Update README for version 2.7.3.

For LUKS2 headers with non zero data offset LUKS2_wipe_header_areas
will always erase the smallest from following:

- metadata device size
- data offset value
- maximal LUKS2 metadata size (twice 2 MiBs json area including 128 MiB for
binary keyslot areas) even with detached header.

For zero value data offset (LUKS2 header can not be restored back to
data device), we erase up to smallest from the following values:

- metadata device size
- maximal LUKS2 metadata size (twice 2 MiBs json area including 128 MiB for

.gitlab-ci.yml

@@ -1,5 +1,6 @@
 stages:
   - test
+  - test-opal
 
 .fail_if_coredump_generated:
   after_script:

.gitlab/ci/compilation-various-disables.yml

@@ -11,7 +11,8 @@ test-gcc-disable-compiles:
           "kernel_crypto",
           "udev",
           "internal-argon2",
-          "blkid"
+          "blkid",
+          "hw-opal"
       ]
   artifacts:
     name: "meson-build-logs-$CI_COMMIT_REF_NAME"

.gitlab/ci/fedora-opal.yml

@@ -1,34 +1,11 @@
-.dnf-openssl-backend:
-  variables:
-    DISTRO: cryptsetup-fedora-rawhide
-  extends:
-    - .fail_if_coredump_generated
-  before_script:
-    - >
-      [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
-      sudo dnf -y -q install
-      swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel
-      libmount-devel swtpm-tools
-    - >
-      sudo dnf -y -q install
-      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
-      libargon2-devel libblkid-devel libpwquality-devel libselinux-devel
-      libssh-devel libtool libuuid-devel make popt-devel
-      libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils
-      sshpass tar uuid-devel vim-common device-mapper expect gettext git jq
-      keyutils openssl-devel openssl asciidoctor
-    - sudo -E git clean -xdf
-    - ./autogen.sh
-    - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc
-
 .opal-template-fedora:
   extends:
     - .dnf-openssl-backend
   tags:
     - libvirt
     - cryptsetup-fedora-rawhide
-  stage: test
-  interruptible: true
+  stage: test-opal
+  interruptible: false
   variables:
     OPAL2_DEV: "/dev/nvme0n1"
     OPAL2_PSID_FILE: "/home/gitlab-runner/psid.txt"
@@ -50,8 +27,7 @@ test-commit-rawhide-samsung980:
     - .opal-template-fedora
   tags:
     - tiber
-  stage: test
-  interruptible: true
+  interruptible: false
   variables:
     PCI_PASSTHROUGH_VENDOR_ID: "144d"
     PCI_PASSTHROUGH_DEVICE_ID: "a809"
@@ -65,43 +41,69 @@ test-mergerq-rawhide-samsung980:
     - .opal-template-fedora
   tags:
     - tiber
-  stage: test
-  interruptible: true
+  interruptible: false
   variables:
     PCI_PASSTHROUGH_VENDOR_ID: "144d"
     PCI_PASSTHROUGH_DEVICE_ID: "a809"
 
-# # WD PC SN740 SDDQNQD-512G-1014 (on tiber machine)
-# test-commit-rawhide-sn740:
-#   rules:
-#     - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
-#       when: never
-#     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
-#   extends:
-#     - .opal-template-fedora
-#   tags:
-#     - tiber
-#   stage: test
-#   interruptible: true
-#   variables:
-#     PCI_PASSTHROUGH_VENDOR_ID: "15b7"
-#     PCI_PASSTHROUGH_DEVICE_ID: "5017"
-#
-# test-mergerq-rawhide-sn740:
-#   rules:
-#     - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
-#       when: never
-#     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-#   extends:
-#     - .opal-template-fedora
-#   tags:
-#     - tiber
-#   stage: test
-#   interruptible: true
-#   variables:
-#     PCI_PASSTHROUGH_VENDOR_ID: "15b7"
-#     PCI_PASSTHROUGH_DEVICE_ID: "5017"
-#
+# WD PC SN740 SDDQNQD-512G-1014 (on tiber machine)
+test-commit-rawhide-sn740:
+  rules:
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  extends:
+    - .opal-template-fedora
+  tags:
+    - tiber
+  interruptible: false
+  variables:
+    PCI_PASSTHROUGH_VENDOR_ID: "15b7"
+    PCI_PASSTHROUGH_DEVICE_ID: "5017"
+
+test-mergerq-rawhide-sn740:
+  rules:
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  extends:
+    - .opal-template-fedora
+  tags:
+    - tiber
+  interruptible: false
+  variables:
+    PCI_PASSTHROUGH_VENDOR_ID: "15b7"
+    PCI_PASSTHROUGH_DEVICE_ID: "5017"
+
+# Samsung SSD 980 PRO 1TB (on trantor machine)
+test-commit-rawhide-samsung980pro:
+  rules:
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  extends:
+    - .opal-template-fedora
+  tags:
+    - trantor
+  interruptible: false
+  variables:
+    PCI_PASSTHROUGH_VENDOR_ID: "144d"
+    PCI_PASSTHROUGH_DEVICE_ID: "a80a"
+
+test-mergerq-rawhide-samsung980pro:
+  rules:
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  extends:
+    - .opal-template-fedora
+  tags:
+    - trantor
+  interruptible: false
+  variables:
+    PCI_PASSTHROUGH_VENDOR_ID: "144d"
+    PCI_PASSTHROUGH_DEVICE_ID: "a80a"
+
 # # UMIS RPETJ256MGE2MDQ (on tiber machine)
 # test-commit-rawhide-umis:
 #   rules:
@@ -113,7 +115,7 @@ test-mergerq-rawhide-samsung980:
 #   tags:
 #     - tiber
 #   stage: test
-#   interruptible: true
+#   interruptible: false
 #   variables:
 #     PCI_PASSTHROUGH_VENDOR_ID: "1cc4"
 #     PCI_PASSTHROUGH_DEVICE_ID: "6302"
@@ -128,7 +130,7 @@ test-mergerq-rawhide-samsung980:
 #   tags:
 #     - tiber
 #   stage: test
-#   interruptible: true
+#   interruptible: false
 #   variables:
 #     PCI_PASSTHROUGH_VENDOR_ID: "1cc4"
 #     PCI_PASSTHROUGH_DEVICE_ID: "6302"

CONTRIBUTING.md

@@ -0,0 +1,157 @@
+Contributing to cryptsetup
+==========================
+For basic information about the cryptsetup project, please read [README](README.md).
+
+The Cryptsetup project uses free, open-source licenses; details are described in [licensing](README.licensing).
+
+For contribution code or documentation to the cryptsetup project, you must have the necessary rights to the content, and your contribution must be provided under the required license.
+
+We welcome contributions from everyone.
+
+Cryptsetup is an independent project with much volunteer effort, and our resources are limited.
+Following the guidelines specified in this file makes it easier for us to process your issue.
+
+Project maintainers can remove or reject abusive or otherwise unacceptable comments or code.
+
+Git repository
+--------------
+The primary repository is located at [gitlab.com/cryptsetup/cryptsetup](https://gitlab.com/cryptsetup/cryptsetup).
+The development branch is ``main``; minor stable releases can use their branches with cherry-picked or backported patches.
+
+There are backup mirrors located at [github.com/mbroz/cryptsetup](https://github.com/mbroz/cryptsetup) and [git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git](https://git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git).
+
+How to make a bug report
+------------------------
+To report an issue or feature request, please use GitLab [cryptsetup issue tracker](https://gitlab.com/cryptsetup/cryptsetup/-/issues).
+
+Before reporting an issue, please try to search documentation and existing issues. Always try to reproduce the problem on the latest supported release.
+Please *always* collect and attach ``--debug`` log and other information as instructed in the issue template.
+Even if you think the problem is obvious, we need logged information about the environment (like versions of kernel modules, etc.).
+
+Please do not report distribution-specific issues if they are not present in the latest upstream release.
+For such reports, please use downstream distribution-specific trackers.
+If the issue is related to upstream, downstream maintainers will redirect you here, or upstream maintainers will join the discussion.
+
+If you think that you found some security bug, please follow the instructions in the [SECURITY](SECURITY.md) file.
+
+How to contribute changes to cryptsetup
+---------------------------------------
+The following notes are a very short introduction to cryptsetup internal processes and an overview of generic rules that should be followed for all changes.
+
+Changes from developers and external contributors should go through the GitLab repository [merge reguests](https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests).
+Alternatively (for trivial changes), you can send a patch to [cryptsetup mailing list](mailto:cryptsetup@lists.linux.dev).
+
+Please do not write personal emails with questions or patches to maintainers and developers.
+
+### Project structure
+Cryptsetup projects include a libcryptsetup library, tools, token plugins, documentation, and a test suite.
+
+Cryptsetup library (libcryptsetup) exports [versioned symbols](lib/libcryptsetup.sym).
+Tools (cryptsetup, veritysetup, integritysetup) use libcryptsetup shared library.
+Some isolated parts in the lib directory can be reused for tools (the source is recompiled).
+
+The basic directory structure in the repository is
+```
+├── docs - Documentation and release notes.
+├── lib  - libcryptsetup implementation
+│   ├── bitlk           - Bitlocker format
+│   ├── crypto_backend  - Cryptography backend
+│   ├── fvault2         - FileVault2 format
+│   ├── integrity       - Linux dm-integrity interface
+│   ├── loopaes         - Linux LoopAES format
+│   ├── luks1           - LUKS1 format
+│   ├── luks2           - LUKS2 format including OPAL2 SED
+│   ├── tcrypt          - TrueCrypt / VeraCrypt format
+│   └── verity          - Linux dm-verity interface
+├── man - Manual pages (in AsciiDoc format)
+├── misc - Miscellaneous additions
+├── po - Translation files
+├── scripts - Scripts for system configuration
+├── src - Tools implementation
+├── tests - Testsuite (test units, regression tests, fuzzing)
+└── tokens - Token plugins
+```
+### Coordination with other projects
+The cryptsetup tools and library use low-level functions that depend on many other subsystems.
+Currently, the project is supported only for Linux (it will not work on Android or other systems).
+
+Cryptsetup project requires some parts of the Linux kernel, notably the *Device Mapper* (dm-crypt, dm-integrity, dm-verity, dm-zero modules) and kernel *userspace cryptographic interface*.
+Missing kernel interface can significantly limit (or even disallow) cryptsetup functionality.
+
+Integration in operating systems also depends on several other projects, most notably *systemd* (that implements its own tooling using libcryptsetup) and *util-Linux* (*blkid* parsing of supported format metadata). Some changes must be synchronized in all needed places (kernel, blkid, libcryptsetup).
+
+Several other projects implement their own token metadata (either through binary token plugins or through generic libcryptsetup JSON token access functions).
+
+### Used cryptography algorithms
+Cryptsetup avoids implementing cryptographic primitives but uses cryptographic libraries.
+Exceptions were PBKDF internal implementations - PBKDF2 and Argon2 until these were integrated into major cryptographic libraries.
+
+Cryptsetup can be compiled with several cryptographic libraries backend (OpenSSL, libgcrypt, Nettle, NSS, and Linux kernel userspace API).
+OpenSSL is the default and strongly recommended configuration.
+
+If the cryptographic library does not implement some cryptographic primitive (for example, if running in a FIPS-140 environment or just
+because it does not include it at all), functionality could be limited.
+
+### Configuration and versioning
+Cryptsetup can be configured using *Autoconf* or *Meson*. Autoconf support is being deprecated in the long term.
+Currently, all new configuration options must be implemented in both systems.
+
+Cryptsetup intentionally does not use a system configuration file (located in /etc).
+All functionality must be determined dynamically.
+
+All related /etc configuration files (crypttab, fstab and others) are maintained by systemd (in some legacy distributions by cryptsetup downstream).
+
+Cryptsetup uses [semantic versioning](https://semver.org/).
+Major and minor releases are always based on the main git branch; the minor stable (patch) versions can have some specific branch with backported or cherry-picked patches (from the main branch).
+Usually, minor releases happen twice per year and stable patch updates according to reported bugs (in 1-3 month intervals).
+
+### Compilation and debugging
+The library and tools are written in C language; we require C99 and support gcc and Clang compilers.
+Manual pages are generated from AsciiDoc sources and libcryptsetup API documentation by Doxygen (from libcryptsetup.h comments).
+Testsuite is a combination of local C utilities, fuzzing implementation in C++, bash scripts, and uses many other system utilities.
+
+All tools contain compiled-in debug messages that are available through --debug options.
+
+With Autoconf and libtool, you can run the cryptsetup tool in the debugger without installation using this one-line script:
+```
+libtool --mode=execute gdb --args ./cryptsetup --debug $@
+```
+This will ensure that a properly compiled libcryptsetup file is used.
+
+### Coding style
+Cryptsetup uses [Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html) for libcryptsetup and tools (where applicable) with some additional notes:
+- Use tabulators for indentation; the line should not exceed 100 characters with an 8-character tabulator. Otherwise, use a tab of any length. :-).
+- The minimal C standard required is C99.
+- The ``goto`` use is allowed only for error path (``goto out`` for common code path, ``goto err`` for specific error code path).
+- Split patches per change; do not submit huge patches combining several changes.
+- Use an elaborative description in the patch header.
+- No need to use sign-off-by lines.
+- Use name prefixes (``crypt_``, ``LUKS2_`` and similar).
+- Avoid extensive preprocessor use (specifically ``#ifdef`` sections).
+- Use output only through ``log_err, log_std, log_verbose, log_dbg`` macros.
+  The ``log_dbg`` is always in English; the others should be wrapped in the ``_()`` macro for translation.
+- Use ``assert()`` but only for simple invariants and variables (avoid calling functions).
+  Do not use assert for user-defined input (this should be a normal error path).
+- The code style is quite relaxed in testing scripts (code there is not intended for production use).
+
+### General rules and testing
+- Cryptsetup should work on all architectures supported by the Linux kernel.
+Only very few functionalities require specific hardware (notably Opal SED support).
+If you want to introduce some specific hardware support, please discuss it with the maintainers first.
+
+- All code changes should go through merge requests and reviews.
+Code can be merged after review approval (done by someone with the commit right to the development repository), but reviews from external people are very welcome, too.
+
+- All new functionality must come with at least rudimentary coverage in the test suite.
+Always run the test suite before opening the merge request (``make check`` with root privilege).
+
+- We have continuous integration (CI) that runs many tests automatically, but the output is not directly visible for external merge request authors (for security reasons).
+All CI scripts are available in .gitlab and .github folders in the project repository.
+
+  Maintainers will provide you log files if anything fails. Your code must produce no warnings before it is merged.
+
+- We run compilation with many extended [gcc](.gitlab/ci/gcc-Wall) and [Clang](.gitlab/ci/clang-Wall) warnings and include some analyzers, notably
+  - [Coverity](https://scan.coverity.com), GitHub CodeQL, Clang scan-build, and gcc static analyzer, and
+  - fuzzing integrated in [OSS-fuzz project](https://github.com/google/oss-fuzz/tree/master/projects/cryptsetup).
+
+- Testsuite can also partially run under Valgrind dynamic analyzer with ``make valgrind-check``.

FAQ.md

@@ -169,17 +169,12 @@
   me write the section.  Please note that by contributing to this FAQ,
   you accept the license described below.
 
-  This work is under the "Attribution-Share Alike 3.0 Unported" license,
-  which means distribution is unlimited, you may create derived works, but
+  This work is licensed under a Creative Commons CC-BY-SA-4.0
+  "Attribution-ShareAlike 4.0 International" license which means
+  distribution is unlimited, you may create derived works, but
   attributions to original authors and this license statement must be
-  retained and the derived work must be under the same license.  See
-  https://creativecommons.org/licenses/by-sa/3.0/ for more details of the
-  license.
-
-  Side note: I did text license research some time ago and I think this
-  license is best suited for the purpose at hand and creates the least
-  problems.
-
+  retained and the derived work must be under the same license.
+  See https://creativecommons.org/licenses/by-sa/4.0/ for more details.
 
   * **1.6 Where is the project website?**
 

Makefile.am

@@ -1,4 +1,4 @@
-EXTRA_DIST = README.md SECURITY.md COPYING.LGPL FAQ.md docs misc autogen.sh
+EXTRA_DIST = README.md SECURITY.md COPYING.LGPL CONTRIBUTING.md FAQ.md docs misc autogen.sh
 EXTRA_DIST += meson_options.txt \
 	meson.build \
 	lib/crypto_backend/argon2/meson.build \

README.md

@@ -39,11 +39,11 @@ Download
 Release notes and tarballs are available at
 [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest stable cryptsetup release version is 2.7.0**
-  * [cryptsetup-2.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.xz)
-  * Signature [cryptsetup-2.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.sign)
+**The latest stable cryptsetup release version is 2.7.3**
+  * [cryptsetup-2.7.3.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.3.tar.xz)
+  * Signature [cryptsetup-2.7.3.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.3.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes).
+  * [Cryptsetup 2.7.3 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.3-ReleaseNotes).
 
 Previous versions
  * [Version 2.6.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) -

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.7.0])
+AC_INIT([cryptsetup],[2.7.3])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)

docs/examples/crypt_log_usage.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * libcryptsetup API log example
  *
  * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>

docs/examples/crypt_luks_usage.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  *  libcryptsetup API - using LUKS device example
  *
  * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>

docs/v2.7.1-ReleaseNotes

@@ -0,0 +1,30 @@
+Cryptsetup 2.7.1 Release Notes
+==============================
+Stable bug-fix release with minor extensions.
+
+All users of cryptsetup 2.7.0 should upgrade to this version.
+
+Changes since version 2.7.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix interrupted LUKS1 decryption resume.
+  With the replacement of the cryptsetup-reencrypt tool by the cryptsetup
+  reencrypt command, resuming the interrupted LUKS1 decryption operation
+  could fail. LUKS2 was not affected.
+
+* Allow --link-vk-to-keyring with --test-passphrase option.
+  This option allows uploading the volume key in a user-specified kernel
+  keyring without activating the device.
+
+* Fix crash when --active-name was used in decryption initialization.
+
+* Updates and changes to man pages, including indentation, sorting options
+  alphabetically, fixing mistakes in crypt_set_keyring_to_link, and fixing
+  some typos.
+
+* Fix compilation with libargon2 when --disable-internal-argon2 was used.
+
+* Do not require installed argon2.h header and never compile internal
+  libargon2 code if the crypto library directly supports Argon2.
+
+* Fixes to regression tests to support older Linux distributions.

docs/v2.7.2-ReleaseNotes

@@ -0,0 +1,31 @@
+Cryptsetup 2.7.2 Release Notes
+==============================
+Stable bug-fix release.
+
+All users of cryptsetup 2.7 should upgrade to this version.
+
+Changes since version 2.7.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* Fix activation of OPAL-only encrypted LUKS device with tokens.
+  The issue was caused by an invalid volume key check (assert)
+  that is impossible without software encryption.
+
+* Fix formatting of OPAL devices with 4096-byte sector size.
+
+* Fix incorrect OPAL locking range alignment calculation if used
+  over an unaligned device partition.
+
+* Add --hw-opal-factory-reset option description to the manual page.
+
+* Do not check the passphrase quality for OPAL Admin PIN,
+  as this passphrase already exists.
+
+* Update license for FAQ document to CC BY-SA 4.0.
+
+NOTE: Please note that with OPAL-only (--hw-opal-only) encryption,
+the configured OPAL administrator PIN (passphrase) allows unlocking
+all configured locking ranges without LUKS keyslot decryption
+(without knowledge of LUKS passphrase).
+Because of many observed problems with compatibility, cryptsetup
+currently DOES NOT use OPAL single-user mode, which would allow such
+decoupling of OPAL admin PIN access.

docs/v2.7.3-ReleaseNotes

@@ -0,0 +1,114 @@
+Cryptsetup 2.7.3 Release Notes
+==============================
+Stable bug-fix release with security fixes.
+
+All users of cryptsetup 2.7 must upgrade to this version.
+
+Changes since version 2.7.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Do not allow formatting LUKS2 with Opal SED (hardware encryption)
+  if the reported logical sector size for the block device and Opal
+  encryption logical block differs.
+
+  Such a configuration can lead to a partially encrypted Opal locking
+  range or data destruction following the expected locking range.
+
+  Some NVMe drives support multiple LBAF profiles (typically supporting
+  512-byte and 4096-byte sector size). Some broken Opal NVMe firmware can
+  report bogus encryption size that disagrees with real used sector size.
+  This usually happens after low-level NVMe reformatting (LBAF profile
+  change with nvme utility) to different sector size.
+  Moreover, some firmware versions do not properly reset this even after
+  explicit PSID revert.
+
+  Cryptsetup calculates the Opal locking range using the reported block
+  size in Opal geometry ioctl.  Unfortunately, the broken firmware drive
+  internally uses the logical block size of the block device, which can
+  differ. This can lead to two possible situations:
+
+  - Opal reports a smaller block size (512-byte) while the drive uses
+  a 4096-byte sector. The configured locking range is then much larger,
+  destroying data following the expected locking range setting.
+
+  - Opal reports a larger block size (4096-byte) while the drive uses
+  a 512-byte sector. The configured locking range is then much smaller,
+  leaving the remaining space in the locking range unencrypted (violating
+  the confidentiality of data).
+
+  Cryptsetup now detects this discrepancy and disallows LUKS2 format with
+  Opal hardware encryption in such a case.
+
+  For already formatted devices, you will see this warning:
+    "Bogus OPAL logical block size differs from device block size."
+
+  If you also used software encryption (dm-crypt over Opal), data will
+  still be fully encrypted with software dm-crypt.
+  With hw-only encryption,  your configuration is probably already broken
+  (insecure or accessing data beyond the assigned area).
+
+  Note that this is caused by bad firmware (seen with multiple vendors),
+  and the problem was reported, at least for drives we have access to.
+
+* Fixes to wiping LUKS2 headers after Opal locking area erase.
+
+  As the hardware locking range is destroyed (cryptsetup erase command),
+  the LUKS2 header is no longer usable and was partially wiped.
+  Now the code fully wipes also the secondary header, as the previous
+  code wiped only the primary LUKS area.
+
+  Note that this is an exception, as the normal erase command wipes only
+  the keyslots, keeping the LUKS2 header in place.  With Opal encryption,
+  the data segment is no longer valid, so the whole LUKS2 header is no
+  longer usable.
+
+* Mention the need for possible PSID revert before Opal format for some
+  drives (man page).
+
+* Fix Bitlocker-compatible code to ignore newly seen metadata entries.
+
+  Recent Windows OS versions started to include new (undocumented)
+  metadata entries in Bitlocker. These entries are now quietly ignored,
+  allowing Bitlocker images to open with cryptsetup again.
+
+* Fix interactive query retry if LUKS2 unbound keyslot is present.
+
+  If an unbound keyslot is present, the password query retry count is
+  now properly applied.
+
+* Detect unsupported zoned devices for LUKS header devices.
+
+  Zoned devices cannot be written with direct-io and used for LUKS header
+  logic in general. Code now rejects placing the LUKS header on a zoned
+  device, while you can still create a detached header and use a zoned
+  device for encrypted data.
+
+* Allow "capi" cipher format for benchmark command and fix parsing
+  of plain IV in "capi" format.
+
+  Some ciphers can be specified only in Linux kernel crypto notation
+  (in short, "capi"). Code now allows this format also for benchmark,
+  for example, "benchmark -c capi:xts\(aes\)-plain64"
+  (that is equivalent to -c aes-xts-plain64).
+
+* Add support for HCTR2 encryption mode.
+
+  The HCTR2 encryption mode was added to the Linux kernel for fscrypt,
+  but as it is a length-preserving mode (with sector tweak), it can be
+  easily used for disk encryption, too.
+  The mode has the same property as wide modes (any change is propagated
+  to the whole sector instead of only one block as in XTS mode).
+
+  As it needs a larger initialization vector (32 bytes), we need to add
+  an exception in the userspace format code.
+  You can now use --cipher aes-hctr2-plain64 for the format operation.
+
+* Source code now uses SPDX license identifiers instead of full
+  license preambles.
+
+* Fix missing includes for cryptographic backend that could cause
+  compilation errors for some systems.
+
+* Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2.
+
+* Fix various (mostly false positive) issues detected by Coverity.

lib/bitlk/bitlk.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * BITLK (BitLocker-compatible) volume handling
  *
  * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2019-2024 Milan Broz
  * Copyright (C) 2019-2024 Vojtech Trefny
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>
@@ -324,6 +311,9 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
 		/* unknown timestamps in recovery protected VMK */
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) {
 			;
+		/* optional hint (?) string (masked email?), we can safely ignore it */
+		} else if (key_entry_value == BITLK_ENTRY_VALUE_HINT) {
+			;
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) {
 			if (key_entry_size < BITLK_ENTRY_HEADER_LEN)
 				return -EINVAL;
@@ -353,6 +343,9 @@ static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, in
 		/* no idea what this is, lets hope it's not important */
 		} else if (key_entry_value == BITLK_ENTRY_VALUE_USE_KEY && (*vmk)->protection == BITLK_PROTECTION_STARTUP_KEY) {
 			;
+		/* quietly ignore unsupported TPM key */
+		} else if (key_entry_value == BITLK_ENTRY_VALUE_TPM_KEY && (*vmk)->protection == BITLK_PROTECTION_TPM) {
+			;
 		} else {
 			if (supported) {
 				log_err(cd, _("Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."), key_entry_value);

lib/bitlk/bitlk.h

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * BITLK (BitLocker-compatible) header definition
  *
  * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2019-2024 Milan Broz
  * Copyright (C) 2019-2024 Vojtech Trefny
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_BITLK_H
@@ -78,6 +65,7 @@ typedef enum {
 	BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f,
 	BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015,
 	BITLK_ENTRY_VALUE_GUID = 0x0017,
+	BITLK_ENTRY_VALUE_HINT = 0x0018,
 } BITLKFVEEntryValue;
 
 struct bitlk_vmk {

lib/crypt_plain.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * cryptsetup plain device helper functions
  *
  * Copyright (C) 2004 Jana Saout <jana@saout.de>
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>

lib/crypto_backend/argon2_generic.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Argon2 PBKDF2 library wrapper
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/crypto_backend/base64.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Base64 "Not encryption" helpers, copied and adapted from systemd project.
  *
@@ -5,20 +6,6 @@
  *
  * cryptsetup related changes
  * Copyright (C) 2021-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/crypto_backend/cipher_check.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Cipher performance check
  *
  * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2018-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/crypto_backend/cipher_generic.c

@@ -1,27 +1,13 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Linux kernel cipher generic utilities
  *
  * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2018-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <string.h>
-#include <stdbool.h>
 #include <errno.h>
+#include <strings.h>
 #include "crypto_backend.h"
 
 struct cipher_alg {
@@ -76,6 +62,9 @@ int crypt_cipher_ivsize(const char *name, const char *mode)
 	if (!ca)
 		return -EINVAL;
 
+	if (mode && !strcasecmp(mode, "hctr2"))
+		return 32;
+
 	if (mode && !strcasecmp(mode, "ecb"))
 		return 0;
 

lib/crypto_backend/crc32.c

@@ -38,8 +38,6 @@
  *
  */
 
-#include <stdio.h>
-
 #include "crypto_backend.h"
 
 static const uint32_t crc32_tab[] = {

lib/crypto_backend/crypto_backend.h

@@ -1,23 +1,11 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+
 #ifndef _CRYPTO_BACKEND_H
 #define _CRYPTO_BACKEND_H
 

lib/crypto_backend/crypto_backend_internal.h

@@ -1,23 +1,11 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+
 #ifndef _CRYPTO_BACKEND_INTERNAL_H
 #define _CRYPTO_BACKEND_INTERNAL_H
 

lib/crypto_backend/crypto_cipher_kernel.c

@@ -1,28 +1,13 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
-#include <stdbool.h>
 #include <errno.h>
 #include <unistd.h>
 #include <sys/socket.h>
@@ -101,9 +86,13 @@ int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
 	if (!strcmp(name, "cipher_null"))
 		key_length = 0;
 
-	r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
-	if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
-		return -EINVAL;
+	if (!strncmp(name, "capi:", 5))
+		strncpy((char *)sa.salg_name, &name[5], sizeof(sa.salg_name) - 1);
+	else {
+		r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
+		if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
+			return -EINVAL;
+	}
 
 	return _crypt_cipher_init(ctx, key, key_length, 0, &sa);
 }

lib/crypto_backend/crypto_gcrypt.c

@@ -1,27 +1,14 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * GCRYPT crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <string.h>
 #include <stdio.h>
 #include <errno.h>
+#include <strings.h>
 #include <gcrypt.h>
 #include <pthread.h>
 #include "crypto_backend_internal.h"

lib/crypto_backend/crypto_kernel.c

@@ -1,25 +1,11 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Linux kernel userspace API crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <errno.h>

lib/crypto_backend/crypto_nettle.c

@@ -1,26 +1,12 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Nettle crypto backend implementation
  *
  * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2011-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>
-#include <string.h>
 #include <errno.h>
 #include <nettle/sha.h>
 #include <nettle/sha3.h>

lib/crypto_backend/crypto_nss.c

@@ -1,25 +1,12 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * NSS crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <string.h>
+#include <stdio.h>
 #include <errno.h>
 #include <nss.h>
 #include <pk11pub.h>

lib/crypto_backend/crypto_openssl.c

@@ -1,36 +1,15 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception
 /*
  * OPENSSL crypto backend implementation
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * In addition, as a special exception, the copyright holders give
- * permission to link the code of portions of this program with the
- * OpenSSL library under certain conditions as described in each
- * individual source file, and distribute linked combinations
- * including the two.
- *
- * You must obey the GNU Lesser General Public License in all respects
- * for all of the code used other than OpenSSL.
  */
 
-#include <string.h>
+#include <stdio.h>
 #include <errno.h>
 #include <limits.h>
+#include <strings.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>

lib/crypto_backend/crypto_storage.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Generic wrapper for storage encryption modes and Initial Vectors
  * (reimplementation of some functions from Linux dm-crypt kernel)
  *
  * Copyright (C) 2014-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>
@@ -261,7 +248,7 @@ int crypt_storage_init(struct crypt_storage **ctx,
 	}
 
 	s->sector_size = sector_size;
-	s->iv_shift = large_iv ? int_log2(sector_size) - SECTOR_SHIFT : 0;
+	s->iv_shift = large_iv ? (unsigned)int_log2(sector_size) - SECTOR_SHIFT : 0;
 
 	*ctx = s;
 	return 0;

lib/crypto_backend/pbkdf2_generic.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Implementation of Password-Based Cryptography as per PKCS#5
  * Copyright (C) 2002,2003 Simon Josefsson
@@ -6,21 +7,6 @@
  * cryptsetup related changes
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
  */
 
 #include <errno.h>

lib/crypto_backend/pbkdf_check.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * PBKDF performance check
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
  * Copyright (C) 2016-2020 Ondrej Mosnacek
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/crypto_backend/utf8.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * UTF8/16 helpers, copied and adapted from systemd project.
  *
@@ -12,20 +13,6 @@
  *
  * Copyright (C) 1999 Tom Tromey
  * Copyright (C) 2000 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */
 
 #include <errno.h>
@@ -230,6 +217,7 @@ static size_t utf16_encode_unichar(char16_t *out, char32_t c)
 		return 1;
 
 	case 0x10000U ... 0x10ffffU:
+		/* coverity[overflow_const:FALSE] */
 		c -= 0x10000U;
 		out[0] = htole16((c >> 10) + 0xd800U);
 		out[1] = htole16((c & 0x3ffU) + 0xdc00U);

lib/fvault2/fvault2.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * FVAULT2 (FileVault2-compatible) volume handling
  *
  * Copyright (C) 2021-2022 Pavel Tobias
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/fvault2/fvault2.h

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * FVAULT2 (FileVault2-compatible) volume handling
  *
  * Copyright (C) 2021-2022 Pavel Tobias
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_FVAULT2_H

lib/integrity/integrity.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Integrity volume handling
  *
  * Copyright (C) 2016-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/integrity/integrity.h

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Integrity header definition
  *
  * Copyright (C) 2016-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_INTEGRITY_H

lib/internal.h

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * libcryptsetup - cryptsetup library internal
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef INTERNAL_H
@@ -116,6 +103,7 @@ void device_disable_direct_io(struct device *device);
 int device_is_identical(struct device *device1, struct device *device2);
 int device_is_rotational(struct device *device);
 int device_is_dax(struct device *device);
+int device_is_zoned(struct device *device);
 size_t device_alignment(struct device *device);
 int device_direct_io(const struct device *device);
 int device_fallocate(struct device *device, uint64_t size);
@@ -166,6 +154,7 @@ int crypt_confirm(struct crypt_device *cd, const char *msg);
 char *crypt_lookup_dev(const char *dev_id);
 int crypt_dev_is_rotational(int major, int minor);
 int crypt_dev_is_dax(int major, int minor);
+int crypt_dev_is_zoned(int major, int minor);
 int crypt_dev_is_partition(const char *dev_path);
 char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t size);
 int crypt_dev_get_partition_number(const char *dev_path);
@@ -266,6 +255,8 @@ static inline void *crypt_zalloc(size_t size) { return calloc(1, size); }
 static inline bool uint64_mult_overflow(uint64_t *u, uint64_t b, size_t size)
 {
 	*u = (uint64_t)b * size;
+	if (size == 0)
+		return true;
 	if ((uint64_t)(*u / size) != b)
 		return true;
 	return false;

lib/keyslot_context.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup, keyslot unlock helpers
  *
  * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2022-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/keyslot_context.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup, keyslot unlock helpers
  *
  * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2022-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef KEYSLOT_CONTEXT_H

lib/libcryptsetup.h

@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 /*
  * libcryptsetup - cryptsetup library
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 /**

lib/libcryptsetup_macros.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Definitions of common constant and generic macros of libcryptsetup
  *
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _LIBCRYPTSETUP_MACROS_H

lib/libcryptsetup_symver.h

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Helpers for defining versioned symbols
  *
  * Copyright (C) 2021-2024 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _LIBCRYPTSETUP_SYMVER_H

lib/libdevmapper.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * libdevmapper - device-mapper backend for cryptsetup
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>

lib/loopaes/loopaes.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * loop-AES compatible volume handling
  *
  * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2011-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/loopaes/loopaes.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * loop-AES compatible volume handling
  *
  * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2011-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _LOOPAES_H

lib/luks1/af.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * AFsplitter - Anti forensic information splitter
  *
@@ -6,20 +7,6 @@
  *
  * AFsplitter diffuses information over a large stripe of data,
  * therefore supporting secure data destruction.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stddef.h>

lib/luks1/af.h

@@ -1,26 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * AFsplitter - Anti forensic information splitter
  *
  * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
- *
- * AFsplitter diffuses information over a large stripe of data,
- * therefore supporting secure data destruction.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+
 #ifndef INCLUDED_CRYPTSETUP_LUKS_AF_H
 #define INCLUDED_CRYPTSETUP_LUKS_AF_H
 

lib/luks1/keyencryption.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>

lib/luks1/keymanage.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2013-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <sys/types.h>

lib/luks1/luks.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup
  *
  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H

lib/luks2/hw_opal/hw_opal.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * OPAL utilities
  *
  * Copyright (C) 2022-2023 Luca Boccassi <bluca@debian.org>
  *               2023 Ondrej Kozina <okozina@redhat.com>
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>
@@ -41,6 +28,7 @@
 #if HAVE_HW_OPAL
 
 #include <linux/sed-opal.h>
+#include <linux/fs.h>
 
 /* Error codes are defined in the specification:
  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
@@ -290,6 +278,7 @@ static int opal_range_check_attributes_fd(struct crypt_device *cd,
 {
 	int r;
 	struct opal_lr_status *lrs;
+	int device_block_bytes;
 	uint32_t opal_block_bytes = 0;
 	uint64_t offset, length;
 	bool read_locked, write_locked;
@@ -297,12 +286,17 @@ static int opal_range_check_attributes_fd(struct crypt_device *cd,
 	assert(fd >= 0);
 	assert(cd);
 	assert(vk);
+	assert(check_offset_sectors);
+	assert(check_length_sectors);
 
-	if (check_offset_sectors || check_length_sectors) {
-		r = opal_geometry_fd(cd, fd, NULL, &opal_block_bytes, NULL, NULL);
-		if (r != OPAL_STATUS_SUCCESS)
-			return -EINVAL;
-	}
+	r = opal_geometry_fd(cd, fd, NULL, &opal_block_bytes, NULL, NULL);
+	if (r != OPAL_STATUS_SUCCESS)
+		return -EINVAL;
+
+	/* Keep this as warning only */
+	if (ioctl(fd, BLKSSZGET, &device_block_bytes) < 0 ||
+	    (uint32_t)device_block_bytes != opal_block_bytes)
+		log_err(cd, _("Bogus OPAL logical block size differs from device block size."));
 
 	lrs = crypt_safe_alloc(sizeof(*lrs));
 	if (!lrs)
@@ -329,22 +323,18 @@ static int opal_range_check_attributes_fd(struct crypt_device *cd,
 
 	r = 0;
 
-	if (check_offset_sectors) {
-		offset = lrs->range_start * opal_block_bytes / SECTOR_SIZE;
-		if (offset != *check_offset_sectors) {
-			log_err(cd, _("OPAL range %d offset %" PRIu64 " does not match expected values %" PRIu64 "."),
-				segment_number, offset, *check_offset_sectors);
-			r = -EINVAL;
-		}
+	offset = lrs->range_start * opal_block_bytes / SECTOR_SIZE;
+	if (offset != *check_offset_sectors) {
+		log_err(cd, _("OPAL range %d offset %" PRIu64 " does not match expected values %" PRIu64 "."),
+			segment_number, offset, *check_offset_sectors);
+		r = -EINVAL;
 	}
 
-	if (check_length_sectors) {
-		length = lrs->range_length * opal_block_bytes / SECTOR_SIZE;
-		if (length != *check_length_sectors) {
-			log_err(cd, _("OPAL range %d length %" PRIu64" does not match device length %" PRIu64 "."),
-				segment_number, length, *check_length_sectors);
-			r = -EINVAL;
-		}
+	length = lrs->range_length * opal_block_bytes / SECTOR_SIZE;
+	if (length != *check_length_sectors) {
+		log_err(cd, _("OPAL range %d length %" PRIu64" does not match device length %" PRIu64 "."),
+			segment_number, length, *check_length_sectors);
+		r = -EINVAL;
 	}
 
 	if (!lrs->RLE || !lrs->WLE) {
@@ -405,8 +395,9 @@ static int opal_enabled(struct crypt_device *cd, struct device *dev)
 int opal_setup_ranges(struct crypt_device *cd,
 		      struct device *dev,
 		      const struct volume_key *vk,
-		      uint64_t range_start,
-		      uint64_t range_length,
+		      uint64_t range_start_blocks,
+		      uint64_t range_length_blocks,
+		      uint32_t opal_block_bytes,
 		      uint32_t segment_number,
 		      const void *admin_key,
 		      size_t admin_key_len)
@@ -423,10 +414,15 @@ int opal_setup_ranges(struct crypt_device *cd,
 	assert(vk);
 	assert(admin_key);
 	assert(vk->keylength <= OPAL_KEY_MAX);
+	assert(opal_block_bytes >= SECTOR_SIZE);
 
 	if (admin_key_len > OPAL_KEY_MAX)
 		return -EINVAL;
 
+	if (((UINT64_MAX / opal_block_bytes) < range_start_blocks) ||
+	    ((UINT64_MAX / opal_block_bytes) < range_length_blocks))
+		return -EINVAL;
+
 	fd = device_open(cd, dev, O_RDONLY);
 	if (fd < 0)
 		return -EIO;
@@ -604,8 +600,8 @@ int opal_setup_ranges(struct crypt_device *cd,
 		goto out;
 	}
 	*setup = (struct opal_user_lr_setup) {
-		.range_start = range_start,
-		.range_length = range_length,
+		.range_start = range_start_blocks,
+		.range_length = range_length_blocks,
 		/* Some drives do not enable Locking Ranges on setup. This have some
 		 * interesting consequences: Lock command called later below will pass,
 		 * but locking range will _not_ be locked at all.
@@ -658,9 +654,10 @@ int opal_setup_ranges(struct crypt_device *cd,
 	}
 
 	/* Double check the locking range is locked and the ranges are set up as configured */
-	r = opal_range_check_attributes_fd(cd, fd, segment_number, vk, &range_start,
-					   &range_length, &(bool) {true}, &(bool){true},
-					   NULL, NULL);
+	r = opal_range_check_attributes_fd(cd, fd, segment_number, vk,
+					   &(uint64_t) {range_start_blocks * opal_block_bytes / SECTOR_SIZE},
+					   &(uint64_t) {range_length_blocks * opal_block_bytes / SECTOR_SIZE},
+					   &(bool) {true}, &(bool){true}, NULL, NULL);
 out:
 	crypt_safe_free(activate);
 	crypt_safe_free(user_session);
@@ -1011,8 +1008,9 @@ void opal_exclusive_unlock(struct crypt_device *cd, struct crypt_lock_handle *op
 int opal_setup_ranges(struct crypt_device *cd,
 		      struct device *dev,
 		      const struct volume_key *vk,
-		      uint64_t range_start,
-		      uint64_t range_length,
+		      uint64_t range_start_blocks,
+		      uint64_t range_length_blocks,
+		      uint32_t opal_block_bytes,
 		      uint32_t segment_number,
 		      const void *admin_key,
 		      size_t admin_key_len)

lib/luks2/hw_opal/hw_opal.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * OPAL utilities
  *
  * Copyright (C) 2022-2023 Luca Boccassi <bluca@debian.org>
  *               2023 Ondrej Kozina <okozina@redhat.com>
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_OPAL
@@ -29,8 +16,9 @@ struct crypt_lock_handle;
 int opal_setup_ranges(struct crypt_device *cd,
 		      struct device *dev,
 		      const struct volume_key *vk,
-		      uint64_t range_start,
-		      uint64_t range_length,
+		      uint64_t range_start_blocks,
+		      uint64_t range_length_blocks,
+		      uint32_t opal_block_bytes,
 		      uint32_t segment_number,
 		      const void *admin_key,
 		      size_t admin_key_len);

lib/luks2/luks2.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_LUKS2_ONDISK_H
@@ -158,6 +145,8 @@ struct luks2_keyslot_params {
 
 #define LUKS2_HDR_OFFSET_MAX 0x400000 /* 4 MiB */
 
+#define LUKS2_HDR_MAX_MDA_SIZE 2 * LUKS2_HDR_OFFSET_MAX + LUKS2_MAX_KEYSLOTS_SIZE
+
 /* Offsets for secondary header (for scan if primary header is corrupted). */
 #define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \
                              0x40000, 0x080000, 0x100000, 0x200000, LUKS2_HDR_OFFSET_MAX }
@@ -402,7 +391,7 @@ int LUKS2_check_metadata_area_size(uint64_t metadata_size);
 int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
 
 int LUKS2_wipe_header_areas(struct crypt_device *cd,
-	struct luks2_hdr *hdr, bool detached_header);
+	struct luks2_hdr *hdr);
 
 uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
 int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);

lib/luks2/luks2_digest.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, digest handling
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_digest_pbkdf2.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible)
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_disk_metadata.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_internal.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_LUKS2_INTERNAL_H

lib/luks2/luks2_json_format.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS2 header format code
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"
@@ -326,40 +313,43 @@ err:
 }
 
 int LUKS2_wipe_header_areas(struct crypt_device *cd,
-	struct luks2_hdr *hdr, bool detached_header)
+	struct luks2_hdr *hdr)
 {
 	int r;
-	uint64_t offset, length;
-	size_t wipe_block;
+	uint64_t device_size_bytes, length, offset;
+	size_t wipe_block = 1024 * 1024;
 
-	/* Wipe complete header, keyslots and padding areas with zeroes. */
-	offset = 0;
-	length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE;
-	wipe_block = 1024 * 1024;
-
-	if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
+	if (!hdr || LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
 		return -EINVAL;
 
-	/* On detached header wipe at least the first 4k */
-	if (detached_header) {
-		length = 4096;
-		wipe_block = 4096;
-	}
+	r = device_size(crypt_metadata_device(cd), &device_size_bytes);
+	if (r < 0)
+		return -EINVAL;
 
-	r = device_check_size(cd, crypt_metadata_device(cd), length, 1);
-	if (r)
-		return r;
+	/* Wipe up to maximal allowed metadata size, but do not write beyond data offset. */
+	length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE;
+	if (!length || length > LUKS2_HDR_MAX_MDA_SIZE)
+		length = LUKS2_HDR_MAX_MDA_SIZE;
+
+	/* Also do not extend the device size yet (file backends) */
+	if (length > device_size_bytes)
+		length = device_size_bytes;
 
 	log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
-		offset, length + offset);
+		0ULL, length);
 
-	r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO,
-			      offset, length, wipe_block, NULL, NULL);
+	r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
+			      length, wipe_block, NULL, NULL);
 	if (r < 0)
 		return r;
 
+	/* Allocate at least actual LUKS2 metadata size */
+	r = device_check_size(cd, crypt_metadata_device(cd),
+			      LUKS2_hdr_and_areas_size(hdr), 1);
+	if (r)
+		return r;
+
 	/* Wipe keyslot area */
-	wipe_block = 1024 * 1024;
 	offset = get_min_offset(hdr);
 	length = LUKS2_keyslots_size(hdr);
 

lib/luks2/luks2_json_metadata.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
  * Copyright (C) 2015-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_keyslot.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, keyslot handling
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"
@@ -428,11 +415,13 @@ static int LUKS2_keyslot_open_priority_digest(struct crypt_device *cd,
 {
 	json_object *jobj_keyslots, *jobj;
 	crypt_keyslot_priority slot_priority;
-	int keyslot, r = -ENOENT;
+	int keyslot, r = -ENOENT, r_old;
 
 	json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots);
 
 	json_object_object_foreach(jobj_keyslots, slot, val) {
+		r_old = r;
+
 		if (!json_object_object_get_ex(val, "priority", &jobj))
 			slot_priority = CRYPT_SLOT_PRIORITY_NORMAL;
 		else
@@ -451,6 +440,9 @@ static int LUKS2_keyslot_open_priority_digest(struct crypt_device *cd,
 		   former meaning password wrong, latter key slot unusable for segment */
 		if ((r != -EPERM) && (r != -ENOENT))
 			break;
+		/* If a previous keyslot failed with EPERM (bad password) prefer it */
+		if (r_old == -EPERM && r == -ENOENT)
+			r = -EPERM;
 	}
 
 	return r;
@@ -466,11 +458,13 @@ static int LUKS2_keyslot_open_priority(struct crypt_device *cd,
 {
 	json_object *jobj_keyslots, *jobj;
 	crypt_keyslot_priority slot_priority;
-	int keyslot, r = -ENOENT;
+	int keyslot, r = -ENOENT, r_old;
 
 	json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots);
 
 	json_object_object_foreach(jobj_keyslots, slot, val) {
+		r_old = r;
+
 		if (!json_object_object_get_ex(val, "priority", &jobj))
 			slot_priority = CRYPT_SLOT_PRIORITY_NORMAL;
 		else
@@ -489,6 +483,9 @@ static int LUKS2_keyslot_open_priority(struct crypt_device *cd,
 		   former meaning password wrong, latter key slot unusable for segment */
 		if ((r != -EPERM) && (r != -ENOENT))
 			break;
+		/* If a previous keyslot failed with EPERM (bad password) prefer it */
+		if (r_old == -EPERM && r == -ENOENT)
+			r = -EPERM;
 	}
 
 	return r;

lib/luks2/luks2_keyslot_luks2.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <limits.h>

lib/luks2/luks2_keyslot_reenc.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption keyslot handler
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_luks1_convert.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Ondrej Kozina
  * Copyright (C) 2015-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"
@@ -621,6 +608,10 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 	if (max_size < required_size)
 		max_size = required_size;
 
+	/* fix coverity false positive integer underflow */
+	if (max_size < 2 * LUKS2_HDR_16K_LEN)
+		return -EINVAL;
+
 	r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN);
 	if (r < 0)
 		return r;

lib/luks2/luks2_reencrypt.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption helpers
  *
  * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2015-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_reencrypt_digest.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, reencryption digest helpers
  *
  * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2022-2024 Ondrej Kozina
  * Copyright (C) 2022-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_segment.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, internal segment handling
  *
  * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2018-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/luks2/luks2_token.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, token handling
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <ctype.h>

lib/luks2/luks2_token_keyring.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * LUKS - Linux Unified Key Setup v2, kernel keyring token
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include "luks2_internal.h"

lib/random.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * cryptsetup kernel RNG access functions
  *
  * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/setup.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * libcryptsetup - cryptsetup library
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>
@@ -1790,6 +1777,12 @@ static int _crypt_format_luks1(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
+	if (device_is_zoned(crypt_metadata_device(cd)) > 0) {
+		log_err(cd, _("Zoned device %s cannot be used for LUKS header."),
+			device_path(crypt_metadata_device(cd)));
+		return -EINVAL;
+	}
+
 	if (params && cd->data_offset && params->data_alignment &&
 	   (cd->data_offset % params->data_alignment)) {
 		log_err(cd, _("Requested data alignment is not compatible with data offset."));
@@ -2027,6 +2020,12 @@ static int _crypt_format_luks2(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
+	if (device_is_zoned(crypt_metadata_device(cd)) > 0) {
+		log_err(cd, _("Zoned device %s cannot be used for LUKS header."),
+			device_path(crypt_metadata_device(cd)));
+		return -EINVAL;
+	}
+
 	if (params && cd->data_offset && params->data_alignment &&
 	   (cd->data_offset % params->data_alignment)) {
 		log_err(cd, _("Requested data alignment is not compatible with data offset."));
@@ -2140,7 +2139,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
 
 	device_set_block_size(crypt_data_device(cd), sector_size);
 
-	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
+	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr);
 	if (r < 0) {
 		log_err(cd, _("Cannot wipe header on device %s."),
 			mdata_device_path(cd));
@@ -2220,7 +2219,7 @@ static int opal_topology_alignment(struct crypt_device *cd,
 {
 	bool opal_align;
 	int r;
-	uint32_t opal_block_bytes;
+	uint32_t opal_block_bytes, device_block_bytes;
 	uint64_t opal_alignment_granularity_blocks, opal_lowest_lba_blocks;
 
 	assert(cd);
@@ -2236,15 +2235,23 @@ static int opal_topology_alignment(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
-	log_dbg(cd, "OPAL geometry: alignment: '%c', logical block size: %" PRIu32
+	device_block_bytes = device_block_size(cd, crypt_data_device(cd));
+
+	log_dbg(cd, "OPAL geometry: alignment: '%c', logical block size: %" PRIu32 "/%" PRIu32
 		    ", alignment granularity: %" PRIu64 ", lowest aligned LBA: %" PRIu64,
-	        opal_align ? 'y' : 'n', opal_block_bytes, opal_alignment_granularity_blocks, opal_lowest_lba_blocks);
+		    opal_align ? 'y' : 'n', opal_block_bytes, device_block_bytes,
+		    opal_alignment_granularity_blocks, opal_lowest_lba_blocks);
 
 	if (opal_block_bytes < SECTOR_SIZE || NOTPOW2(opal_block_bytes)) {
 		log_err(cd, _("Bogus OPAL logical block size."));
 		return -EINVAL;
 	}
 
+	if (device_block_bytes != opal_block_bytes) {
+		log_err(cd, _("Bogus OPAL logical block size differs from device block size."));
+		return -EINVAL;
+	}
+
 	if (data_offset_sectors &&
 	    MISALIGNED(data_offset_sectors + partition_offset_sectors, opal_block_bytes / SECTOR_SIZE)) {
 		log_err(cd, _("Requested data offset is not compatible with OPAL block size."));
@@ -2496,7 +2503,7 @@ int crypt_format_luks2_opal(struct crypt_device *cd,
 			(device_size_bytes - range_size_bytes) / SECTOR_SIZE);
 
 	if (cipher) {
-		r = LUKS2_check_encryption_sector(cd, device_size_bytes, data_offset_bytes, sector_size,
+		r = LUKS2_check_encryption_sector(cd, range_size_bytes, data_offset_bytes, sector_size,
 						  sector_size_autodetect, integrity == NULL,
 						  &sector_size);
 		if (r < 0)
@@ -2517,7 +2524,7 @@ int crypt_format_luks2_opal(struct crypt_device *cd,
 			       sector_size,
 			       data_offset_bytes,
 			       metadata_size_bytes, keyslots_size_bytes,
-			       device_size_bytes,
+			       range_size_bytes,
 			       opal_segment_number,
 			       opal_params->user_key_size);
 	if (r < 0)
@@ -2537,7 +2544,7 @@ int crypt_format_luks2_opal(struct crypt_device *cd,
 
 	device_set_block_size(crypt_data_device(cd), sector_size);
 
-	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
+	r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr);
 	if (r < 0) {
 		log_err(cd, _("Cannot wipe header on device %s."),
 			mdata_device_path(cd));
@@ -2556,7 +2563,8 @@ int crypt_format_luks2_opal(struct crypt_device *cd,
 
 	r = opal_setup_ranges(cd, crypt_data_device(cd), user_key ?: cd->volume_key,
 					range_offset_blocks, range_size_bytes / opal_block_bytes,
-					opal_segment_number, opal_params->admin_key, opal_params->admin_key_size);
+					opal_block_bytes, opal_segment_number,
+					opal_params->admin_key, opal_params->admin_key_size);
 	if (r < 0) {
 		if (r == -EPERM)
 			log_err(cd, _("Incorrect OPAL Admin key."));
@@ -5327,7 +5335,8 @@ static int _activate_luks2_by_volume_key(struct crypt_device *cd,
 		}
 		r = _open_and_activate_reencrypt_device_by_vk(cd, &cd->u.luks2.hdr, name, vk, flags);
 	} else {
-		assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT));
+		/* hw-opal data segment type does not require volume key for activation */
+		assert(!vk || crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT));
 		r = LUKS2_activate(cd, name, vk, external_key, flags);
 	}
 

lib/tcrypt/tcrypt.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
  *
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>
@@ -1070,7 +1057,7 @@ uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
 			      struct tcrypt_phdr *hdr,
 			      struct crypt_params_tcrypt *params)
 {
-	uint64_t iv_offset;
+	uint64_t iv_offset, partition_offset;
 
 	if (params->mode && !strncmp(params->mode, "xts", 3))
 		iv_offset = TCRYPT_get_data_offset(cd, hdr, params);
@@ -1079,8 +1066,14 @@ uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
 	else
 		iv_offset = hdr->d.mk_offset / SECTOR_SIZE;
 
-	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
-		iv_offset += crypt_dev_partition_offset(device_path(crypt_data_device(cd)));
+	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
+		partition_offset = crypt_dev_partition_offset(device_path(crypt_data_device(cd)));
+		/* FIXME: we need to deal with overflow sooner */
+		if (iv_offset > (UINT64_MAX - partition_offset))
+			iv_offset = UINT64_MAX;
+		else
+			iv_offset += partition_offset;
+	}
 
 	return iv_offset;
 }

lib/tcrypt/tcrypt.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * TCRYPT (TrueCrypt-compatible)  header definition
  *
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_TCRYPT_H

lib/utils.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils - miscellaneous device utilities for cryptsetup
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdio.h>

lib/utils_benchmark.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * libcryptsetup - cryptsetup library, cipher benchmark
  *
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/utils_blkid.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * blkid probe utilities
  *
  * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/utils_blkid.h

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * blkid probe utilities
  *
  * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_BLKID_H

lib/utils_crypt.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>
@@ -41,15 +28,17 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
 		   cipher, cipher_mode) == 2) {
-		if (!strcmp(cipher_mode, "plain"))
-			strcpy(cipher_mode, "cbc-plain");
 		if (!strncmp(cipher, "capi:", 5)) {
 			/* CAPI must not use internal cipher driver names with dash */
 			if (strchr(cipher_mode, ')'))
 				return -EINVAL;
 			if (key_nums)
 				*key_nums = 1;
-		} else if (key_nums) {
+			return 0;
+		}
+		if (!strcmp(cipher_mode, "plain"))
+			strcpy(cipher_mode, "cbc-plain");
+		if (key_nums) {
 			char *tmp = strchr(cipher, ':');
 			*key_nums = tmp ? atoi(++tmp) : 1;
 			if (!*key_nums)
@@ -69,7 +58,8 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 	}
 
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) {
-		strcpy(cipher_mode, "cbc-plain");
+		if (strncmp(cipher, "capi:", 5))
+			strcpy(cipher_mode, "cbc-plain");
 		if (key_nums)
 			*key_nums = 1;
 		return 0;

lib/utils_crypt.h

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils_crypt - cipher utilities for cryptsetup
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_CRYPT_H

lib/utils_device.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * device backend utilities
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>
@@ -1007,6 +994,22 @@ int device_is_dax(struct device *device)
 	return crypt_dev_is_dax(major(st.st_rdev), minor(st.st_rdev));
 }
 
+int device_is_zoned(struct device *device)
+{
+	struct stat st;
+
+	if (!device)
+		return -EINVAL;
+
+	if (stat(device_path(device), &st) < 0)
+		return -EINVAL;
+
+	if (!S_ISBLK(st.st_mode))
+		return 0;
+
+	return crypt_dev_is_zoned(major(st.st_rdev), minor(st.st_rdev));
+}
+
 size_t device_alignment(struct device *device)
 {
 	int devfd;

lib/utils_device_locking.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Metadata on-disk locking for processes serialization
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/utils_device_locking.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Metadata on-disk locking for processes serialization
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_UTILS_LOCKING_H

lib/utils_devpath.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * devname - search for device name
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>
@@ -210,6 +197,23 @@ static int _path_get_uint64(const char *sysfs_path, uint64_t *value, const char
 	return _read_uint64(path, value);
 }
 
+static int _sysfs_get_string(int major, int minor, char *buf, size_t buf_size, const char *attr)
+{
+	char path[PATH_MAX];
+	int fd, r;
+
+	if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d/%s",
+		     major, minor, attr) < 0)
+		return 0;
+
+	if ((fd = open(path, O_RDONLY)) < 0)
+		return 0;
+	r = read(fd, buf, buf_size);
+	close(fd);
+
+	return r < 0 ? 0 : r;
+}
+
 int crypt_dev_get_partition_number(const char *dev_path)
 {
 	uint64_t partno;
@@ -248,6 +252,16 @@ int crypt_dev_is_dax(int major, int minor)
 	return val ? 1 : 0;
 }
 
+int crypt_dev_is_zoned(int major, int minor)
+{
+	char buf[32] = {};
+
+	if (!_sysfs_get_string(major, minor, buf, sizeof(buf), "queue/zoned"))
+		return 0; /* if failed, expect non-zoned device */
+
+	return strncmp(buf, "none", 4) ? 1 : 0;
+}
+
 int crypt_dev_is_partition(const char *dev_path)
 {
 	uint64_t val;

lib/utils_dm.h

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * libdevmapper - device-mapper backend for cryptsetup
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_DM_H

lib/utils_io.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils - miscellaneous I/O utilities for cryptsetup
  *
@@ -5,23 +6,10 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>
+#include <limits.h>
 #include <string.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -32,10 +20,9 @@
 /* coverity[ -taint_source : arg-1 ] */
 static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit)
 {
-	size_t read_size = 0;
-	ssize_t r;
+	ssize_t r, read_size = 0;
 
-	if (fd < 0 || !buf)
+	if (fd < 0 || !buf || length > SSIZE_MAX)
 		return -EINVAL;
 
 	do {
@@ -43,12 +30,13 @@ static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit
 		if (r == -1 && errno != EINTR)
 			return r;
 		if (r > 0) {
-			read_size += (size_t)r;
+			/* coverity[overflow:FALSE] */
+			read_size += r;
 			buf = (uint8_t*)buf + r;
 		}
 		if (r == 0 || (quit && *quit))
-			return (ssize_t)read_size;
-	} while (read_size != length);
+			return read_size;
+	} while ((size_t)read_size != length);
 
 	return (ssize_t)length;
 }
@@ -65,25 +53,25 @@ ssize_t read_buffer_intr(int fd, void *buf, size_t length, volatile int *quit)
 
 static ssize_t _write_buffer(int fd, const void *buf, size_t length, volatile int *quit)
 {
-	size_t write_size = 0;
-	ssize_t w;
+	ssize_t w, write_size = 0;
 
-	if (fd < 0 || !buf || !length)
+	if (fd < 0 || !buf || !length || length > SSIZE_MAX)
 		return -EINVAL;
 
 	do {
-		w = write(fd, buf, length - write_size);
+		w = write(fd, buf, length - (size_t)write_size);
 		if (w < 0 && errno != EINTR)
 			return w;
 		if (w > 0) {
-			write_size += (size_t) w;
+			/* coverity[overflow:FALSE] */
+			write_size += w;
 			buf = (const uint8_t*)buf + w;
 		}
 		if (w == 0 || (quit && *quit))
-			return (ssize_t)write_size;
-	} while (write_size != length);
+			return write_size;
+	} while ((size_t)write_size != length);
 
-	return (ssize_t)write_size;
+	return write_size;
 }
 
 ssize_t write_buffer(int fd, const void *buf, size_t length)

lib/utils_io.h

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils - miscellaneous I/O utilities for cryptsetup
  *
@@ -5,20 +6,6 @@
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _CRYPTSETUP_UTILS_IO_H

lib/utils_keyring.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * kernel keyring utilities
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <assert.h>
@@ -158,7 +145,7 @@ static key_serial_t find_key_by_type_and_desc(const char *type, const char *desc
 	char *newline;
 	size_t buffer_len = 0;
 
-	int n;
+	ssize_t n;
 
 	do {
 		id = request_key(type, desc, NULL, 0);
@@ -171,7 +158,8 @@ static key_serial_t find_key_by_type_and_desc(const char *type, const char *desc
 		return 0;
 
 	while ((n = read(f, buf + buffer_len, sizeof(buf) - buffer_len - 1)) > 0) {
-		buffer_len += n;
+		/* coverity[overflow:FALSE] */
+		buffer_len += (size_t)n;
 		buf[buffer_len] = '\0';
 		newline = strchr(buf, '\n');
 		while (newline != NULL && buffer_len != 0) {

lib/utils_keyring.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * kernel keyring syscall wrappers
  *
  * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2016-2024 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_KEYRING

lib/utils_loop.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * loopback block device utilities
  *
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/utils_loop.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * loopback block device utilities
  *
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_LOOP_H

lib/utils_pbkdf.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils_pbkdf - PBKDF settings for libcryptsetup
  *
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/utils_safe_memory.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils_safe_memory - safe memory helpers
  *
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>

lib/utils_storage_wrappers.c

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Generic wrapper for storage functions
  * (experimental only)
  *
  * Copyright (C) 2018-2024 Ondrej Kozina
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>

lib/utils_storage_wrappers.h

@@ -1,22 +1,9 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Generic wrapper for storage functions
  * (experimental only)
  *
  * Copyright (C) 2018-2024 Ondrej Kozina
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _UTILS_STORAGE_WRAPPERS_H

lib/utils_wipe.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * utils_wipe - wipe a device
  *
  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2024 Milan Broz
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <stdlib.h>
@@ -379,5 +366,5 @@ int crypt_wipe_hw_opal(struct crypt_device *cd,
 	if (r < 0)
 		return r;
 
-	return LUKS2_wipe_header_areas(cd, hdr, crypt_header_is_detached(cd));
+	return LUKS2_wipe_header_areas(cd, hdr);
 }

lib/verity/rs.h

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Reed-Solomon codecs, based on libfec
  *
  * Copyright (C) 2004 Phil Karn, KA9Q
  * libcryptsetup modifications
  *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef _LIBFEC_RS_H

lib/verity/rs_decode_char.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Reed-Solomon decoder, based on libfec
  *
  * Copyright (C) 2002, Phil Karn, KA9Q
  * libcryptsetup modifications
  *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>

lib/verity/rs_encode_char.c

@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * Reed-Solomon encoder, based on libfec
  *
  * Copyright (C) 2002, Phil Karn, KA9Q
  * libcryptsetup modifications
  *   Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <string.h>

lib/verity/verity.c

@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
 /*
  * dm-verity volume handling
  *
  * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>