Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
3 days | tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+)HEADmastermain | Milan Broz | 3 | -0/+26 | |
For compatimage2 also add keyslot 1 that uses Argon2id PBKDF2 to keep check for compatibility on non-fips system. | |||||
3 days | tests: Use only PBKDF2 in luks2_keyslot_unassigned.img (FIPS with OpenSSL 3.2+) | Milan Broz | 1 | -0/+0 | |
3 days | tests: Fix redundant test number in compat-test2 | Milan Broz | 1 | -3/+3 | |
3 days | tests: Skip zoned test if kernel does not support it | Milan Broz | 1 | -10/+13 | |
Zoned block device support can be disabled (as in RHEL8), skip particular test if scsi_Debug does not create device. (Modprobe does not return any error code, just kernel message as parameter is actually supported, but block layer lack support for zoned device.) | |||||
3 days | tests: Remove leftover debug parameter. | Milan Broz | 1 | -1/+1 | |
6 days | Add tests for --key-description and --new-key-description. | Milan Broz | 1 | -0/+29 | |
6 days | Rename TOKEN to KEY_DESC to be used in different context later. | Milan Broz | 1 | -22/+22 | |
6 days | Add --key-description and --new-key-description for luksAddKey command. | Milan Broz | 3 | -52/+49 | |
6 days | Add --key-description for luksResume command. | Milan Broz | 3 | -8/+8 | |
6 days | Add --key-description for open command. | Milan Broz | 6 | -18/+23 | |
6 days | Add --key-description for resize command. | Milan Broz | 3 | -8/+9 | |
6 days | Add --key-description for luksFormat command. | Milan Broz | 3 | -8/+13 | |
6 days | Add --key-description for luksDump command. | Milan Broz | 3 | -7/+31 | |
6 days | Fix --key-description actions and define --new-key-description. | Milan Broz | 5 | -2/+16 | |
8 days | CI: make OPAL tests run at the end | Daniel Zatovic | 2 | -28/+2 | |
Once OPAL tests run, the whole pipeline gets marked as uninterruptible (because of the uninterruptible OPAL job). Therefore a duplicate pipeline gets started on e.g. MR change. Move OPAL jobs to test-opal stage which runs at the end. | |||||
8 days | Use crypt_wipe to zero rest of data device. | Ondrej Kozina | 1 | -40/+15 | |
8 days | Use proper write_buffer in LUKS1 reencryption code. | Ondrej Kozina | 1 | -17/+9 | |
The raw write() syscal may write less bytes than requested. We have write_buffer in utils_io.c that handles it properly. | |||||
8 days | Use proper read_buffer function from utils. | Ondrej Kozina | 1 | -31/+2 | |
Legacy LUKS1 reencryption used custom read buffer function. Use implementation from utils_io instead. | |||||
12 days | Detect unsupported zoned devices for LUKS header device. | Milan Broz | 5 | -0/+68 | |
Zoned device cannot be written with direct-io and cannot be used for LUKS header logic without significant changes. Do not allow to use them for LUKS header but allow it for data device, as dm-crypt supports it. Fixes: #877 | |||||
12 days | Use crypt_safe_memcpy for operations with key. | Milan Broz | 9 | -30/+30 | |
12 days | Add crypt_safe_memcpy to libcryptsetup.h. | Milan Broz | 3 | -0/+23 | |
12 days | Use crypt_backend_memcpy in crypt backend for sensitive data. | Milan Broz | 5 | -8/+8 | |
12 days | Use backend memory utils in safe memory functions. | Milan Broz | 1 | -14/+5 | |
12 days | Use zero_call_used_regs and noinline for backend memory utils and introduce ↵ | Milan Broz | 2 | -0/+26 | |
crypt_backend_memcpy. | |||||
12 days | Add memutils.c for backend and move existing mem helpers there. | Milan Broz | 5 | -22/+51 | |
Also remove inline definitions. | |||||
13 days | Fix various coverity issues. | Ondrej Kozina | 8 | -40/+78 | |
Mostly INTEGER_OVERFLOW (CWE-190). | |||||
2024-04-18 | Avoid divide by zero in uint64_mult_overflow. | Milan Broz | 1 | -0/+2 | |
This function is used with block size, where 0 does not make sense, so failing the check is the simple way to avoid sividion by zero. In reality, this should never happen, but it was seen in (unreproducible) fuzzing input. | |||||
2024-04-09 | Update README for version 2.7.2. | Milan Broz | 1 | -4/+4 | |
2024-04-09 | Add warning about OPAL admin PIN to man page and release notes. | Milan Broz | 2 | -0/+16 | |
2024-04-04 | Add 2.7.2 release notes. | Milan Broz | 1 | -0/+23 | |
2024-04-04 | tests: print OPAL device parameters in test envirenment if specified | Milan Broz | 1 | -0/+5 | |
2024-04-04 | CI: add WD PC SN740 OPAL drive job | Daniel Zatovic | 1 | -33/+33 | |
2024-04-04 | po: update es.po (from translationproject.org) | Antonio Ceballos | 1 | -483/+513 | |
2024-04-03 | Compile --disable-hw-opal variant.coverity_scan | Ondrej Kozina | 1 | -1/+2 | |
2024-04-03 | Do not check passphrase quality in-before erase. | Ondrej Kozina | 1 | -2/+1 | |
The passphrase (Admin PIN) already exists and there's no reason to check quiality of it. | |||||
2024-04-03 | Relicense older script to LGPL fro GPL2.0 only. | Milan Broz | 1 | -6/+13 | |
(As I am sole author here.) | |||||
2024-04-03 | FAQ: update license version to CC BY-SA 4.0. | Milan Broz | 1 | -10/+5 | |
With email approval from Arno Wagner dated March 29, 2024: From: Arno Wagner To: Milan Broz Subject: Re: cryuptsetup FAQ license Hi Milan, fine for me. You can change it directly. Arno On Wed, Mar 27, 2024 at 13:38:36 CET, Milan Broz wrote: > Hi Arno, > > the FAQ in cryptsetup is licensed under CC-BY-SA-3.0 that is no longer a recent version - https://creativecommons.org/licenses/by-sa/3.0/ > > I use CC-BY-SA-4.0 (https://creativecommons.org/licenses/by-sa/4.0/deed.en) for LUKS2 docs and think it is the best option for docs. > > Do you agree with updating the license to CC-BY-SA-4.0 for the FAQ.md file? (I, as coauthor, obviously agree :-) > > Thanks, > Milan | |||||
2024-04-03 | Fix invalid assert for hw-opal data segment keys. | Ondrej Kozina | 2 | -54/+61 | |
hw-opal segment does not receive volume key for data encryption, unlike crypt segment or hw-opal-crypt segment. It gets key encryption key that is passed to device fw which later unlocks the locking range key sealed in the device. The assert may be skipped while volume key is not set. Fixes: #875. | |||||
2024-04-02 | Fix data segment length compensation on misaligned partitions. | Ondrej Kozina | 1 | -2/+2 | |
While properly calculated data segment needed compensation due to misaligned partition (locking range had to be truncated), we passed wrong value (original partition size) to LUKS2 metadata. It has to use calculated locking range length in bytes. Fixes: #873. | |||||
2024-03-26 | CI: make OPAL jobs uninterruptible | Daniel Zatovic | 1 | -3/+3 | |
2024-03-26 | Add --hw-opal-factory-reset switch in erase options explicitly. | Ondrej Kozina | 1 | -0/+7 | |
2024-03-26 | Check HW OPAL range parameters in proper units. | Ondrej Kozina | 3 | -12/+22 | |
The opal_range_check_attributes_fd function expected both offset and length parameters of a LR to be passed in sectors (512B). During format we passed it wrongly in OPAL blocks which caused bogus check provided OPAL block size was not 512B. Fixes: #871. | |||||
2024-03-21 | tests: run systemd tests using meson only when requested | Daniel Zatovic | 2 | -1/+2 | |
2024-03-07 | Update Readme for 2.7.1. | Milan Broz | 1 | -4/+4 | |
2024-03-07 | tests: Fix Makefile * Meson to include all fs images. | Milan Broz | 2 | -1/+4 | |
2024-03-07 | Update LUKS2 spec. | Milan Broz | 1 | -0/+0 | |
2024-03-07 | Add 2.7.1 release notes. | Milan Broz | 1 | -0/+30 | |
2024-03-07 | test: Fix tests on RHEL7 clones (no keyring in dm-crypt). | Milan Broz | 3 | -19/+61 | |
2024-03-07 | Add xfs V5 image to tests. | Milan Broz | 5 | -12/+27 | |
XFS V4 can be disabled in kernel, add image V5. Minimal 300M xfs size avoided by using QA variables magic in format: export TEST_DIR=1 TEST_DEV=1 QA_CHECK_FS=1 ; mkfs -t xfs ... | |||||
2024-03-06 | tests: fix compat-test-opal bug for empty LUKS2 passphrase. | Ondrej Kozina | 1 | -2/+2 | |
The bug was hidden due to previously contradicting condition. | |||||
2024-03-06 | tests: move luks1 decryption resume test. | Ondrej Kozina | 1 | -1/+1 | |
It cannot be run in fips mode due to empty passphrase is no longer allowed. | |||||
2024-03-06 | tests: fix fips mode detection contradiction in various tests. | Ondrej Kozina | 5 | -10/+10 | |
2024-03-06 | po: update uk.po (from translationproject.org) | Yuri Chornoivan | 1 | -484/+514 | |
2024-03-06 | po: update ro.po (from translationproject.org) | Remus-Gabriel Chelu | 1 | -483/+515 | |
2024-03-06 | po: update pl.po (from translationproject.org) | Jakub Bogusz | 1 | -484/+514 | |
2024-03-06 | po: update ja.po (from translationproject.org) | Hiroshi Takekawa | 1 | -484/+514 | |
2024-03-06 | po: update fr.po (from translationproject.org) | Frédéric Marchal | 1 | -485/+515 | |
2024-03-06 | po: update de.po (from translationproject.org) | Roland Illig | 1 | -483/+513 | |
2024-03-06 | po: update cs.po (from translationproject.org) | Petr Pisar | 1 | -484/+516 | |
2024-03-06 | Set devel version. | Milan Broz | 2 | -2/+2 | |
2024-03-05 | Add regression test for resuming LUKS1 decryption. | Ondrej Kozina | 4 | -2/+16 | |
2024-03-05 | Fix regression in LUKS1 decryption. | Ondrej Kozina | 1 | -1/+2 | |
With removal of cryptsetup-reencrypt there was a bug introduced that broke resuming interrupted LUKS1 decryption operation. LUKS2 code was not affected. | |||||
2024-02-29 | Require --debug log in bug report issue template. | Milan Broz | 1 | -0/+3 | |
2024-02-29 | Allow all stable branches in GitHub actions. | Milan Broz | 2 | -4/+2 | |
2024-02-29 | Allow --link-vk-to-keyring with --test-passphrase option. | Ondrej Kozina | 4 | -1/+61 | |
To make it possible to upload volume key in user specified kernel keyring without need to (re)activate the device. | |||||
2024-02-28 | Fix abort triggered by initializing decryption via --active-name. | Ondrej Kozina | 2 | -12/+29 | |
The invalid test unfortunately hid an error in processing of --active-name command line option. | |||||
2024-02-22 | Fix indentation in integritysetup man page and crypt description. | Milan Broz | 1 | -5/+3 | |
2024-02-22 | Sort options in man pages alphabetically. | Milan Broz | 4 | -984/+984 | |
2024-02-22 | Fix JSON exampe in progress-frequency option. | Milan Broz | 2 | -4/+4 | |
2024-02-22 | Fix veritysetup man page typo. | Milan Broz | 1 | -2/+2 | |
2024-02-22 | Fix compilation with libargon2 argon when internal disabled | Sergei Ilinykh | 1 | -2/+3 | |
This fixes a regression introduced somewhere on the way to 2.7.0. A specific set of options led to complete lack of Argon2 regardless of --enable-libargon2 option. | |||||
2024-02-22 | CI: fix improper distro specification for 32-bit Debian. | Daniel Zatovic | 2 | -6/+6 | |
The `variables` section is repeated for 32-bit Debian job. Therefore the `DISTRO` environment variable is ignored and 64-bit distro name is inherited from the `.debian-prep` job. | |||||
2024-02-22 | CI: don't store kernel log, only check for coredumps. | Daniel Zatovic | 9 | -12/+10 | |
The kernel log is uploaded automatically by the custom executor, no need to upload it from inside the VM (and /mnt/artifacts is not mounted in the new CI scripts). | |||||
2024-02-22 | CI: increase disk size for csmock job. | Daniel Zatovic | 1 | -0/+1 | |
2024-02-22 | CI: add OPAL jobs. | Daniel Zatovic | 2 | -0/+135 | |
2024-02-22 | CI: update jobs for new CI infrastrucure | Daniel Zatovic | 9 | -25/+41 | |
2024-02-21 | Fix crypto vectors test in meson. | Ondrej Kozina | 1 | -0/+2 | |
Otherwise it gets skipped in meson everytime. | |||||
2024-02-18 | Skip test if keyctl is missing | Tobias Rosenkranz | 1 | -0/+1 | |
2024-02-13 | Do not require argon2.h if implemented natively in crypto library. | Milan Broz | 1 | -3/+6 | |
2024-02-13 | Fix mistake in crypt_set_keyring_to_link documentation. | Ondrej Kozina | 1 | -1/+1 | |
The keyring_to_link_vk parameter must be prefixed by either "%:" or "%keyring:" substrings provided caller opted for text description of the target keyring. | |||||
2024-02-12 | cryptsetup.spec: drop libargon2 in favour of openssl implementation. | Ondrej Kozina | 1 | -2/+2 | |
2024-02-09 | Fix configure Argon2 OpenSSL detection to not compile internal Argon2. | Milan Broz | 2 | -3/+6 | |
Code is not called anyway, but should be completely disabled. Note: there is intentionally no way to disable OpenSSL Argon2 if present. | |||||
2024-01-24 | Version 2.7.0.v2.7.0 | Milan Broz | 8 | -502/+534 | |
2024-01-23 | Fix local variable name that hides global one. | Milan Broz | 1 | -4/+4 | |
Found by CodeQL. | |||||
2024-01-23 | Update copyright notice to include 2024 year. | Milan Broz | 133 | -247/+247 | |
2024-01-23 | Unify error code for missing key description. | Ondrej Kozina | 3 | -3/+3 | |
Use -ESRCH for similar error code as with crypt_activate_by_keyslot_context. Here it's not confliciting with previous use for the very code but let's make it easier and use same code for similar case. | |||||
2024-01-23 | Update API documentation for crypt_set_keyring_to_link. | Ondrej Kozina | 1 | -3/+0 | |
The section about placeholder API no longer applies. | |||||
2024-01-23 | Replace code for missing key error in API. | Ondrej Kozina | 3 | -6/+7 | |
While trying to activate device in LUKS2 reencryption we originally used -ENOKEY error code for case where one or more volume keys could not be unlocked or were not provided direclty by (CRYPT_KC_TYPE_KEY or CRYPT_KC_TYPE_VK_KEYRING) keyslot contexts. We missed the fact the error code was already previously used for signaling case when dm subsystem could not load device table due to key in kernel keyring could not be read from kernel. It's propagated by libdevmapper. For it we replace -ENOKEY with -ESRCH for signaling the missing keyslot context or volume key for devices in LUKS2 reencryption. | |||||
2024-01-22 | tests: use per-test keyring for caching VKs. | Ondrej Kozina | 1 | -25/+52 | |
2024-01-22 | Do not drop keys from keyring on successfull reencryption recovery. | Ondrej Kozina | 1 | -1/+2 | |
The key might be needed in activation of ordinary LUKS2 device provided the recovery took place in before device activation and actually finished LUKS2 device reencryption. Fixes: #863. | |||||
2024-01-20 | Fix typo in verity test. | Milan Broz | 1 | -1/+1 | |
2024-01-20 | Fix autoconf valgrind test. | Milan Broz | 1 | -2/+2 | |
All environment variables are predefined in make run, use it in $(VAR) from, as shell variables processing does not work here. | |||||
2024-01-19 | Add tests for device activation using multiple VKs. | Daniel Zatovic | 3 | -7/+273 | |
2024-01-19 | Allow activating multi key devices using VKs in keyring. | Daniel Zatovic | 7 | -22/+300 | |
We already support activation of a device using a volume key in keyring. However, in case of multi-key devices (i.e. device with reencryption running) we need to supply two volume keys. | |||||
2024-01-19 | Add tests for storing VK in keyring during resume. | Daniel Zatovic | 1 | -0/+9 | |
2024-01-19 | Add tests for storing multiple VKs in a custom keyring. | Daniel Zatovic | 2 | -3/+161 | |
2024-01-19 | Allow linking multiple VKs (also in reencryption). | Daniel Zatovic | 5 | -48/+225 | |
If the device is in reencryption, it has two active volume keys. Linking the VK to keyring is not supported for such devices, because the API only counts with one key. This commit modifies the API crypt_set_keyring_to_link to allow passing multiple keyring key names. | |||||
2024-01-19 | Fix tests to support --disable-keyring option. | Milan Broz | 2 | -18/+8 | |
Also remove unused function in test. | |||||
2024-01-19 | po: update es.po (from translationproject.org) | Antonio Ceballos | 1 | -689/+938 | |
2024-01-19 | po: update cs.po (from translationproject.org) | Petr Pisar | 1 | -691/+943 | |
2024-01-17 | LUKS2: add more sanity assignments to header code. | Milan Broz | 1 | -0/+2 | |
Ensure we do not return partial binary header and also explicitly set header size to zero to silnce stupid cppcheck warnings. | |||||
2024-01-17 | LUKS2: add sanity check for hdr_size. | Milan Broz | 1 | -5/+14 | |
Simplify code a little bit for static analysis and also ensure that even second LUKS2 header with wrong hdr_size is always detected. | |||||
2024-01-17 | Add a few tainted data info for coverity to avoid warnings. | Milan Broz | 2 | -8/+19 | |
If sysconf is lying, then anything can happen. But check for overflow anyway. Device/partition offset overflow for IV can only cause bad decryption (expected). | |||||
2024-01-17 | Silence false positive cppcheck warning. | Milan Broz | 1 | -1/+1 | |
2024-01-17 | Fix signed (error) return from read in loop utils. | Milan Broz | 1 | -1/+1 | |
2024-01-17 | Use gcc 13 for GitHub actions. | Milan Broz | 3 | -3/+3 | |
2024-01-16 | Fix some grammar issues suggested by auto-correction tools. | Ondrej Kozina | 1 | -14/+14 | |
2024-01-16 | Update kernel keyring usage documentation. | Ondrej Kozina | 1 | -0/+23 | |
2024-01-15 | Fix some grammar issues suggested by auto-correction tools. | Ondrej Kozina | 1 | -15/+15 | |
2024-01-15 | docs: Describe additional LUKS2 locks. | Ondrej Kozina | 1 | -0/+36 | |
2024-01-05 | tests: add in-place LUKS2 encryption api test. | Ondrej Kozina | 1 | -0/+54 | |
Simple test for plaintext data placed at specified offset (non zero offset relative to head of data device). | |||||
2024-01-05 | tests: add helper for creating arbitrary linear mapping. | Ondrej Kozina | 2 | -7/+23 | |
2024-01-05 | Respect CRYPT_ACTIVATE_SHARED in reencryption. | Ondrej Kozina | 3 | -4/+7 | |
2024-01-05 | po: update uk.po (from translationproject.org) | Yuri Chornoivan | 1 | -152/+163 | |
2024-01-05 | po: update ro.po (from translationproject.org) | Remus-Gabriel Chelu | 1 | -152/+164 | |
2024-01-05 | po: update pl.po (from translationproject.org) | Jakub Bogusz | 1 | -150/+161 | |
2024-01-05 | po: update ja.po (from translationproject.org) | Hiroshi Takekawa | 1 | -150/+161 | |
2024-01-05 | po: update fr.po (from translationproject.org) | Frédéric Marchal | 1 | -150/+161 | |
2024-01-05 | po: update de.po (from translationproject.org) | Roland Illig | 1 | -151/+162 | |
2023-12-22 | Add note for luksSuspend to man page. | Milan Broz | 1 | -0/+4 | |
It should not be expected that suspend operation wipes possible plaintext data from memory. Related: #855 | |||||
2023-12-20 | Update cryptsetup.spec. | Milan Broz | 1 | -3/+3 | |
2023-12-20 | man: Update authenticated encryption trim description and add references | Krassy Boykinov | 1 | -4/+6 | |
790666ff (Add support for allow_discrads for dm-integrity., 2020-04-09) added TRIM support for standalone dm-integrity volumes. This change is now reflected in the cryptsetup(8) man page. | |||||
2023-12-20 | Version 2.7.0-rc1.v2.7.0-rc1 | Milan Broz | 4 | -155/+166 | |
2023-12-20 | Fix doxygen tags for API docs. | Milan Broz | 1 | -14/+28 | |
2023-12-20 | Update release notes for 2.7.0-rc1 and LUKS2 doc. | Milan Broz | 2 | -12/+22 | |
2023-12-20 | Add keyring linking API placeholders for multi-key scenarios. | Daniel Zatovic | 4 | -50/+87 | |
2023-12-19 | opal: Fix benign gcc warning for possible uninitialized value. | Milan Broz | 1 | -1/+1 | |
2023-12-19 | opal: Do not verify passphrase by default on luksErase. | Milan Broz | 1 | -1/+1 | |
Verify passphrase should be default only when creatng a new passphrase, here it will fail if the passphrase is wrong. | |||||
2023-12-18 | opal: add comments to all lockless opal calls. | Ondrej Kozina | 1 | -0/+11 | |
2023-12-17 | Report Argon2 crypto backend version in debug output | Milan Broz | 5 | -11/+42 | |
For Argon2 native code (gcrypt, OpenSSL) a flag in debug output is printed. If libargon is used, then [cryptsetup libargon2] is printed (embedded code) or [external libargon2] for dynamic external library. # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [external libargon2]) or # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [cryptsetup libargon2]) Fixes: #851 | |||||
2023-12-17 | Use uppercase OPAL in messages. | Milan Broz | 3 | -9/+9 | |
2023-12-13 | opal: add exclusive lock to avoid race. | Ondrej Kozina | 5 | -4/+130 | |
Activating LUKS2 device with OPAL support is multistep process. 1) read LR state 2) unlock LR 3) activate dm device 4) in case step 3) failed lock the device if in step 1) the device was locked. Otherwise, in case parallel activation happened on one device the process that failed to map dm device (device already active) could relock the LR afterwards and effectively break already active device. To avoid that we do steps 1) through 4) protected by exclusive opal lock unique per data block device configured for use with LUKS2 OPAL support. | |||||
2023-12-13 | opal: do not always re-lock range on failed activation. | Ondrej Kozina | 3 | -39/+56 | |
If activation fails due to already active dm mapping we must not automatically re-lock the OPAL range since it would break the original active device. | |||||
2023-12-13 | test: check if device remains usable after failed attempt to double activation. | Ondrej Kozina | 1 | -1/+5 | |
2023-12-13 | Drop unused crypt_read_lock helper. | Ondrej Kozina | 2 | -25/+0 | |
2023-12-13 | opal: no need to export internal opal_enabled function. | Ondrej Kozina | 2 | -28/+22 | |
2023-12-04 | opal: erase key cached in kernel when LR gets locked. | Ondrej Kozina | 2 | -7/+15 | |
It affects only HW OPAL locking range KEK. After unlocking opal locking range we cache the key in kernel so that we do not have to pass the key again for locking the range later (the OPAL std requires key for lock command). Unfortunately the key remains cached in kernel even after we lock the range on purpose during crypt_deactivate* or crypt_suspend. This had 2 side effects: 1) key remained in system memory even though the LUKS device was inactive (and all keys should be erased from memory). 2) when system gets suspended the locking range got automatically unlocked later after system resume because the key caching is used primarly to automatically unlock locking ranges that got locked after system suspend (due to power cut off on storage device). Since kernel does not directly support dropping cached keys we achieve that by overwritting the original key structure with empty one. | |||||
2023-12-04 | po: update zh_CN.po (from translationproject.org) | Boyuan Yang | 1 | -1464/+3415 | |
2023-12-04 | po: update uk.po (from translationproject.org) | Yuri Chornoivan | 1 | -684/+925 | |
2023-12-04 | po: update ro.po (from translationproject.org) | Remus-Gabriel Chelu | 1 | -691/+936 | |
2023-12-04 | po: update pl.po (from translationproject.org) | Jakub Bogusz | 1 | -681/+919 | |
2023-12-04 | po: update ja.po (from translationproject.org) | Hiroshi Takekawa | 1 | -681/+919 | |
2023-12-04 | po: update fr.po (from translationproject.org) | Frédéric Marchal | 1 | -687/+925 | |
2023-12-04 | po: update de.po (from translationproject.org) | Roland Illig | 1 | -689/+927 | |
2023-12-04 | Add missing vectors tests in valgrind setup. | Ondrej Kozina | 1 | -0/+9 | |
2023-12-04 | Simplify meson tests. | Ondrej Kozina | 1 | -304/+32 | |
Valgrind tests is now run with: meson test -C <build_dir> --setup=valgrind | |||||
2023-11-30 | Revert "tests: Temporarily disable veritysetup tasklet option test." | Milan Broz | 1 | -3/+2 | |
This reverts commit 0e44494aba8e41a6d0938304cb481c5a4b40aca5. Kernel fix is in mainline and on the way to stable kernels. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md?id=2a695062a5a42aead8c539a344168d4806b3fda2 | |||||
2023-11-30 | fuzz: Try to limit image size in crypt2_load_proto_plain_json_fuzz | Milan Broz | 1 | -4/+11 | |
It seems that we see a lot of out of space in fuzzer run, so try to avoid writing excessive big images here. | |||||
2023-11-29 | Version 2.7.0-rc0.v2.7.0-rc0 | Milan Broz | 1 | -0/+6 | |
2023-11-29 | Fix some typos found by lintian. | Milan Broz | 13 | -18/+18 | |
2023-11-29 | Update pot file. | Milan Broz | 1 | -673/+931 | |
2023-11-29 | Tweak some error messages. | Milan Broz | 3 | -6/+7 | |
2023-11-28 | Add release notes for 2.7.0-rc0. | Milan Broz | 1 | -0/+435 | |
2023-11-28 | Add hw_opal.c for translation. | Milan Broz | 1 | -0/+1 | |
2023-11-28 | Set version 2.7.0-rc0. | Milan Broz | 2 | -4/+4 | |
2023-11-28 | meson: fix meson_dist_convert script | Milan Broz | 1 | -1/+1 | |
2023-11-28 | Add missing files to autoconf make dist. | Milan Broz | 2 | -1/+3 | |
2023-11-28 | Use proper integer constant in meson_options.txt | Ondrej Kozina | 1 | -1/+1 | |
Unfortunately it creates decimal base constant when converting to C define. But the former implicit and deprecated conversion did it as well. | |||||
2023-11-28 | Override meson default prefix. | Ondrej Kozina | 1 | -0/+1 | |
2023-11-28 | Fix some coverity scan issues. | Milan Broz | 2 | -2/+8 | |
The read in kernel crypto backend is part of user crypto API encryption call, we have to trust it here. JSON fix is just one place where return code was not checked for this particular function. | |||||
2023-11-27 | Always print error message for invalid keyring definition. | Milan Broz | 1 | -15/+15 | |
Many cases quietly returned error without any error message. | |||||
2023-11-26 | po: update sr.po (from translationproject.org) | Мирослав Николић | 1 | -651/+748 | |
2023-11-26 | po: update ru.po (from translationproject.org) | Yuri Kozlov | 1 | -6/+6 | |
2023-11-26 | po: update pl.po (from translationproject.org) | Jakub Bogusz | 1 | -245/+249 | |
2023-11-26 | po: update es.po (from translationproject.org) | Antonio Ceballos | 1 | -1155/+1519 | |
2023-11-26 | fuzz: add missing flex (util-linux req.) to fix fuzzing build | Milan Broz | 1 | -1/+1 | |
2023-11-22 | tests: fail early if PSID reset does not work for device. | Milan Broz | 1 | -6/+14 | |
This should stop user from using wrong device for tests. | |||||
2023-11-22 | Suspend and resume also dm-integrity device with AEAD. | Milan Broz | 3 | -7/+98 | |
Currently we suspend top-level device only. With OPAL, the underlying device will start to return errors once OPAL LR is locked. If the dm-integrity device is not suspended, regular journal flush corrupts the device (journal write failure), corrupting data above it. Suspending the whole stack should fix the issue. | |||||
2023-11-21 | Do not run sector read check on suspended device. | Milan Broz | 2 | -1/+21 | |
This can affect status command, but later also device stack with authenticated encryption (*_dif device). Ignoring direct-io should not be problem here. The logic shoudl be simplified in future anyway... | |||||
2023-11-21 | Do not require init_done for some deive helpers. | Milan Broz | 1 | -2/+2 | |
It processes only name, no need to depend on real device checks (for direct-io) etc. | |||||
2023-11-21 | Fix wrong key id set when resuming LUKS2 device. | Ondrej Kozina | 2 | -1/+4 | |
If volume key digest id was not 0 it failed on assert in LUKS2 resume path later. | |||||
2023-11-20 | CI: change TSS package name for Debian 12 | Daniel Zatovic | 1 | -1/+1 | |
Change package name from tpm2-tss-engine-dev (on Debian 11) to libtss2-dev (on Debian 12). | |||||
2023-11-17 | Drop fake_token_path symbol from tests. | Ondrej Kozina | 3 | -30/+2 | |
It's no longer used. | |||||
2023-11-17 | Do not use fake-token-path in ssh and systemd plugin tests. | Ondrej Kozina | 5 | -34/+46 | |
2023-11-16 | Add --external-tokens-path parameter in cryptsetup. | Ondrej Kozina | 11 | -6/+82 | |
2023-11-16 | Add crypt_token_set_external_path API. | Ondrej Kozina | 3 | -1/+46 | |
It can be used to override system library where libcryptsetup looks for external token handlers (plugins). The parameter is required to be absolute path and it is set per process context. Fixes: #846. | |||||
2023-11-15 | Drop deprecated use of implicit meson setup command. | Ondrej Kozina | 1 | -2/+2 | |
2023-11-15 | Fix systemd-test-plugin initialization. | Ondrej Kozina | 1 | -2/+2 | |
check for .git subdirectory to decide if systemd repository needs to be cloned. | |||||
2023-11-15 | Fix fake systemd tpm path symbol. | Ondrej Kozina | 1 | -2/+2 | |
The prototype for the function in systemd has changed. Otrherwise the tests abort with SEGFAULT. | |||||
2023-11-15 | compat-test-opal does not depend on differ util. | Ondrej Kozina | 1 | -1/+0 | |
2023-11-15 | Speed up compat-test-opal valgrind test. | Ondrej Kozina | 1 | -4/+8 | |
By not testing cleanup routines repeatingly for leaks. | |||||
2023-11-15 | Enable valgrind tests in meson. | Ondrej Kozina | 25 | -73/+538 | |
2023-11-15 | Fix invalid comparison of bool and int types in root meson.build. | Ondrej Kozina | 1 | -2/+2 | |
2023-11-15 | Increase minimal meson version to 0.64 | Ondrej Kozina | 3 | -15/+4 | |
It's inital cryptsetup upstream release with meson support so let's not pollute scripts with if-then-else branching from the very beginning. | |||||
2023-11-15 | CI: disable -Wdeclaration-after-statement warning | Daniel Zatovic | 1 | -1/+0 | |
2023-11-15 | Dont mix declarations with code. | Daniel Zatovic | 1 | -5/+5 | |
Move asserts after declarations. | |||||
2023-11-15 | Remove obsolate AC_C_CONST macro. | Daniel Zatovic | 1 | -1/+0 | |
The AC_C_CONST test program fails to compile under latest clang with -Wall -Werror, which results in erroneously defining "const" keyword to an empty string. The AC_C_CONST is considered obsolate. | |||||
2023-11-13 | CI: don't use non-existent meson flag | Daniel Zatovic | 1 | -1/+1 | |
An unknown -Dinternal-argon2=false flag was used, new meson version fails when it gets unknown flag. Use the correct -Dargon-implementation=internal flag instead. | |||||
2023-11-13 | CI: switch compilation test to Ubuntu Lunar (23.04) | Daniel Zatovic | 2 | -4/+4 | |
2023-11-13 | CI: switch Debian runner from 11 to 12 | Daniel Zatovic | 1 | -5/+5 | |
2023-11-13 | tests: Temporarily disable veritysetup tasklet option test. | Milan Broz | 1 | -2/+3 | |
Kernel bug reporte here: https://lore.kernel.org/dm-devel/fa17b8d8-2d84-45c8-ac6a-1876f1f55a52@gmail.com/ | |||||
2023-11-07 | tests: Clean up also dm-integrity device in OPAL test | Milan Broz | 1 | -0/+1 | |
2023-11-07 | Fix memory leaks detected in compat-test-opal. | Ondrej Kozina | 2 | -5/+8 | |
2023-11-06 | tests: Do not run OPAL test with valgrind if variables are not set | Milan Broz | 1 | -1/+1 | |
Otherwise it will break run with exit code 77. | |||||
2023-11-06 | Add hint about missing OPAL support in kernel. | Ondrej Kozina | 1 | -1/+1 | |
Unfortunately there is currently no way how to make difference between device lacking SED OPAL support state and kernel missing SED OPAL support via disabled interface via configure option. | |||||
2023-11-06 | Enable tests fixed with recent commits. | Ondrej Kozina | 1 | -7/+0 | |
2023-11-06 | Abort LUKS2 reencryption early if OPAL device used. | Ondrej Kozina | 1 | -0/+5 | |
2023-11-06 | Add LUKS2 OPAL requirement flag. | Ondrej Kozina | 3 | -10/+30 | |
2023-11-06 | Add more onlyLUKS helpers for convenience. | Ondrej Kozina | 3 | -11/+21 | |
2023-11-03 | Fix memory leak in kernel keyring keyslot context. | Ondrej Kozina | 2 | -9/+5 | |
The leak occured only when the context instance was used more than once. |