aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
3 daystests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+)HEADmastermainMilan Broz3-0/+26
For compatimage2 also add keyslot 1 that uses Argon2id PBKDF2 to keep check for compatibility on non-fips system.
3 daystests: Use only PBKDF2 in luks2_keyslot_unassigned.img (FIPS with OpenSSL 3.2+)Milan Broz1-0/+0
3 daystests: Fix redundant test number in compat-test2Milan Broz1-3/+3
3 daystests: Skip zoned test if kernel does not support itMilan Broz1-10/+13
Zoned block device support can be disabled (as in RHEL8), skip particular test if scsi_Debug does not create device. (Modprobe does not return any error code, just kernel message as parameter is actually supported, but block layer lack support for zoned device.)
3 daystests: Remove leftover debug parameter.Milan Broz1-1/+1
6 daysAdd tests for --key-description and --new-key-description.Milan Broz1-0/+29
6 daysRename TOKEN to KEY_DESC to be used in different context later.Milan Broz1-22/+22
6 daysAdd --key-description and --new-key-description for luksAddKey command.Milan Broz3-52/+49
6 daysAdd --key-description for luksResume command.Milan Broz3-8/+8
6 daysAdd --key-description for open command.Milan Broz6-18/+23
6 daysAdd --key-description for resize command.Milan Broz3-8/+9
6 daysAdd --key-description for luksFormat command.Milan Broz3-8/+13
6 daysAdd --key-description for luksDump command.Milan Broz3-7/+31
6 daysFix --key-description actions and define --new-key-description.Milan Broz5-2/+16
8 daysCI: make OPAL tests run at the endDaniel Zatovic2-28/+2
Once OPAL tests run, the whole pipeline gets marked as uninterruptible (because of the uninterruptible OPAL job). Therefore a duplicate pipeline gets started on e.g. MR change. Move OPAL jobs to test-opal stage which runs at the end.
8 daysUse crypt_wipe to zero rest of data device.Ondrej Kozina1-40/+15
8 daysUse proper write_buffer in LUKS1 reencryption code.Ondrej Kozina1-17/+9
The raw write() syscal may write less bytes than requested. We have write_buffer in utils_io.c that handles it properly.
8 daysUse proper read_buffer function from utils.Ondrej Kozina1-31/+2
Legacy LUKS1 reencryption used custom read buffer function. Use implementation from utils_io instead.
12 daysDetect unsupported zoned devices for LUKS header device.Milan Broz5-0/+68
Zoned device cannot be written with direct-io and cannot be used for LUKS header logic without significant changes. Do not allow to use them for LUKS header but allow it for data device, as dm-crypt supports it. Fixes: #877
12 daysUse crypt_safe_memcpy for operations with key.Milan Broz9-30/+30
12 daysAdd crypt_safe_memcpy to libcryptsetup.h.Milan Broz3-0/+23
12 daysUse crypt_backend_memcpy in crypt backend for sensitive data.Milan Broz5-8/+8
12 daysUse backend memory utils in safe memory functions.Milan Broz1-14/+5
12 daysUse zero_call_used_regs and noinline for backend memory utils and introduce ↵Milan Broz2-0/+26
crypt_backend_memcpy.
12 daysAdd memutils.c for backend and move existing mem helpers there.Milan Broz5-22/+51
Also remove inline definitions.
13 daysFix various coverity issues.Ondrej Kozina8-40/+78
Mostly INTEGER_OVERFLOW (CWE-190).
2024-04-18Avoid divide by zero in uint64_mult_overflow.Milan Broz1-0/+2
This function is used with block size, where 0 does not make sense, so failing the check is the simple way to avoid sividion by zero. In reality, this should never happen, but it was seen in (unreproducible) fuzzing input.
2024-04-09Update README for version 2.7.2.Milan Broz1-4/+4
2024-04-09Add warning about OPAL admin PIN to man page and release notes.Milan Broz2-0/+16
2024-04-04Add 2.7.2 release notes.Milan Broz1-0/+23
2024-04-04tests: print OPAL device parameters in test envirenment if specifiedMilan Broz1-0/+5
2024-04-04CI: add WD PC SN740 OPAL drive jobDaniel Zatovic1-33/+33
2024-04-04po: update es.po (from translationproject.org)Antonio Ceballos1-483/+513
2024-04-03Compile --disable-hw-opal variant.coverity_scanOndrej Kozina1-1/+2
2024-04-03Do not check passphrase quality in-before erase.Ondrej Kozina1-2/+1
The passphrase (Admin PIN) already exists and there's no reason to check quiality of it.
2024-04-03Relicense older script to LGPL fro GPL2.0 only.Milan Broz1-6/+13
(As I am sole author here.)
2024-04-03FAQ: update license version to CC BY-SA 4.0.Milan Broz1-10/+5
With email approval from Arno Wagner dated March 29, 2024: From: Arno Wagner To: Milan Broz Subject: Re: cryuptsetup FAQ license Hi Milan, fine for me. You can change it directly. Arno On Wed, Mar 27, 2024 at 13:38:36 CET, Milan Broz wrote: > Hi Arno, > > the FAQ in cryptsetup is licensed under CC-BY-SA-3.0 that is no longer a recent version - https://creativecommons.org/licenses/by-sa/3.0/ > > I use CC-BY-SA-4.0 (https://creativecommons.org/licenses/by-sa/4.0/deed.en) for LUKS2 docs and think it is the best option for docs. > > Do you agree with updating the license to CC-BY-SA-4.0 for the FAQ.md file? (I, as coauthor, obviously agree :-) > > Thanks, > Milan
2024-04-03Fix invalid assert for hw-opal data segment keys.Ondrej Kozina2-54/+61
hw-opal segment does not receive volume key for data encryption, unlike crypt segment or hw-opal-crypt segment. It gets key encryption key that is passed to device fw which later unlocks the locking range key sealed in the device. The assert may be skipped while volume key is not set. Fixes: #875.
2024-04-02Fix data segment length compensation on misaligned partitions.Ondrej Kozina1-2/+2
While properly calculated data segment needed compensation due to misaligned partition (locking range had to be truncated), we passed wrong value (original partition size) to LUKS2 metadata. It has to use calculated locking range length in bytes. Fixes: #873.
2024-03-26CI: make OPAL jobs uninterruptibleDaniel Zatovic1-3/+3
2024-03-26Add --hw-opal-factory-reset switch in erase options explicitly.Ondrej Kozina1-0/+7
2024-03-26Check HW OPAL range parameters in proper units.Ondrej Kozina3-12/+22
The opal_range_check_attributes_fd function expected both offset and length parameters of a LR to be passed in sectors (512B). During format we passed it wrongly in OPAL blocks which caused bogus check provided OPAL block size was not 512B. Fixes: #871.
2024-03-21tests: run systemd tests using meson only when requestedDaniel Zatovic2-1/+2
2024-03-07Update Readme for 2.7.1.Milan Broz1-4/+4
2024-03-07tests: Fix Makefile * Meson to include all fs images.Milan Broz2-1/+4
2024-03-07Update LUKS2 spec.Milan Broz1-0/+0
2024-03-07Add 2.7.1 release notes.Milan Broz1-0/+30
2024-03-07test: Fix tests on RHEL7 clones (no keyring in dm-crypt).Milan Broz3-19/+61
2024-03-07Add xfs V5 image to tests.Milan Broz5-12/+27
XFS V4 can be disabled in kernel, add image V5. Minimal 300M xfs size avoided by using QA variables magic in format: export TEST_DIR=1 TEST_DEV=1 QA_CHECK_FS=1 ; mkfs -t xfs ...
2024-03-06tests: fix compat-test-opal bug for empty LUKS2 passphrase.Ondrej Kozina1-2/+2
The bug was hidden due to previously contradicting condition.
2024-03-06tests: move luks1 decryption resume test.Ondrej Kozina1-1/+1
It cannot be run in fips mode due to empty passphrase is no longer allowed.
2024-03-06tests: fix fips mode detection contradiction in various tests.Ondrej Kozina5-10/+10
2024-03-06po: update uk.po (from translationproject.org)Yuri Chornoivan1-484/+514
2024-03-06po: update ro.po (from translationproject.org)Remus-Gabriel Chelu1-483/+515
2024-03-06po: update pl.po (from translationproject.org)Jakub Bogusz1-484/+514
2024-03-06po: update ja.po (from translationproject.org)Hiroshi Takekawa1-484/+514
2024-03-06po: update fr.po (from translationproject.org)Frédéric Marchal1-485/+515
2024-03-06po: update de.po (from translationproject.org)Roland Illig1-483/+513
2024-03-06po: update cs.po (from translationproject.org)Petr Pisar1-484/+516
2024-03-06Set devel version.Milan Broz2-2/+2
2024-03-05Add regression test for resuming LUKS1 decryption.Ondrej Kozina4-2/+16
2024-03-05Fix regression in LUKS1 decryption.Ondrej Kozina1-1/+2
With removal of cryptsetup-reencrypt there was a bug introduced that broke resuming interrupted LUKS1 decryption operation. LUKS2 code was not affected.
2024-02-29Require --debug log in bug report issue template.Milan Broz1-0/+3
2024-02-29Allow all stable branches in GitHub actions.Milan Broz2-4/+2
2024-02-29Allow --link-vk-to-keyring with --test-passphrase option.Ondrej Kozina4-1/+61
To make it possible to upload volume key in user specified kernel keyring without need to (re)activate the device.
2024-02-28Fix abort triggered by initializing decryption via --active-name.Ondrej Kozina2-12/+29
The invalid test unfortunately hid an error in processing of --active-name command line option.
2024-02-22Fix indentation in integritysetup man page and crypt description.Milan Broz1-5/+3
2024-02-22Sort options in man pages alphabetically.Milan Broz4-984/+984
2024-02-22Fix JSON exampe in progress-frequency option.Milan Broz2-4/+4
2024-02-22Fix veritysetup man page typo.Milan Broz1-2/+2
2024-02-22Fix compilation with libargon2 argon when internal disabledSergei Ilinykh1-2/+3
This fixes a regression introduced somewhere on the way to 2.7.0. A specific set of options led to complete lack of Argon2 regardless of --enable-libargon2 option.
2024-02-22CI: fix improper distro specification for 32-bit Debian.Daniel Zatovic2-6/+6
The `variables` section is repeated for 32-bit Debian job. Therefore the `DISTRO` environment variable is ignored and 64-bit distro name is inherited from the `.debian-prep` job.
2024-02-22CI: don't store kernel log, only check for coredumps.Daniel Zatovic9-12/+10
The kernel log is uploaded automatically by the custom executor, no need to upload it from inside the VM (and /mnt/artifacts is not mounted in the new CI scripts).
2024-02-22CI: increase disk size for csmock job.Daniel Zatovic1-0/+1
2024-02-22CI: add OPAL jobs.Daniel Zatovic2-0/+135
2024-02-22CI: update jobs for new CI infrastrucureDaniel Zatovic9-25/+41
2024-02-21Fix crypto vectors test in meson.Ondrej Kozina1-0/+2
Otherwise it gets skipped in meson everytime.
2024-02-18Skip test if keyctl is missingTobias Rosenkranz1-0/+1
2024-02-13Do not require argon2.h if implemented natively in crypto library.Milan Broz1-3/+6
2024-02-13Fix mistake in crypt_set_keyring_to_link documentation.Ondrej Kozina1-1/+1
The keyring_to_link_vk parameter must be prefixed by either "%:" or "%keyring:" substrings provided caller opted for text description of the target keyring.
2024-02-12cryptsetup.spec: drop libargon2 in favour of openssl implementation.Ondrej Kozina1-2/+2
2024-02-09Fix configure Argon2 OpenSSL detection to not compile internal Argon2.Milan Broz2-3/+6
Code is not called anyway, but should be completely disabled. Note: there is intentionally no way to disable OpenSSL Argon2 if present.
2024-01-24Version 2.7.0.v2.7.0Milan Broz8-502/+534
2024-01-23Fix local variable name that hides global one.Milan Broz1-4/+4
Found by CodeQL.
2024-01-23Update copyright notice to include 2024 year.Milan Broz133-247/+247
2024-01-23Unify error code for missing key description.Ondrej Kozina3-3/+3
Use -ESRCH for similar error code as with crypt_activate_by_keyslot_context. Here it's not confliciting with previous use for the very code but let's make it easier and use same code for similar case.
2024-01-23Update API documentation for crypt_set_keyring_to_link.Ondrej Kozina1-3/+0
The section about placeholder API no longer applies.
2024-01-23Replace code for missing key error in API.Ondrej Kozina3-6/+7
While trying to activate device in LUKS2 reencryption we originally used -ENOKEY error code for case where one or more volume keys could not be unlocked or were not provided direclty by (CRYPT_KC_TYPE_KEY or CRYPT_KC_TYPE_VK_KEYRING) keyslot contexts. We missed the fact the error code was already previously used for signaling case when dm subsystem could not load device table due to key in kernel keyring could not be read from kernel. It's propagated by libdevmapper. For it we replace -ENOKEY with -ESRCH for signaling the missing keyslot context or volume key for devices in LUKS2 reencryption.
2024-01-22tests: use per-test keyring for caching VKs.Ondrej Kozina1-25/+52
2024-01-22Do not drop keys from keyring on successfull reencryption recovery.Ondrej Kozina1-1/+2
The key might be needed in activation of ordinary LUKS2 device provided the recovery took place in before device activation and actually finished LUKS2 device reencryption. Fixes: #863.
2024-01-20Fix typo in verity test.Milan Broz1-1/+1
2024-01-20Fix autoconf valgrind test.Milan Broz1-2/+2
All environment variables are predefined in make run, use it in $(VAR) from, as shell variables processing does not work here.
2024-01-19Add tests for device activation using multiple VKs.Daniel Zatovic3-7/+273
2024-01-19Allow activating multi key devices using VKs in keyring.Daniel Zatovic7-22/+300
We already support activation of a device using a volume key in keyring. However, in case of multi-key devices (i.e. device with reencryption running) we need to supply two volume keys.
2024-01-19Add tests for storing VK in keyring during resume.Daniel Zatovic1-0/+9
2024-01-19Add tests for storing multiple VKs in a custom keyring.Daniel Zatovic2-3/+161
2024-01-19Allow linking multiple VKs (also in reencryption).Daniel Zatovic5-48/+225
If the device is in reencryption, it has two active volume keys. Linking the VK to keyring is not supported for such devices, because the API only counts with one key. This commit modifies the API crypt_set_keyring_to_link to allow passing multiple keyring key names.
2024-01-19Fix tests to support --disable-keyring option.Milan Broz2-18/+8
Also remove unused function in test.
2024-01-19po: update es.po (from translationproject.org)Antonio Ceballos1-689/+938
2024-01-19po: update cs.po (from translationproject.org)Petr Pisar1-691/+943
2024-01-17LUKS2: add more sanity assignments to header code.Milan Broz1-0/+2
Ensure we do not return partial binary header and also explicitly set header size to zero to silnce stupid cppcheck warnings.
2024-01-17LUKS2: add sanity check for hdr_size.Milan Broz1-5/+14
Simplify code a little bit for static analysis and also ensure that even second LUKS2 header with wrong hdr_size is always detected.
2024-01-17Add a few tainted data info for coverity to avoid warnings.Milan Broz2-8/+19
If sysconf is lying, then anything can happen. But check for overflow anyway. Device/partition offset overflow for IV can only cause bad decryption (expected).
2024-01-17Silence false positive cppcheck warning.Milan Broz1-1/+1
2024-01-17Fix signed (error) return from read in loop utils.Milan Broz1-1/+1
2024-01-17Use gcc 13 for GitHub actions.Milan Broz3-3/+3
2024-01-16Fix some grammar issues suggested by auto-correction tools.Ondrej Kozina1-14/+14
2024-01-16Update kernel keyring usage documentation.Ondrej Kozina1-0/+23
2024-01-15Fix some grammar issues suggested by auto-correction tools.Ondrej Kozina1-15/+15
2024-01-15docs: Describe additional LUKS2 locks.Ondrej Kozina1-0/+36
2024-01-05tests: add in-place LUKS2 encryption api test.Ondrej Kozina1-0/+54
Simple test for plaintext data placed at specified offset (non zero offset relative to head of data device).
2024-01-05tests: add helper for creating arbitrary linear mapping.Ondrej Kozina2-7/+23
2024-01-05Respect CRYPT_ACTIVATE_SHARED in reencryption.Ondrej Kozina3-4/+7
2024-01-05po: update uk.po (from translationproject.org)Yuri Chornoivan1-152/+163
2024-01-05po: update ro.po (from translationproject.org)Remus-Gabriel Chelu1-152/+164
2024-01-05po: update pl.po (from translationproject.org)Jakub Bogusz1-150/+161
2024-01-05po: update ja.po (from translationproject.org)Hiroshi Takekawa1-150/+161
2024-01-05po: update fr.po (from translationproject.org)Frédéric Marchal1-150/+161
2024-01-05po: update de.po (from translationproject.org)Roland Illig1-151/+162
2023-12-22Add note for luksSuspend to man page.Milan Broz1-0/+4
It should not be expected that suspend operation wipes possible plaintext data from memory. Related: #855
2023-12-20Update cryptsetup.spec.Milan Broz1-3/+3
2023-12-20man: Update authenticated encryption trim description and add referencesKrassy Boykinov1-4/+6
790666ff (Add support for allow_discrads for dm-integrity., 2020-04-09) added TRIM support for standalone dm-integrity volumes. This change is now reflected in the cryptsetup(8) man page.
2023-12-20Version 2.7.0-rc1.v2.7.0-rc1Milan Broz4-155/+166
2023-12-20Fix doxygen tags for API docs.Milan Broz1-14/+28
2023-12-20Update release notes for 2.7.0-rc1 and LUKS2 doc.Milan Broz2-12/+22
2023-12-20Add keyring linking API placeholders for multi-key scenarios.Daniel Zatovic4-50/+87
2023-12-19opal: Fix benign gcc warning for possible uninitialized value.Milan Broz1-1/+1
2023-12-19opal: Do not verify passphrase by default on luksErase.Milan Broz1-1/+1
Verify passphrase should be default only when creatng a new passphrase, here it will fail if the passphrase is wrong.
2023-12-18opal: add comments to all lockless opal calls.Ondrej Kozina1-0/+11
2023-12-17Report Argon2 crypto backend version in debug outputMilan Broz5-11/+42
For Argon2 native code (gcrypt, OpenSSL) a flag in debug output is printed. If libargon is used, then [cryptsetup libargon2] is printed (embedded code) or [external libargon2] for dynamic external library. # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [external libargon2]) or # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [cryptsetup libargon2]) Fixes: #851
2023-12-17Use uppercase OPAL in messages.Milan Broz3-9/+9
2023-12-13opal: add exclusive lock to avoid race.Ondrej Kozina5-4/+130
Activating LUKS2 device with OPAL support is multistep process. 1) read LR state 2) unlock LR 3) activate dm device 4) in case step 3) failed lock the device if in step 1) the device was locked. Otherwise, in case parallel activation happened on one device the process that failed to map dm device (device already active) could relock the LR afterwards and effectively break already active device. To avoid that we do steps 1) through 4) protected by exclusive opal lock unique per data block device configured for use with LUKS2 OPAL support.
2023-12-13opal: do not always re-lock range on failed activation.Ondrej Kozina3-39/+56
If activation fails due to already active dm mapping we must not automatically re-lock the OPAL range since it would break the original active device.
2023-12-13test: check if device remains usable after failed attempt to double activation.Ondrej Kozina1-1/+5
2023-12-13Drop unused crypt_read_lock helper.Ondrej Kozina2-25/+0
2023-12-13opal: no need to export internal opal_enabled function.Ondrej Kozina2-28/+22
2023-12-04opal: erase key cached in kernel when LR gets locked.Ondrej Kozina2-7/+15
It affects only HW OPAL locking range KEK. After unlocking opal locking range we cache the key in kernel so that we do not have to pass the key again for locking the range later (the OPAL std requires key for lock command). Unfortunately the key remains cached in kernel even after we lock the range on purpose during crypt_deactivate* or crypt_suspend. This had 2 side effects: 1) key remained in system memory even though the LUKS device was inactive (and all keys should be erased from memory). 2) when system gets suspended the locking range got automatically unlocked later after system resume because the key caching is used primarly to automatically unlock locking ranges that got locked after system suspend (due to power cut off on storage device). Since kernel does not directly support dropping cached keys we achieve that by overwritting the original key structure with empty one.
2023-12-04po: update zh_CN.po (from translationproject.org)Boyuan Yang1-1464/+3415
2023-12-04po: update uk.po (from translationproject.org)Yuri Chornoivan1-684/+925
2023-12-04po: update ro.po (from translationproject.org)Remus-Gabriel Chelu1-691/+936
2023-12-04po: update pl.po (from translationproject.org)Jakub Bogusz1-681/+919
2023-12-04po: update ja.po (from translationproject.org)Hiroshi Takekawa1-681/+919
2023-12-04po: update fr.po (from translationproject.org)Frédéric Marchal1-687/+925
2023-12-04po: update de.po (from translationproject.org)Roland Illig1-689/+927
2023-12-04Add missing vectors tests in valgrind setup.Ondrej Kozina1-0/+9
2023-12-04Simplify meson tests.Ondrej Kozina1-304/+32
Valgrind tests is now run with: meson test -C <build_dir> --setup=valgrind
2023-11-30Revert "tests: Temporarily disable veritysetup tasklet option test."Milan Broz1-3/+2
This reverts commit 0e44494aba8e41a6d0938304cb481c5a4b40aca5. Kernel fix is in mainline and on the way to stable kernels. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md?id=2a695062a5a42aead8c539a344168d4806b3fda2
2023-11-30fuzz: Try to limit image size in crypt2_load_proto_plain_json_fuzzMilan Broz1-4/+11
It seems that we see a lot of out of space in fuzzer run, so try to avoid writing excessive big images here.
2023-11-29Version 2.7.0-rc0.v2.7.0-rc0Milan Broz1-0/+6
2023-11-29Fix some typos found by lintian.Milan Broz13-18/+18
2023-11-29Update pot file.Milan Broz1-673/+931
2023-11-29Tweak some error messages.Milan Broz3-6/+7
2023-11-28Add release notes for 2.7.0-rc0.Milan Broz1-0/+435
2023-11-28Add hw_opal.c for translation.Milan Broz1-0/+1
2023-11-28Set version 2.7.0-rc0.Milan Broz2-4/+4
2023-11-28meson: fix meson_dist_convert scriptMilan Broz1-1/+1
2023-11-28Add missing files to autoconf make dist.Milan Broz2-1/+3
2023-11-28Use proper integer constant in meson_options.txtOndrej Kozina1-1/+1
Unfortunately it creates decimal base constant when converting to C define. But the former implicit and deprecated conversion did it as well.
2023-11-28Override meson default prefix.Ondrej Kozina1-0/+1
2023-11-28Fix some coverity scan issues.Milan Broz2-2/+8
The read in kernel crypto backend is part of user crypto API encryption call, we have to trust it here. JSON fix is just one place where return code was not checked for this particular function.
2023-11-27Always print error message for invalid keyring definition.Milan Broz1-15/+15
Many cases quietly returned error without any error message.
2023-11-26po: update sr.po (from translationproject.org)Мирослав Николић1-651/+748
2023-11-26po: update ru.po (from translationproject.org)Yuri Kozlov1-6/+6
2023-11-26po: update pl.po (from translationproject.org)Jakub Bogusz1-245/+249
2023-11-26po: update es.po (from translationproject.org)Antonio Ceballos1-1155/+1519
2023-11-26fuzz: add missing flex (util-linux req.) to fix fuzzing buildMilan Broz1-1/+1
2023-11-22tests: fail early if PSID reset does not work for device.Milan Broz1-6/+14
This should stop user from using wrong device for tests.
2023-11-22Suspend and resume also dm-integrity device with AEAD.Milan Broz3-7/+98
Currently we suspend top-level device only. With OPAL, the underlying device will start to return errors once OPAL LR is locked. If the dm-integrity device is not suspended, regular journal flush corrupts the device (journal write failure), corrupting data above it. Suspending the whole stack should fix the issue.
2023-11-21Do not run sector read check on suspended device.Milan Broz2-1/+21
This can affect status command, but later also device stack with authenticated encryption (*_dif device). Ignoring direct-io should not be problem here. The logic shoudl be simplified in future anyway...
2023-11-21Do not require init_done for some deive helpers.Milan Broz1-2/+2
It processes only name, no need to depend on real device checks (for direct-io) etc.
2023-11-21Fix wrong key id set when resuming LUKS2 device.Ondrej Kozina2-1/+4
If volume key digest id was not 0 it failed on assert in LUKS2 resume path later.
2023-11-20CI: change TSS package name for Debian 12Daniel Zatovic1-1/+1
Change package name from tpm2-tss-engine-dev (on Debian 11) to libtss2-dev (on Debian 12).
2023-11-17Drop fake_token_path symbol from tests.Ondrej Kozina3-30/+2
It's no longer used.
2023-11-17Do not use fake-token-path in ssh and systemd plugin tests.Ondrej Kozina5-34/+46
2023-11-16Add --external-tokens-path parameter in cryptsetup.Ondrej Kozina11-6/+82
2023-11-16Add crypt_token_set_external_path API.Ondrej Kozina3-1/+46
It can be used to override system library where libcryptsetup looks for external token handlers (plugins). The parameter is required to be absolute path and it is set per process context. Fixes: #846.
2023-11-15Drop deprecated use of implicit meson setup command.Ondrej Kozina1-2/+2
2023-11-15Fix systemd-test-plugin initialization.Ondrej Kozina1-2/+2
check for .git subdirectory to decide if systemd repository needs to be cloned.
2023-11-15Fix fake systemd tpm path symbol.Ondrej Kozina1-2/+2
The prototype for the function in systemd has changed. Otrherwise the tests abort with SEGFAULT.
2023-11-15compat-test-opal does not depend on differ util.Ondrej Kozina1-1/+0
2023-11-15Speed up compat-test-opal valgrind test.Ondrej Kozina1-4/+8
By not testing cleanup routines repeatingly for leaks.
2023-11-15Enable valgrind tests in meson.Ondrej Kozina25-73/+538
2023-11-15Fix invalid comparison of bool and int types in root meson.build.Ondrej Kozina1-2/+2
2023-11-15Increase minimal meson version to 0.64Ondrej Kozina3-15/+4
It's inital cryptsetup upstream release with meson support so let's not pollute scripts with if-then-else branching from the very beginning.
2023-11-15CI: disable -Wdeclaration-after-statement warningDaniel Zatovic1-1/+0
2023-11-15Dont mix declarations with code.Daniel Zatovic1-5/+5
Move asserts after declarations.
2023-11-15Remove obsolate AC_C_CONST macro.Daniel Zatovic1-1/+0
The AC_C_CONST test program fails to compile under latest clang with -Wall -Werror, which results in erroneously defining "const" keyword to an empty string. The AC_C_CONST is considered obsolate.
2023-11-13CI: don't use non-existent meson flagDaniel Zatovic1-1/+1
An unknown -Dinternal-argon2=false flag was used, new meson version fails when it gets unknown flag. Use the correct -Dargon-implementation=internal flag instead.
2023-11-13CI: switch compilation test to Ubuntu Lunar (23.04)Daniel Zatovic2-4/+4
2023-11-13CI: switch Debian runner from 11 to 12Daniel Zatovic1-5/+5
2023-11-13tests: Temporarily disable veritysetup tasklet option test.Milan Broz1-2/+3
Kernel bug reporte here: https://lore.kernel.org/dm-devel/fa17b8d8-2d84-45c8-ac6a-1876f1f55a52@gmail.com/
2023-11-07tests: Clean up also dm-integrity device in OPAL testMilan Broz1-0/+1
2023-11-07Fix memory leaks detected in compat-test-opal.Ondrej Kozina2-5/+8
2023-11-06tests: Do not run OPAL test with valgrind if variables are not setMilan Broz1-1/+1
Otherwise it will break run with exit code 77.
2023-11-06Add hint about missing OPAL support in kernel.Ondrej Kozina1-1/+1
Unfortunately there is currently no way how to make difference between device lacking SED OPAL support state and kernel missing SED OPAL support via disabled interface via configure option.
2023-11-06Enable tests fixed with recent commits.Ondrej Kozina1-7/+0
2023-11-06Abort LUKS2 reencryption early if OPAL device used.Ondrej Kozina1-0/+5
2023-11-06Add LUKS2 OPAL requirement flag.Ondrej Kozina3-10/+30
2023-11-06Add more onlyLUKS helpers for convenience.Ondrej Kozina3-11/+21
2023-11-03Fix memory leak in kernel keyring keyslot context.Ondrej Kozina2-9/+5
The leak occured only when the context instance was used more than once.
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 22:55:29 +0000