format). The <keyring_description>
-  may be optionaly prefixed with "%:" or "%keyring:". The string "::" is
+  may be optionally prefixed with "%:" or "%keyring:". The string "::" is
   a delimiter that separates keyring and key descriptions.
   The <key_description> has the same syntax as used in the
   --volume-key-keyring option.
@@ -273,9 +259,7 @@ Changes since version 2.6.1
   option is specified.
 
 * Properly report if the dm-verity device cannot be activated due to
-  the inability to verify the signed root hash.
-
-  If the kernel returns ENOKEY, it is properly propagated.
+  the inability to verify the signed root hash (ENOKEY).
 
 * Fix to check passphrase for selected keyslot only when adding
   new keyslot.
@@ -385,6 +369,12 @@ Changes since version 2.6.1
   Argon2 has been available since version 1.10, but we need version 1.11,
   which will allow empty passwords.
 
+* Used Argon2 PBKDF implementation is now reported in debug mode
+  in the cryptographic backend version. For native support in
+  OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
+  If libargon2 is used, "cryptsetup libargon2" (for embedded
+  library) or "external libargon2" is displayed.
+
 * Link only libcrypto from OpenSSL.
 
   This reduces dependencies as other OpenSSL libraries are not needed.
@@ -413,6 +403,9 @@ Changes since version 2.6.1
   and possibly corrupt data if the user also tries to modify the
   underlying device.
 
+* Update keyring and locking documentation and LUKS2 specification
+  for OPAL2 support.
+
 Libcryptsetup API extensions
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The libcryptsetup API is backward compatible for all existing symbols.

lib/bitlk/bitlk.c

@@ -1,9 +1,9 @@
 /*
  * BITLK (BitLocker-compatible) volume handling
  *
- * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2023 Milan Broz
- * Copyright (C) 2019-2023 Vojtech Trefny
+ * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2024 Milan Broz
+ * Copyright (C) 2019-2024 Vojtech Trefny
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/bitlk/bitlk.h

@@ -1,9 +1,9 @@
 /*
  * BITLK (BitLocker-compatible) header definition
  *
- * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2023 Milan Broz
- * Copyright (C) 2019-2023 Vojtech Trefny
+ * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2024 Milan Broz
+ * Copyright (C) 2019-2024 Vojtech Trefny
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypt_plain.c

@@ -2,8 +2,8 @@
  * cryptsetup plain device helper functions
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/crypto_backend/argon2_generic.c

@@ -1,8 +1,8 @@
 /*
  * Argon2 PBKDF2 library wrapper
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/base64.c

@@ -4,7 +4,7 @@
  * Copyright (C) 2010 Lennart Poettering
  *
  * cryptsetup related changes
- * Copyright (C) 2021-2023 Milan Broz
+ * Copyright (C) 2021-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/cipher_check.c

@@ -1,8 +1,8 @@
 /*
  * Cipher performance check
  *
- * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2023 Milan Broz
+ * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/cipher_generic.c

@@ -1,8 +1,8 @@
 /*
  * Linux kernel cipher generic utilities
  *
- * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2023 Milan Broz
+ * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_backend.h

@@ -1,8 +1,8 @@
 /*
  * crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_backend_internal.h

@@ -1,8 +1,8 @@
 /*
  * crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_cipher_kernel.c

@@ -1,8 +1,8 @@
 /*
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_gcrypt.c

@@ -1,8 +1,8 @@
 /*
  * GCRYPT crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_kernel.c

@@ -1,8 +1,8 @@
 /*
  * Linux kernel userspace API crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_nettle.c

@@ -1,8 +1,8 @@
 /*
  * Nettle crypto backend implementation
  *
- * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2023 Milan Broz
+ * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_nss.c

@@ -1,8 +1,8 @@
 /*
  * NSS crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_openssl.c

@@ -1,8 +1,8 @@
 /*
  * OPENSSL crypto backend implementation
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2023 Milan Broz
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/crypto_storage.c

@@ -2,7 +2,7 @@
  * Generic wrapper for storage encryption modes and Initial Vectors
  * (reimplementation of some functions from Linux dm-crypt kernel)
  *
- * Copyright (C) 2014-2023 Milan Broz
+ * Copyright (C) 2014-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/pbkdf2_generic.c

@@ -4,8 +4,8 @@
  * Copyright (C) 2004 Free Software Foundation
  *
  * cryptsetup related changes
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/crypto_backend/pbkdf_check.c

@@ -1,7 +1,7 @@
 /*
  * PBKDF performance check
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  * Copyright (C) 2016-2020 Ondrej Mosnacek
  *
  * This file is free software; you can redistribute it and/or

lib/crypto_backend/utf8.c

@@ -4,7 +4,7 @@
  * Copyright (C) 2010 Lennart Poettering
  *
  * cryptsetup related changes
- * Copyright (C) 2021-2023 Vojtech Trefny
+ * Copyright (C) 2021-2024 Vojtech Trefny
 
  * Parts of the original systemd implementation are based on the GLIB utf8
  * validation functions.

lib/integrity/integrity.c

@@ -1,7 +1,7 @@
 /*
  * Integrity volume handling
  *
- * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2016-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/integrity/integrity.h

@@ -1,7 +1,7 @@
 /*
  * Integrity header definition
  *
- * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2016-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/internal.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/keyslot_context.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup, keyslot unlock helpers
  *
- * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2022-2023 Ondrej Kozina
+ * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/keyslot_context.h

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup, keyslot unlock helpers
  *
- * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2022-2023 Ondrej Kozina
+ * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/libcryptsetup.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -1628,11 +1628,12 @@ int crypt_persistent_flags_get(struct crypt_device *cd,
  * reencryption), more than one keyslot context is required (e.g. one for the old
  * volume key and one for the new volume key). The order of the keyslot
  * contexts does not matter. When less keyslot contexts are supplied than
- * required to unlock the device an -EPERM/-ENOKEY/TODO error code is returned
- * and you should call the function again with more keyslot contexts.
+ * required to unlock the device an -ESRCH error code is returned and you
+ * should call the function again with an additional keyslot context specified.
  *
- * NOTE: the API at the moment works for one keyslot context only, the second
- * keyslot context is just an API placeholder
+ * NOTE: the API at the moment fully works for single keyslot context only,
+ * the additional keyslot context currently works only with
+ * @e CRYPT_KC_TYPE_VK_KEYRING or @e CRYPT_KC_TYPE_KEY contexts.
  *
  * @param cd crypt device handle
  * @param name name of device to create, if @e NULL only check passphrase
@@ -3119,13 +3120,10 @@ void crypt_safe_memzero(void *data, size_t size);
  * devices that are in re-encryption and have two volume keys at the same time
  * (old and new). You can set the @e old_key_description to NULL,
  * but if you supply number of keys less than required, the function will
- * return -EAGAIN.  In that case you need to call the function again and set
+ * return -ESRCH.  In that case you need to call the function again and set
  * the missing key description. When supplying just one key description, make
  * sure to supply it in the @e key_description.
  *
- * NOTE: the API at the moment works for one key description only, the second
- * name is just an API placeholder
- *
  * @param cd crypt device handle
  * @param key_description the key description of the volume key linked in desired keyring.
  * @param old_key_description the key description of the old volume key linked in desired keyring

lib/libcryptsetup_macros.h

@@ -1,8 +1,8 @@
 /*
  * Definitions of common constant and generic macros of libcryptsetup
  *
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/libcryptsetup_symver.h

@@ -1,7 +1,7 @@
 /*
  * Helpers for defining versioned symbols
  *
- * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2021-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/libdevmapper.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -2843,7 +2843,7 @@ static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_
 int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix,
 		   char **names, size_t names_length)
 {
-	struct dm_task *dmt;
+	struct dm_task *dmt = NULL;
 	struct dm_info dmi;
 	struct dm_deps *deps;
 	int r = -EINVAL;

lib/loopaes/loopaes.c

@@ -1,8 +1,8 @@
 /*
  * loop-AES compatible volume handling
  *
- * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2023 Milan Broz
+ * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/loopaes/loopaes.h

@@ -1,8 +1,8 @@
 /*
  * loop-AES compatible volume handling
  *
- * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2023 Milan Broz
+ * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/luks1/af.c

@@ -2,7 +2,7 @@
  * AFsplitter - Anti forensic information splitter
  *
  * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  *
  * AFsplitter diffuses information over a large stripe of data,
  * therefore supporting secure data destruction.

lib/luks1/af.h

@@ -2,7 +2,7 @@
  * AFsplitter - Anti forensic information splitter
  *
  * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  *
  * AFsplitter diffuses information over a large stripe of data,
  * therefore supporting secure data destruction.

lib/luks1/keyencryption.c

@@ -2,8 +2,8 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks1/keymanage.c

@@ -2,8 +2,8 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2013-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2013-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks1/luks.h

@@ -2,7 +2,7 @@
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2.h

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -472,6 +472,9 @@ int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd,
 	size_t passphrase_size,
 	struct volume_key **vks);
 
+int LUKS2_reencrypt_locked_recovery_by_vks(struct crypt_device *cd,
+	struct volume_key *vks);
+
 void LUKS2_reencrypt_free(struct crypt_device *cd,
 	struct luks2_reencrypt *rh);
 
@@ -494,9 +497,13 @@ int LUKS2_reencrypt_check_device_size(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	uint64_t check_size,
 	uint64_t *dev_size,
-	bool activation,
+	bool device_exclusive_check,
 	bool dynamic);
 
+void LUKS2_reencrypt_lookup_key_ids(struct crypt_device *cd,
+        struct luks2_hdr *hdr,
+        struct volume_key *vk);
+
 int LUKS2_reencrypt_digest_verify(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	struct volume_key *vks);

lib/luks2/luks2_digest.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, digest handling
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_digest_pbkdf2.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible)
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_disk_metadata.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -256,6 +256,7 @@ static int hdr_read_disk(struct crypt_device *cd,
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), hdr_disk,
 				 LUKS2_HDR_BIN_LEN, offset) != LUKS2_HDR_BIN_LEN) {
+		memset(hdr_disk, 0, LUKS2_HDR_BIN_LEN);
 		return -EIO;
 	}
 
@@ -537,11 +538,20 @@ static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj
 }
 
 static json_object *parse_and_validate_json(struct crypt_device *cd,
-					    const char *json_area, uint64_t max_length)
+					    const char *json_area, uint64_t hdr_size)
 {
 	int json_len, r;
-	json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len);
+	json_object *jobj;
+	uint64_t max_length;
 
+	if (hdr_size <= LUKS2_HDR_BIN_LEN || hdr_size > LUKS2_HDR_OFFSET_MAX) {
+		log_dbg(cd, "LUKS2 header JSON has bogus size 0x%04" PRIx64 ".", hdr_size);
+		return NULL;
+	}
+
+	max_length = hdr_size - LUKS2_HDR_BIN_LEN;
+
+	jobj = parse_json_len(cd, json_area, max_length, &json_len);
 	if (!jobj)
 		return NULL;
 
@@ -635,7 +645,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	state_hdr1 = HDR_FAIL;
 	r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0);
 	if (r == 0) {
-		jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN);
+		jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size));
 		state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE;
 	} else if (r == -EIO)
 		state_hdr1 = HDR_FAIL_IO;
@@ -647,7 +657,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) {
 		r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1);
 		if (r == 0) {
-			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
+			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size));
 			state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
 		} else if (r == -EIO)
 			state_hdr2 = HDR_FAIL_IO;
@@ -655,11 +665,12 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 		/*
 		 * No header size, check all known offsets.
 		 */
+		hdr_disk2.hdr_size = 0;
 		for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++)
 			r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1);
 
 		if (r == 0) {
-			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
+			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size));
 			state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
 		} else if (r == -EIO)
 			state_hdr2 = HDR_FAIL_IO;

lib/luks2/luks2_internal.h

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -382,6 +382,7 @@ bool LUKS2_segments_dynamic_size(struct luks2_hdr *hdr);
 
 int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr);
 int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr);
+unsigned LUKS2_reencrypt_vks_count(struct luks2_hdr *hdr);
 int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise);
 
 /*

lib/luks2/luks2_json_format.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS2 header format code
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_json_metadata.c

@@ -1,9 +1,9 @@
 /*
  * LUKS - Linux Unified Key Setup v2
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
- * Copyright (C) 2015-2023 Ondrej Kozina
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
+ * Copyright (C) 2015-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_keyslot.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, keyslot handling
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_keyslot_luks2.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_keyslot_reenc.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption keyslot handler
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_luks1_convert.c

@@ -1,9 +1,9 @@
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Ondrej Kozina
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Ondrej Kozina
+ * Copyright (C) 2015-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_reencrypt.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption helpers
  *
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Ondrej Kozina
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -183,6 +183,21 @@ int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr)
 	return reencrypt_digest(hdr, 0);
 }
 
+unsigned LUKS2_reencrypt_vks_count(struct luks2_hdr *hdr)
+{
+	int digest_old, digest_new;
+	unsigned vks_count = 0;
+
+	if ((digest_new = LUKS2_reencrypt_digest_new(hdr)) >= 0)
+		vks_count++;
+	if ((digest_old = LUKS2_reencrypt_digest_old(hdr)) >= 0) {
+		if (digest_old != digest_new)
+			vks_count++;
+	}
+
+	return vks_count;
+}
+
 /* none, checksums, journal or shift */
 static const char *reencrypt_resilience_type(struct luks2_hdr *hdr)
 {
@@ -4331,7 +4346,7 @@ int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise)
 
 /* internal only */
 int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr,
-	uint64_t check_size, uint64_t *dev_size, bool activation, bool dynamic)
+	uint64_t check_size, uint64_t *dev_size, bool device_exclusive_check, bool dynamic)
 {
 	int r;
 	uint64_t data_offset, real_size = 0;
@@ -4340,7 +4355,8 @@ int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr
 	    (LUKS2_get_segment_by_flag(hdr, "backup-moved-segment") || dynamic))
 		check_size += reencrypt_data_shift(hdr);
 
-	r = device_check_access(cd, crypt_data_device(cd), activation ? DEV_EXCL : DEV_OK);
+	r = device_check_access(cd, crypt_data_device(cd),
+				device_exclusive_check ? DEV_EXCL : DEV_OK);
 	if (r)
 		return r;
 
@@ -4418,6 +4434,39 @@ out:
 
 	return r < 0 ? r : keyslot;
 }
+
+int LUKS2_reencrypt_locked_recovery_by_vks(struct crypt_device *cd,
+	struct volume_key *vks)
+{
+	uint64_t minimal_size, device_size;
+	int r = -EINVAL;
+	struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+	struct volume_key *vk = NULL;
+
+	log_dbg(cd, "Entering reencryption crash recovery.");
+
+	if (LUKS2_get_data_size(hdr, &minimal_size, NULL))
+		return r;
+
+	if (crypt_use_keyring_for_vk(cd))
+		vk = vks;
+	while (vk) {
+		r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, crypt_volume_key_get_id(vk));
+		if (r < 0)
+			goto out;
+		vk = crypt_volume_key_next(vk);
+	}
+
+	if (LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, false))
+		goto out;
+
+	r = reencrypt_recovery(cd, hdr, device_size, vks);
+
+out:
+	if (r < 0)
+		crypt_drop_keyring_key(cd, vks);
+	return r;
+}
 #endif
 crypt_reencrypt_info LUKS2_reencrypt_get_params(struct luks2_hdr *hdr,
 	struct crypt_params_reencrypt *params)

lib/luks2/luks2_reencrypt_digest.c

@@ -1,9 +1,9 @@
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption digest helpers
  *
- * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2022-2023 Ondrej Kozina
- * Copyright (C) 2022-2023 Milan Broz
+ * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2024 Ondrej Kozina
+ * Copyright (C) 2022-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -375,6 +375,22 @@ int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
 	return LUKS2_digest_assign(cd, hdr, keyslot_reencrypt, digest_reencrypt, 1, 0);
 }
 
+void LUKS2_reencrypt_lookup_key_ids(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vk)
+{
+	int digest_old, digest_new;
+
+	digest_old = LUKS2_reencrypt_digest_old(hdr);
+	digest_new = LUKS2_reencrypt_digest_new(hdr);
+
+	while (vk) {
+		if (digest_old >= 0 && LUKS2_digest_verify_by_digest(cd, digest_old, vk) == digest_old)
+			crypt_volume_key_set_id(vk, digest_old);
+		if (digest_new >= 0 && LUKS2_digest_verify_by_digest(cd, digest_new, vk) == digest_new)
+			crypt_volume_key_set_id(vk, digest_new);
+		vk = vk->next;
+	}
+}
+
 int LUKS2_reencrypt_digest_verify(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	struct volume_key *vks)

lib/luks2/luks2_segment.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, internal segment handling
  *
- * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2023 Ondrej Kozina
+ * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_token.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, token handling
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/luks2/luks2_token_keyring.c

@@ -1,8 +1,8 @@
 /*
  * LUKS - Linux Unified Key Setup v2, kernel keyring token
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/random.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup kernel RNG access functions
  *
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/setup.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -62,7 +62,8 @@ struct crypt_device {
 
 	bool link_vk_to_keyring;
 	int32_t keyring_to_link_vk;
-	const char *user_key_name;
+	const char *user_key_name1;
+	const char *user_key_name2;
 	key_type_t keyring_key_type;
 
 	uint64_t data_offset;
@@ -3906,7 +3907,8 @@ void crypt_free(struct crypt_device *cd)
 
 	free(CONST_CAST(void*)cd->pbkdf.type);
 	free(CONST_CAST(void*)cd->pbkdf.hash);
-	free(CONST_CAST(void*)cd->user_key_name);
+	free(CONST_CAST(void*)cd->user_key_name1);
+	free(CONST_CAST(void*)cd->user_key_name2);
 
 	/* Some structures can contain keys (TCRYPT), wipe it */
 	crypt_safe_memzero(cd, sizeof(*cd));
@@ -4112,29 +4114,6 @@ static int resume_luks1_by_volume_key(struct crypt_device *cd,
 	return r;
 }
 
-static key_serial_t crypt_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk)
-{
-	key_serial_t kid;
-	const char *type_name;
-
-	assert(cd);
-	assert(cd->link_vk_to_keyring);
-
-	if (!vk || !(type_name = key_type_name(cd->keyring_key_type)))
-		return -EINVAL;
-
-	log_dbg(cd, "Linking volume key (type %s, name %s) to the specified keyring",
-		    type_name, cd->user_key_name);
-
-	kid = keyring_add_key_to_custom_keyring(cd->keyring_key_type, cd->user_key_name, vk->key, vk->keylength, cd->keyring_to_link_vk);
-	if (kid <= 0) {
-		log_err(cd, _("Failed to link key to the specified keyring."));
-		log_dbg(cd, "The keyring_link_key_to_keyring function failed (error %d).", errno);
-	}
-
-	return kid;
-}
-
 static void crypt_unlink_key_from_custom_keyring(struct crypt_device *cd, key_serial_t kid)
 {
 	assert(cd);
@@ -4150,6 +4129,58 @@ static void crypt_unlink_key_from_custom_keyring(struct crypt_device *cd, key_se
 	log_err(cd, _("Failed to unlink volume key from user specified keyring."));
 }
 
+static key_serial_t crypt_single_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, const char *user_key_name)
+{
+	key_serial_t kid;
+	const char *type_name;
+
+	assert(cd);
+	assert(cd->link_vk_to_keyring);
+
+	if (!vk || !(type_name = key_type_name(cd->keyring_key_type)))
+		return -EINVAL;
+
+	log_dbg(cd, "Linking volume key (type %s, name %s) to the specified keyring",
+		    type_name, user_key_name);
+
+	kid = keyring_add_key_to_custom_keyring(cd->keyring_key_type, user_key_name, vk->key, vk->keylength, cd->keyring_to_link_vk);
+	if (kid <= 0) {
+		log_dbg(cd, "The keyring_link_key_to_keyring function failed (error %d).", errno);
+	}
+
+	return kid;
+}
+
+static int crypt_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, key_serial_t *kid1_out, key_serial_t *kid2_out)
+{
+	key_serial_t kid1, kid2 = 0;
+
+	assert(cd);
+	assert(cd->link_vk_to_keyring);
+	assert(cd->user_key_name1);
+
+	if (!vk || !key_type_name(cd->keyring_key_type))
+		return -EINVAL;
+
+	kid1 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name1);
+	if (kid1 <= 0)
+		return -EINVAL;
+
+	vk = vk->next;
+	if (vk) {
+		assert(cd->user_key_name2);
+		kid2 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name2);
+		if (kid2 <= 0) {
+			crypt_unlink_key_from_custom_keyring(cd, kid1);
+			return -EINVAL;
+		}
+	}
+
+	*kid2_out = kid2;
+	*kid1_out = kid1;
+	return 0;
+}
+
 static int resume_luks2_by_volume_key(struct crypt_device *cd,
 		int digest,
 		struct volume_key *vk,
@@ -4158,10 +4189,10 @@ static int resume_luks2_by_volume_key(struct crypt_device *cd,
 	bool use_keyring;
 	int r, enc_type;
 	uint32_t opal_segment_number;
-	key_serial_t user_vk_kid = 0;
 	struct volume_key *p_crypt = vk, *p_opal = NULL, *zerokey = NULL, *crypt_key = NULL, *opal_key = NULL;
 	char *iname = NULL;
 	struct crypt_lock_handle *opal_lh = NULL;
+	key_serial_t kid1 = 0, kid2 = 0;
 
 	assert(digest >= 0);
 	assert(vk && crypt_volume_key_get_id(vk) == digest);
@@ -4208,10 +4239,9 @@ static int resume_luks2_by_volume_key(struct crypt_device *cd,
 
 		/* upload volume key in custom keyring if requested */
 		if (cd->link_vk_to_keyring) {
-			user_vk_kid = crypt_volume_key_load_in_user_keyring(cd, vk);
-			if (user_vk_kid <= 0) {
+			r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2);
+			if (r < 0) {
 				log_err(cd, _("Failed to link volume key in user defined keyring."));
-				r = -EINVAL;
 				goto out;
 			}
 		}
@@ -4254,8 +4284,10 @@ static int resume_luks2_by_volume_key(struct crypt_device *cd,
 out:
 	if (r < 0) {
 		crypt_drop_keyring_key(cd, p_crypt);
-		if (user_vk_kid > 0 && cd->link_vk_to_keyring)
-			crypt_unlink_key_from_custom_keyring(cd, user_vk_kid);
+		if (cd->link_vk_to_keyring && kid1)
+			crypt_unlink_key_from_custom_keyring(cd, kid1);
+		if (cd->link_vk_to_keyring && kid2)
+			crypt_unlink_key_from_custom_keyring(cd, kid2);
 	}
 
 	if (r < 0 && p_opal)
@@ -4884,8 +4916,8 @@ static int _open_and_activate(struct crypt_device *cd,
 {
 	bool use_keyring;
 	int r;
-	key_serial_t user_vk_kid = 0;
 	struct volume_key *p_crypt = NULL, *p_opal = NULL, *crypt_key = NULL, *opal_key = NULL, *vk = NULL;
+	key_serial_t kid1 = 0, kid2 = 0;
 
 	r = LUKS2_keyslot_open(cd, keyslot,
 			       (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ?
@@ -4929,10 +4961,9 @@ static int _open_and_activate(struct crypt_device *cd,
 
 		/* upload the volume key in custom user keyring if requested */
 		if (cd->link_vk_to_keyring) {
-			user_vk_kid = crypt_volume_key_load_in_user_keyring(cd, vk);
-			if (user_vk_kid <= 0) {
+			r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2);
+			if (r < 0) {
 				log_err(cd, _("Failed to link volume key in user defined keyring."));
-				r = -EINVAL;
 				goto out;
 			}
 		}
@@ -4943,8 +4974,10 @@ static int _open_and_activate(struct crypt_device *cd,
 out:
 	if (r < 0) {
 		crypt_drop_keyring_key(cd, p_crypt);
-		if (user_vk_kid > 0 && cd->link_vk_to_keyring)
-			crypt_unlink_key_from_custom_keyring(cd, user_vk_kid);
+		if (cd->link_vk_to_keyring && kid1)
+			crypt_unlink_key_from_custom_keyring(cd, kid1);
+		if (cd->link_vk_to_keyring && kid2)
+			crypt_unlink_key_from_custom_keyring(cd, kid2);
 	}
 	crypt_free_volume_key(vk);
 	crypt_free_volume_key(crypt_key);
@@ -5017,6 +5050,107 @@ static int _open_all_keys(struct crypt_device *cd,
 	return r < 0 ? r : keyslot;
 }
 
+static int _open_and_activate_reencrypt_device_by_vk(struct crypt_device *cd,
+	struct luks2_hdr *hdr,
+	const char *name,
+	struct volume_key *vks,
+	uint32_t flags)
+{
+	bool dynamic_size;
+	crypt_reencrypt_info ri;
+	uint64_t minimal_size, device_size;
+	int r = 0;
+	struct crypt_lock_handle *reencrypt_lock = NULL;
+	key_serial_t kid1 = 0, kid2 = 0;
+	struct volume_key *vk;
+
+	if (!vks)
+		return -EINVAL;
+
+	if (crypt_use_keyring_for_vk(cd))
+		flags |= CRYPT_ACTIVATE_KEYRING_KEY;
+
+	r = LUKS2_reencrypt_lock(cd, &reencrypt_lock);
+	if (r) {
+		if (r == -EBUSY)
+			log_err(cd, _("Reencryption in-progress. Cannot activate device."));
+		else
+			log_err(cd, _("Failed to get reencryption lock."));
+		return r;
+	}
+
+	if ((r = crypt_load(cd, CRYPT_LUKS2, NULL)))
+		goto out;
+
+	ri = LUKS2_reencrypt_status(hdr);
+
+	if (ri == CRYPT_REENCRYPT_CRASH) {
+		r = LUKS2_reencrypt_locked_recovery_by_vks(cd, vks);
+		if (r < 0) {
+			log_err(cd, _("LUKS2 reencryption recovery using volume key(s) failed."));
+			goto out;
+		}
+
+		ri = LUKS2_reencrypt_status(hdr);
+	}
+	/* recovery finished reencryption or it's already finished */
+	if (ri == CRYPT_REENCRYPT_NONE) {
+		vk = crypt_volume_key_by_id(vks, LUKS2_digest_by_segment(hdr, CRYPT_DEFAULT_SEGMENT));
+		if (!vk) {
+			r = -EPERM;
+			goto out;
+		}
+
+		r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
+		if (r == -EPERM || r == -ENOENT)
+			log_err(cd, _("Volume key does not match the volume."));
+		if (r >= 0 && cd->link_vk_to_keyring) {
+			kid1 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name1);
+			if (kid1 <= 0)
+				r = -EINVAL;
+		}
+		if (r >= 0)
+			r = LUKS2_activate(cd, name, vk, NULL, flags);
+		goto out;
+	}
+	if (ri > CRYPT_REENCRYPT_CLEAN) {
+		r = -EINVAL;
+		goto out;
+	}
+
+	if ((flags & CRYPT_ACTIVATE_KEYRING_KEY)) {
+		r = load_all_keys(cd, vks);
+		if (r < 0)
+			goto out;
+	}
+
+	if ((r = LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size)))
+		goto out;
+
+	r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
+	if (r < 0)
+		goto out;
+
+	log_dbg(cd, "Entering clean reencryption state mode.");
+
+	r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size);
+	if (r < 0)
+		goto out;
+	if (cd->link_vk_to_keyring) {
+		r = crypt_volume_key_load_in_user_keyring(cd, vks, &kid1, &kid2);
+		if (r < 0) {
+			log_err(cd, _("Failed to link volume keys in user defined keyring."));
+			goto out;
+		}
+	}
+	r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags);
+out:
+	LUKS2_reencrypt_unlock(cd, reencrypt_lock);
+	crypt_drop_keyring_key(cd, vks);
+
+	return r;
+}
+
 static int _open_and_activate_reencrypt_device(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	int keyslot,
@@ -5031,6 +5165,7 @@ static int _open_and_activate_reencrypt_device(struct crypt_device *cd,
 	struct volume_key *vks = NULL;
 	int r = 0;
 	struct crypt_lock_handle *reencrypt_lock = NULL;
+	key_serial_t kid1 = 0, kid2 = 0;
 
 	if (crypt_use_keyring_for_vk(cd))
 		flags |= CRYPT_ACTIVATE_KEYRING_KEY;
@@ -5091,15 +5226,31 @@ static int _open_and_activate_reencrypt_device(struct crypt_device *cd,
 
 	log_dbg(cd, "Entering clean reencryption state mode.");
 
+	if (cd->link_vk_to_keyring) {
+		r = crypt_volume_key_load_in_user_keyring(cd, vks, &kid1, &kid2);
+		if (r < 0) {
+			log_err(cd, _("Failed to link volume keys in user defined keyring."));
+			goto out;
+		}
+	}
+
 	if (r >= 0)
-		r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size);
+		r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size,
+						      !(flags & CRYPT_ACTIVATE_SHARED),
+						      dynamic_size);
 
 	if (r >= 0)
 		r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags);
 out:
 	LUKS2_reencrypt_unlock(cd, reencrypt_lock);
-	if (r < 0)
+	if (r < 0) {
 		crypt_drop_keyring_key(cd, vks);
+		if (cd->link_vk_to_keyring && kid1)
+			crypt_unlink_key_from_custom_keyring(cd, kid1);
+		if (cd->link_vk_to_keyring && kid2)
+			crypt_unlink_key_from_custom_keyring(cd, kid2);
+	}
+
 	crypt_free_volume_key(vks);
 
 	return r < 0 ? r : keyslot;
@@ -5145,6 +5296,43 @@ static int _open_and_activate_luks2(struct crypt_device *cd,
 
 	return r;
 }
+
+static int _activate_luks2_by_volume_key(struct crypt_device *cd,
+	const char *name,
+	struct volume_key *vk,
+	struct volume_key *external_key,
+	uint32_t flags)
+{
+	int r;
+	crypt_reencrypt_info ri;
+	int digest_new, digest_old;
+	struct volume_key *vk_old = NULL, *vk_new = NULL;
+	ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr);
+	if (ri == CRYPT_REENCRYPT_INVALID)
+		return -EINVAL;
+
+	if (ri > CRYPT_REENCRYPT_NONE) {
+		digest_new = LUKS2_reencrypt_digest_new(&cd->u.luks2.hdr);
+		digest_old = LUKS2_reencrypt_digest_old(&cd->u.luks2.hdr);
+
+		if (digest_new >= 0) {
+			vk_new = crypt_volume_key_by_id(vk, digest_new);
+			assert(vk_new);
+			assert(crypt_volume_key_get_id(vk_new) == digest_new);
+		}
+		if (digest_old >= 0) {
+			vk_old = crypt_volume_key_by_id(vk, digest_old);
+			assert(vk_old);
+			assert(crypt_volume_key_get_id(vk_old) == digest_old);
+		}
+		r = _open_and_activate_reencrypt_device_by_vk(cd, &cd->u.luks2.hdr, name, vk, flags);
+	} else {
+		assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT));
+		r = LUKS2_activate(cd, name, vk, external_key, flags);
+	}
+
+	return r;
+}
 #else
 static int _open_and_activate_luks2(struct crypt_device *cd,
 	int keyslot,
@@ -5166,6 +5354,29 @@ static int _open_and_activate_luks2(struct crypt_device *cd,
 
 	return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size, flags);
 }
+
+static int _activate_luks2_by_volume_key(struct crypt_device *cd,
+	const char *name,
+	struct volume_key *vk,
+	struct volume_key *external_key,
+	uint32_t flags)
+{
+	int r;
+	crypt_reencrypt_info ri;
+	ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr);
+	if (ri == CRYPT_REENCRYPT_INVALID)
+		return -EINVAL;
+
+	if (ri > CRYPT_REENCRYPT_NONE) {
+		log_err(cd, _("This operation is not supported for this device type."));
+		r = -ENOTSUP;
+	} else {
+		assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT));
+		r = LUKS2_activate(cd, name, vk, external_key, flags);
+	}
+
+	return r;
+}
 #endif
 
 static int _activate_by_passphrase(struct crypt_device *cd,
@@ -5296,6 +5507,8 @@ static int _verify_key(struct crypt_device *cd,
 	struct volume_key *vk)
 {
 	int r = -EINVAL;
+	crypt_reencrypt_info ri;
+	struct luks2_hdr *hdr = &cd->u.luks2.hdr;
 
 	assert(cd);
 
@@ -5309,6 +5522,18 @@ static int _verify_key(struct crypt_device *cd,
 		if (r == -EPERM)
 			log_err(cd, _("Volume key does not match the volume."));
 	} else if (isLUKS2(cd->type)) {
+		ri = LUKS2_reencrypt_status(hdr);
+		if (ri == CRYPT_REENCRYPT_INVALID)
+			return -EINVAL;
+
+		if (ri > CRYPT_REENCRYPT_NONE) {
+			LUKS2_reencrypt_lookup_key_ids(cd, hdr, vk);
+			r = LUKS2_reencrypt_digest_verify(cd, hdr, vk);
+			if (r == -EPERM || r == -ENOENT || r == -EINVAL)
+				log_err(cd, _("Reencryption volume keys do not match the volume."));
+			return r;
+		}
+
 		if (segment == CRYPT_ANY_SEGMENT)
 			r = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk);
 		else {
@@ -5361,8 +5586,7 @@ static int _activate_by_volume_key(struct crypt_device *cd,
 
 		r = LUKS1_activate(cd, name, vk, flags);
 	} else if (isLUKS2(cd->type)) {
-		assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT));
-		r = LUKS2_activate(cd, name, vk, external_key, flags);
+		r = _activate_luks2_by_volume_key(cd, name, vk, external_key, flags);
 	} else if (isVERITY(cd->type)) {
 		assert(crypt_volume_key_get_id(vk) == KEY_VERIFIED);
 		r = VERITY_activate(cd, name, vk, external_key, cd->u.verity.fec_device,
@@ -5403,17 +5627,15 @@ const char *name,
 		*vk_sign = NULL, *p_crypt = NULL;
 	size_t passphrase_size;
 	const char *passphrase = NULL;
-	int unlocked_keyslot, r = -EINVAL;
-	key_serial_t user_vk_kid = 0;
-
-	UNUSED(additional_keyslot);
-	UNUSED(additional_kc);
-
-	log_dbg(cd, "%s volume %s [keyslot %d] using %s.",
-		name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyslot_context_type_string(kc));
+	int unlocked_keyslot, required_keys, unlocked_keys = 0, r = -EINVAL;
+	key_serial_t kid1 = 0, kid2 = 0;
+	struct luks2_hdr *hdr = &cd->u.luks2.hdr;
 
 	if (!cd || !kc)
 		return -EINVAL;
+
+	log_dbg(cd, "%s volume %s [keyslot %d] using %s.",
+		name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyslot_context_type_string(kc));
 	if (!name && (flags & CRYPT_ACTIVATE_REFRESH))
 		return -EINVAL;
 	if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))
@@ -5458,10 +5680,27 @@ const char *name,
 		if (kc->get_luks1_volume_key)
 			r = kc->get_luks1_volume_key(cd, kc, keyslot, &vk);
 	} else if (isLUKS2(cd->type)) {
+		required_keys = LUKS2_reencrypt_vks_count(hdr);
+
 		if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY && kc->get_luks2_key)
 			r = kc->get_luks2_key(cd, kc, keyslot, CRYPT_ANY_SEGMENT, &vk);
 		else if (kc->get_luks2_volume_key)
 			r = kc->get_luks2_volume_key(cd, kc, keyslot, &vk);
+		if (r >= 0) {
+			unlocked_keys++;
+
+			if (required_keys > 1 && vk && additional_kc) {
+				if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY && additional_kc->get_luks2_key)
+					r = additional_kc->get_luks2_key(cd, additional_kc, additional_keyslot, CRYPT_ANY_SEGMENT, &vk->next);
+				else if (additional_kc->get_luks2_volume_key)
+					r = additional_kc->get_luks2_volume_key(cd, additional_kc, additional_keyslot, &vk->next);
+				if (r >= 0)
+					unlocked_keys++;
+			}
+
+			if (unlocked_keys < required_keys)
+				r = -ESRCH;
+		}
 	} else if (isTCRYPT(cd->type)) {
 		r = 0;
 	} else if (name && isPLAIN(cd->type)) {
@@ -5504,7 +5743,6 @@ const char *name,
 	r = _verify_key(cd,
 			flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY ? CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT,
 			vk);
-
 	if (r < 0)
 		goto out;
 
@@ -5544,10 +5782,9 @@ const char *name,
 
 			/* upload the volume key in custom user keyring if requested */
 			if (cd->link_vk_to_keyring) {
-				user_vk_kid = crypt_volume_key_load_in_user_keyring(cd, vk);
-				if (user_vk_kid <= 0) {
+				r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2);
+				if (r < 0) {
 					log_err(cd, _("Failed to link volume key in user defined keyring."));
-					r = -EINVAL;
 					goto out;
 				}
 			}
@@ -5564,9 +5801,12 @@ const char *name,
 		r = unlocked_keyslot;
 out:
 	if (r < 0) {
+		crypt_drop_keyring_key(cd, vk);
 		crypt_drop_keyring_key(cd, p_crypt);
-		if (user_vk_kid > 0 && cd->link_vk_to_keyring)
-			crypt_unlink_key_from_custom_keyring(cd, user_vk_kid);
+		if (cd->link_vk_to_keyring && kid1)
+			crypt_unlink_key_from_custom_keyring(cd, kid1);
+		if (cd->link_vk_to_keyring && kid2)
+			crypt_unlink_key_from_custom_keyring(cd, kid2);
 	}
 
 	crypt_free_volume_key(vk);
@@ -7565,35 +7805,58 @@ int crypt_set_keyring_to_link(struct crypt_device *cd, const char *key_descripti
 			      const char *key_type_desc, const char *keyring_to_link_vk)
 {
 	key_type_t key_type = USER_KEY;
-	const char *name = NULL;
+	const char *name1 = NULL, *name2 = NULL;
 	int32_t id = 0;
+	int r, ri;
+	struct luks2_hdr *hdr;
+	unsigned user_descriptions_count, vks_count = 1;
 
-	UNUSED(old_key_description);
-
-	if (!cd || (!key_description && keyring_to_link_vk) ||
-	    (key_description && !keyring_to_link_vk))
+	if (!cd || ((!key_description && !old_key_description) && (keyring_to_link_vk || key_type_desc)) ||
+	    ((key_description || old_key_description) && !keyring_to_link_vk))
 		return -EINVAL;
 
+	hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+
+	/* if only one key description is supplied, force it to be the first one */
+	if (!key_description && old_key_description)
+		return -EINVAL;
+
+	if ((r = _onlyLUKS2(cd, 0, CRYPT_REQUIREMENT_OPAL | CRYPT_REQUIREMENT_ONLINE_REENCRYPT)))
+		return r;
+
 	if (key_type_desc)
 		key_type = key_type_by_name(key_type_desc);
-
 	if (key_type != LOGON_KEY && key_type != USER_KEY)
 		return -EINVAL;
 
+	ri = crypt_reencrypt_status(cd, NULL);
+	if (ri > CRYPT_REENCRYPT_NONE && ri < CRYPT_REENCRYPT_INVALID)
+		vks_count = LUKS2_reencrypt_vks_count(hdr);
+
+	user_descriptions_count = (key_description ? 1 : 0) + (old_key_description ? 1 : 0);
+	if (user_descriptions_count != 0 && vks_count > user_descriptions_count)
+		return -ESRCH;
+
 	if (keyring_to_link_vk) {
 		id = keyring_find_keyring_id_by_name(keyring_to_link_vk);
 		if (id == 0) {
 			log_err(cd, _("Could not find keyring described by \"%s\"."), keyring_to_link_vk);
 			return -EINVAL;
 		}
-		if (!(name = strdup(key_description)))
+		if (key_description && !(name1 = strdup(key_description)))
 			return -ENOMEM;
+		if (old_key_description && !(name2 = strdup(old_key_description))) {
+			free(CONST_CAST(void*)name1);
+			return -ENOMEM;
+		}
 	}
 
 	cd->keyring_key_type = key_type;
 
-	free(CONST_CAST(void*)cd->user_key_name);
-	cd->user_key_name = name;
+	free(CONST_CAST(void*)cd->user_key_name1);
+	free(CONST_CAST(void*)cd->user_key_name2);
+	cd->user_key_name1 = name1;
+	cd->user_key_name2 = name2;
 	cd->keyring_to_link_vk = id;
 	cd->link_vk_to_keyring = id != 0;
 

lib/tcrypt/tcrypt.c

@@ -1,8 +1,8 @@
 /*
  * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/tcrypt/tcrypt.h

@@ -1,8 +1,8 @@
 /*
  * TCRYPT (TrueCrypt-compatible)  header definition
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/utils.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -45,34 +45,44 @@ unsigned crypt_cpusonline(void)
 uint64_t crypt_getphysmemory_kb(void)
 {
 	long pagesize, phys_pages;
-	uint64_t phys_memory_kb;
+	uint64_t phys_memory_kb, page_size_kb;
 
 	pagesize = sysconf(_SC_PAGESIZE);
 	phys_pages = sysconf(_SC_PHYS_PAGES);
 
-	if (pagesize < 0 || phys_pages < 0)
+	if (pagesize <= 0 || phys_pages <= 0)
 		return 0;
 
-	phys_memory_kb = pagesize / 1024;
-	phys_memory_kb *= phys_pages;
+	page_size_kb = pagesize / 1024;
+	phys_memory_kb = page_size_kb * phys_pages;
 
+	/* sanity check for overflow */
+	if (phys_memory_kb / phys_pages != page_size_kb)
+		return 0;
+
+	/* coverity[return_overflow:FALSE] */
 	return phys_memory_kb;
 }
 
 uint64_t crypt_getphysmemoryfree_kb(void)
 {
 	long pagesize, phys_pages;
-	uint64_t phys_memoryfree_kb;
+	uint64_t phys_memoryfree_kb, page_size_kb;
 
 	pagesize = sysconf(_SC_PAGESIZE);
 	phys_pages = sysconf(_SC_AVPHYS_PAGES);
 
-	if (pagesize < 0 || phys_pages < 0)
+	if (pagesize <= 0 || phys_pages <= 0)
 		return 0;
 
-	phys_memoryfree_kb = pagesize / 1024;
-	phys_memoryfree_kb *= phys_pages;
+	page_size_kb = pagesize / 1024;
+	phys_memoryfree_kb = page_size_kb * phys_pages;
 
+	/* sanity check for overflow */
+	if (phys_memoryfree_kb / phys_pages != page_size_kb)
+		return 0;
+
+	/* coverity[return_overflow:FALSE] */
 	return phys_memoryfree_kb;
 }
 

lib/utils_benchmark.c

@@ -1,8 +1,8 @@
 /*
  * libcryptsetup - cryptsetup library, cipher benchmark
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2023 Milan Broz
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_blkid.c

@@ -1,7 +1,7 @@
 /*
  * blkid probe utilities
  *
- * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_blkid.h

@@ -1,7 +1,7 @@
 /*
  * blkid probe utilities
  *
- * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_crypt.c

@@ -2,8 +2,8 @@
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_crypt.h

@@ -2,8 +2,8 @@
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -30,6 +30,8 @@ struct crypt_device;
 #define MAX_CIPHER_LEN       32
 #define MAX_CIPHER_LEN_STR   "31"
 #define MAX_KEYFILES         32
+#define MAX_KEYRING_LINKS    2
+#define MAX_VK_IN_KEYRING    2
 #define MAX_CAPI_ONE_LEN     2 * MAX_CIPHER_LEN
 #define MAX_CAPI_ONE_LEN_STR "63"  /* for sscanf length + '\0' */
 #define MAX_CAPI_LEN         144   /* should be enough to fit whole capi string */

lib/utils_device.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_device_locking.c

@@ -1,8 +1,8 @@
 /*
  * Metadata on-disk locking for processes serialization
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_device_locking.h

@@ -1,8 +1,8 @@
 /*
  * Metadata on-disk locking for processes serialization
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_devpath.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -281,6 +281,7 @@ uint64_t crypt_dev_partition_offset(const char *dev_path)
 			      &val, "start"))
 		return 0;
 
+	/* coverity[tainted_data_return:FALSE] */
 	return val;
 }
 

lib/utils_dm.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_io.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_io.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_keyring.c

@@ -1,8 +1,8 @@
 /*
  * kernel keyring utilities
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_keyring.h

@@ -1,8 +1,8 @@
 /*
  * kernel keyring syscall wrappers
  *
- * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2023 Ondrej Kozina
+ * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2024 Ondrej Kozina
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_loop.c

@@ -1,8 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -282,7 +282,7 @@ static char *_sysfs_backing_file(const char *loop)
 {
 	struct stat st;
 	char buf[PATH_MAX];
-	size_t len;
+	ssize_t len;
 	int fd;
 
 	if (stat(loop, &st) || !S_ISBLK(st.st_mode))

lib/utils_loop.h

@@ -1,8 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_pbkdf.c

@@ -1,8 +1,8 @@
 /*
  * utils_pbkdf - PBKDF settings for libcryptsetup
  *
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_safe_memory.c

@@ -1,8 +1,8 @@
 /*
  * utils_safe_memory - safe memory helpers
  *
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/utils_storage_wrappers.c

@@ -2,7 +2,7 @@
  * Generic wrapper for storage functions
  * (experimental only)
  *
- * Copyright (C) 2018-2023 Ondrej Kozina
+ * Copyright (C) 2018-2024 Ondrej Kozina
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/utils_storage_wrappers.h

@@ -2,7 +2,7 @@
  * Generic wrapper for storage functions
  * (experimental only)
  *
- * Copyright (C) 2018-2023 Ondrej Kozina
+ * Copyright (C) 2018-2024 Ondrej Kozina
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/utils_wipe.c

@@ -2,8 +2,8 @@
  * utils_wipe - wipe a device
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2024 Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

lib/verity/rs.h

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2004 Phil Karn, KA9Q
  * libcryptsetup modifications
- *   Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/rs_decode_char.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2002, Phil Karn, KA9Q
  * libcryptsetup modifications
- *   Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/rs_encode_char.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2002, Phil Karn, KA9Q
  * libcryptsetup modifications
- *   Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/verity.c

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/verity.h

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/verity_fec.c

@@ -2,7 +2,7 @@
  * dm-verity Forward Error Correction (FEC) support
  *
  * Copyright (C) 2015 Google, Inc. All rights reserved.
- * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/verity/verity_hash.c

@@ -1,7 +1,7 @@
 /*
  * dm-verity volume handling
  *
- * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

lib/volumekey.c

@@ -2,7 +2,7 @@
  * cryptsetup volume key implementation
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License

man/cryptsetup-luksSuspend.8.adoc

@@ -20,6 +20,10 @@ Suspends an active device (all IO operations will block and accesses to
 the device will wait indefinitely) and wipes the encryption key from
 kernel memory. Needs kernel 2.6.19 or later.
 
+While the _luksSuspend_ operation wipes encryption keys from memory,
+it does not remove possible plaintext data in various caches or in-kernel
+metadata for mounted filesystems.
+
 After this operation, you have to use _luksResume_ to reinstate the
 encryption key and unblock the device or _close_ to remove the mapped
 device.

man/cryptsetup.8.adoc

@@ -701,11 +701,13 @@ The dm-crypt device then resides on top of such a dm-integrity device.
 All activation and deactivation of this device stack is performed by
 cryptsetup, there is no difference in using *luksOpen* for integrity
 protected devices. If you want to format LUKS2 device with data
-integrity protection, use *--integrity* option.
+integrity protection, use *--integrity* option (see *cryptsetup-luksFormat(8)*).
 
-Since dm-integrity doesn't support discards (TRIM), dm-crypt device on
-top of it inherits this, so integrity protection mode doesn't support
-discards either.
+Albeit Linux kernel 5.7 added TRIM support for standalone dm-integrity devices,
+*cryptsetup(8)* can't offer support for discards (TRIM) in authenticated
+encryption mode, because the underlying dm-crypt kernel module does not support
+this functionality when dm-integrity is used as auth tag space allocator
+(see *--allow-discards* in *cryptsetup-luksFormat(8)*).
 
 Some integrity modes requires two independent keys (key for encryption
 and for authentication). Both these keys are stored in one LUKS keyslot.

meson.build

@@ -2,7 +2,7 @@ project('cryptsetup',
     'c',
     default_options: [ 'prefix=/usr' ],
     meson_version: '>=0.64',
-    version: '2.7.0-rc1')
+    version: '2.7.0')
 
 libcryptsetup_version = '12.10.0'
 

misc/fedora/cryptsetup.spec

@@ -2,9 +2,9 @@
 
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.5.0
+Version: 2.7.0
 Release: 1%{?dist}
-License: GPLv2+ and LGPLv2+
+License: GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: autoconf, automake, libtool, gettext-devel,
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@@ -18,7 +18,7 @@ Obsoletes: %{name}-reencrypt <= %{version}
 Provides: %{name}-reencrypt = %{version}
 
 %global upstream_version %{version_no_tilde}
-Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{upstream_version}.tar.xz
+Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
 
 %description
 The cryptsetup package contains a utility for setting up