packages/cryptsetup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!8 update package

Browse Source 
Merge pull request !8 from geruijun/master
This commit is contained in:
openeuler-ci-bot 2020-07-18 16:24:48 +08:00 committed by Gitee
commit 86f693517e
16 changed files with 49 additions and 737 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-Emit-error-message-for-converting-inactive-keyslot.patch
View File

@ -1,30 +0,0 @@
From 1c6d66fccc91ff37d7f991a3213bc33f5f6426b6 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Fri, 14 Sep 2018 11:18:48 +0200
Subject: [PATCH 040/324] Emit error message for converting inactive keyslot.
Fixes: #416.
---
src/cryptsetup.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 52efd71..cc3520c 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1535,6 +1535,12 @@ static int action_luksConvertKey(void)
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL)))
goto out;
+ if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_INACTIVE) {
+ r = -EINVAL;
+ log_err(_("Keyslot %d is not active."), opt_key_slot);
+ goto out;
+ }
+
r = set_pbkdf_params(cd, crypt_get_type(cd));
if (r) {
log_err(_("Failed to set pbkdf parameters."));
--
2.19.1

23
0000-cryptsetup-add-system-library-paths.patch → 0001-cryptsetup-add-system-library-paths.patch
View File

@ -1,7 +1,17 @@
diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure
--- cryptsetup-2.0.4.old/configure 2018-08-03 12:31:52.000000000 +0200
+++ cryptsetup-2.0.4/configure 2018-08-03 13:42:50.605275535 +0200
@@ -12300,6 +12300,9 @@ fi
From b4d26d1500682dc375759c0ed16677197a433c64 Mon Sep 17 00:00:00 2001
From: geruijun <geruijun@huawei.com>
Date: Sat, 18 Jul 2020 10:29:43 +0800
Subject: [PATCH 1/2] cryptsetup add system library paths
---
configure | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index 145be42..7643af8 100755
--- a/configure
+++ b/configure
@@ -12294,6 +12294,9 @@ fi
# before this can be enabled.
hardcode_into_libs=yes
@ -11,7 +21,7 @@ diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure
# Ideally, we could use ldconfig to report *all* directores which are
# searched for libraries, however this is still not possible. Aside from not
# being certain /sbin/ldconfig is available, command
@@ -12308,7 +12311,7 @@ fi
@@ -12302,7 +12305,7 @@ fi
# appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
@ -20,3 +30,6 @@ diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure
fi
# We used to test for /lib/ld.so.1 and disable shared libraries on
--
1.8.3.1

103
0002-Move-blkid-scan-after-device-context-initialization.patch
View File

@ -1,103 +0,0 @@
From b93b67633676e4b9ae627532774c60661e3a1613 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 24 Sep 2018 14:58:16 +0200
Subject: [PATCH 041/324] Move blkid scan after device context initialization.
Fixes bug with misleading error message when target device
does not exist.
---
src/cryptsetup.c | 30 ++++++++++++++++--------------
src/integritysetup.c | 20 +++++++++++---------
2 files changed, 27 insertions(+), 23 deletions(-)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index cc3520c..371948f 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -987,20 +987,6 @@ static int action_luksFormat(void)
header_device = opt_header_device ?: action_argv[0];
- /* Print all present signatures in read-only mode */
- r = tools_detect_signatures(header_device, 0, &signatures);
- if (r < 0)
- return r;
-
- r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device);
- if (r == -1)
- return -ENOMEM;
-
- r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
- free(msg);
- if (r < 0)
- return r;
-
r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
cipher, NULL, cipher_mode);
if (r < 0) {
@@ -1028,6 +1014,22 @@ static int action_luksFormat(void)
return r;
}
+ /* Print all present signatures in read-only mode */
+ r = tools_detect_signatures(header_device, 0, &signatures);
+ if (r < 0)
+ goto out;
+
+ r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device);
+ if (r == -1) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ if (r < 0)
+ goto out;
+
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize;
if (opt_random)
diff --git a/src/integritysetup.c b/src/integritysetup.c
index c1c31ee..a3b382f 100644
--- a/src/integritysetup.c
+++ b/src/integritysetup.c
@@ -209,24 +209,26 @@ static int action_format(int arg)
params.journal_crypt = journal_crypt;
}
- r = tools_detect_signatures(action_argv[0], 0, &signatures);
+ r = _read_keys(&integrity_key, &params);
+ if (r)
+ goto out;
+
+ r = crypt_init(&cd, action_argv[0]);
if (r < 0)
- return r;
+ goto out;
r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]);
- if (r == -1)
- return -ENOMEM;
+ if (r == -1) {
+ r = -ENOMEM;
+ goto out;
+ }
r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
free(msg);
if (r < 0)
- return r;
-
- r = _read_keys(&integrity_key, &params);
- if (r)
goto out;
- r = crypt_init(&cd, action_argv[0]);
+ r = tools_detect_signatures(action_argv[0], 0, &signatures);
if (r < 0)
goto out;
--
2.19.1

46
0013-fix-blockwise-compat-and-compat-test.patch → 0002-fix-compat-test.patch
View File

@ -1,30 +1,17 @@
From 6787f5239975b9fa65f36dadbd37486246827d1c Mon Sep 17 00:00:00 2001
From f73c9760f43897fce0d6aa32042f751a2e7d0de0 Mon Sep 17 00:00:00 2001
From: hanzhijun <hanzhijun1@huawei.com>
Date: Mon, 6 May 2019 16:23:24 +0800
Subject: [PATCH] Fix blockwise compat and compat test failure
Date: Sat, 18 Jul 2020 10:30:03 +0800
Subject: [PATCH 2/2] fix compat test
---
tests/blockwise-compat | 2 +-
tests/compat-test | 15 ++++++++-------
2 files changed, 9 insertions(+), 8 deletions(-)
tests/compat-test | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/tests/blockwise-compat b/tests/blockwise-compat
index da94ce8..64870dd 100755
--- a/tests/blockwise-compat
+++ b/tests/blockwise-compat
@@ -65,7 +65,7 @@
}
falloc() {
- fallocate -l"$1"m $2 2>/dev/null || dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null
+ dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null
}
run_all_in_fs() {
diff --git a/tests/compat-test b/tests/compat-test
--- a/tests/compat-test 2019-04-30 14:21:49.588000000 +0800
+++ b/tests/compat-test 2019-04-30 15:01:33.524000000 +0800
@@ -21,6 +21,7 @@
index a61453e..7ee946e 100755
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -22,6 +22,7 @@ PWD0="compatkey"
PWD1="93R4P4pIqAH8"
PWD2="mymJeD8ivEhE"
PWD3="ocMakf3fAcQO"
@ -32,7 +19,7 @@ diff --git a/tests/compat-test b/tests/compat-test
PWDW="rUkL4RUryBom"
VK_FILE="compattest_vkfile"
@@ -193,17 +194,17 @@
@@ -225,17 +226,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
echo "[4] change key"
@ -51,12 +38,12 @@ diff --git a/tests/compat-test b/tests/compat-test
# check if keys were deleted
-echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
+echo $PWD4 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
@@ -803,16 +804,16 @@
[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
@@ -867,16 +868,16 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
send "YES\n"
expect timeout abort "Enter passphrase for $LOOPDEV:"
expect timeout abort "Enter passphrase for $EXPECT_DEV:"
sleep 0.1
-send "$PWD0\n"
+send "$PWD4\n"
@ -67,10 +54,13 @@ diff --git a/tests/compat-test b/tests/compat-test
expect timeout abort "Command successful."
expect timeout abort eof
eval spawn $CRYPTSETUP luksOpen -v $LOOPDEV --test-passphrase
expect timeout abort "Enter passphrase for $LOOPDEV:"
expect timeout abort "Enter passphrase for $EXPECT_DEV:"
sleep 0.1
-send "$PWD0\n"
+send "$PWD4\n"
expect timeout abort "Command successful."
expect timeout abort eof
exit
--
1.8.3.1

110
0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch
View File

@ -1,110 +0,0 @@
From ee689d88b4bd9584272e01f1c467aa4648280004 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 24 Sep 2018 15:38:05 +0200
Subject: [PATCH 042/324] Add blkid scan when attemting to open plain device.
Warn user about existing device signatures on candidate ciphertext
device and prompt for action confirmation.
Fixes #411.
---
src/cryptsetup.c | 27 ++++++++++++++++++++++++---
tests/device-test | 6 +++---
tests/discards-test | 2 +-
3 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 371948f..90fc703 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -166,7 +166,7 @@ static void _set_activation_flags(uint32_t *flags)
static int action_open_plain(void)
{
struct crypt_device *cd = NULL;
- char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
+ char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
struct crypt_params_plain params = {
.hash = opt_hash ?: DEFAULT_PLAIN_HASH,
.skip = opt_skip,
@@ -175,8 +175,8 @@ static int action_open_plain(void)
.sector_size = opt_sector_size,
};
char *password = NULL;
- size_t passwordLen, key_size_max;
- size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
+ size_t passwordLen, key_size_max, signatures,
+ key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
uint32_t activate_flags = 0;
int r;
@@ -205,6 +205,27 @@ static int action_open_plain(void)
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
+ /* Skip blkid scan when activating plain device with offset */
+ if (!opt_offset) {
+ /* Print all present signatures in read-only mode */
+ r = tools_detect_signatures(action_argv[0], 0, &signatures);
+ if (r < 0)
+ goto out;
+ }
+
+ if (signatures) {
+ r = asprintf(&msg, _("Detected device signature(s) on %s. Proceeding further may damage existing data."), action_argv[0]);
+ if (r == -1) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ if (r < 0)
+ goto out;
+ }
+
r = crypt_format(cd, CRYPT_PLAIN,
cipher, cipher_mode,
NULL, NULL,
diff --git a/tests/device-test b/tests/device-test
index b9ba98d..c49eb84 100755
--- a/tests/device-test
+++ b/tests/device-test
@@ -97,11 +97,11 @@ if [ -z "$DM_PERF_CPU" ]; then
SKIP_COUNT=$((SKIP_COUNT+1))
else
# plain
- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
$CRYPTSETUP close $DEV_NAME || fail
- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
$CRYPTSETUP close $DEV_NAME || fail
@@ -152,7 +152,7 @@ else
echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail
for S in 512 1024 2048 4096; do
echo -n "[$S]"
- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size $S || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --sector-size $S || fail
check_sector_size $S
$CRYPTSETUP close $DEV_NAME || fail
done
diff --git a/tests/discards-test b/tests/discards-test
index 5ffe7ab..476c04d 100755
--- a/tests/discards-test
+++ b/tests/discards-test
@@ -74,7 +74,7 @@ dmsetup table $DEV_NAME | grep allow_discards >/dev/null || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
echo "[2] Allowing discards for plain device"
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $DEV --hash sha1 --allow-discards || fail
+echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail
$CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
$CRYPTSETUP resize $DEV_NAME --size 100 || fail
$CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
--
2.19.1

25
0004-Wiping-empty-device-should-not-fail.patch
View File

@ -1,25 +0,0 @@
From 879e06db39cb2d1113bb64a9ec0b5480cb837fca Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 11 Oct 2018 15:38:56 +0200
Subject: [PATCH 061/324] Wiping empty device should not fail.
---
lib/utils_wipe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
index 77550c7..04cc531 100644
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -161,7 +161,7 @@ int crypt_wipe_device(struct crypt_device *cd,
return errno ? -errno : -EINVAL;
r = device_size(device, &dev_size);
- if (r)
+ if (r || dev_size == 0)
goto out;
if (length) {
--
2.19.1

26
0005-Do-not-copy-buffer-if-read-fails.patch
View File

@ -1,26 +0,0 @@
From 31532adf8636f9795ab5f077ace4e3f00148d399 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 11 Oct 2018 15:39:31 +0200
Subject: [PATCH 062/324] Do not copy buffer if read fails.
---
lib/utils_io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/utils_io.c b/lib/utils_io.c
index 1facac0..d7e1cbe 100644
--- a/lib/utils_io.c
+++ b/lib/utils_io.c
@@ -184,7 +184,8 @@ ssize_t read_blockwise(int fd, size_t bsize, size_t alignment,
out:
free(hangover_buf);
if (buf != orig_buf) {
- memcpy(orig_buf, buf, length);
+ if (ret == length)
+ memcpy(orig_buf, buf, length);
free(buf);
}
return ret;
--
2.19.1

27
0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch
View File

@ -1,27 +0,0 @@
From 36e883967538069d81634bd2e6fa188732f0a77a Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 11 Oct 2018 21:19:35 +0200
Subject: [PATCH 066/324] Do not fail if device is smaller than requested wipe
size.
---
lib/utils_wipe.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
index 04cc531..b1afc0f 100644
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -164,6 +164,9 @@ int crypt_wipe_device(struct crypt_device *cd,
if (r || dev_size == 0)
goto out;
+ if (dev_size < length)
+ length = 0;
+
if (length) {
if ((dev_size <= offset) || (dev_size - offset) < length) {
r = -EINVAL;
--
2.19.1

30
0007-Do-not-print-error-for-used-device-twice.patch
View File

@ -1,30 +0,0 @@
From bebd2fe7e7ca0d70981e50b919b3d230e9c945de Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Fri, 12 Oct 2018 09:44:28 +0200
Subject: [PATCH 067/324] Do not print error for used device twice.
---
lib/setup.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lib/setup.c b/lib/setup.c
index e8ba704..9607bed 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -1540,12 +1540,8 @@ static int _crypt_format_luks2(struct crypt_device *cd,
}
r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL);
- if (r < 0) {
- log_err(cd, _("Cannot use device %s which is in use "
- "(already mapped or mounted)."),
- device_path(crypt_metadata_device(cd)));
+ if (r < 0)
return r;
- }
if (!(cd->type = strdup(CRYPT_LUKS2)))
return -ENOMEM;
--
2.19.1

29
0008-Fix-issues-found-by-Coverity-scan.patch
View File

@ -1,29 +0,0 @@
From 27eaf46c8a4e512588792725a2a27afd4648700d Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sun, 14 Oct 2018 21:47:11 +0200
Subject: [PATCH 077/324] Fix issues found by Coverity scan.
- possible overflow of data offset calculation in wipe and
- dereferencing of pointer in a keyring error path.
---
lib/luks1/keymanage.c | 2 +-
lib/utils_keyring.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c
index 2631405..35bf32b 100644
--- a/lib/utils_keyring.c
+++ b/lib/utils_keyring.c
@@ -133,7 +133,8 @@ int keyring_get_passphrase(const char *key_desc,
if (ret < 0) {
err = errno;
- crypt_memzero(buf, len);
+ if (buf)
+ crypt_memzero(buf, len);
free(buf);
return -err;
}
--
2.19.1

104
0009-Properly-propagate-error-from-AF-diffuse-function.patch
View File

@ -1,104 +0,0 @@
From 36c26b690370ce9a9fcf274bc97a5a50a3fd0e33 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 20 Nov 2018 15:25:53 +0100
Subject: [PATCH 101/324] Properly propagate error from AF diffuse function.
---
lib/luks1/af.c | 38 ++++++++++++++++++++++----------------
1 file changed, 22 insertions(+), 16 deletions(-)
diff --git a/lib/luks1/af.c b/lib/luks1/af.c
index af6c1af..3d7cf0b 100644
--- a/lib/luks1/af.c
+++ b/lib/luks1/af.c
@@ -64,31 +64,34 @@ out:
/* diffuse: Information spreading over the whole dataset with
* the help of hash function.
*/
-
static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
{
int hash_size = crypt_hash_size(hash_name);
unsigned int digest_size;
- unsigned int i, blocks, padding;
+ unsigned int i, r, blocks, padding;
if (hash_size <= 0)
- return 1;
+ return -EINVAL;
digest_size = hash_size;
blocks = size / digest_size;
padding = size % digest_size;
- for (i = 0; i < blocks; i++)
- if(hash_buf(src + digest_size * i,
+ for (i = 0; i < blocks; i++) {
+ r = hash_buf(src + digest_size * i,
dst + digest_size * i,
- i, (size_t)digest_size, hash_name))
- return 1;
+ i, (size_t)digest_size, hash_name);
+ if (r < 0)
+ return r;
+ }
- if(padding)
- if(hash_buf(src + digest_size * i,
+ if (padding) {
+ r = hash_buf(src + digest_size * i,
dst + digest_size * i,
- i, (size_t)padding, hash_name))
- return 1;
+ i, (size_t)padding, hash_name);
+ if (r < 0)
+ return r;
+ }
return 0;
}
@@ -104,17 +107,19 @@ int AF_split(const char *src, char *dst, size_t blocksize,
{
unsigned int i;
char *bufblock;
- int r = -EINVAL;
+ int r;
if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
/* process everything except the last block */
for(i=0; i<blocknumbers-1; i++) {
r = crypt_random_get(NULL, dst+(blocksize*i), blocksize, CRYPT_RND_NORMAL);
- if(r < 0) goto out;
+ if (r < 0)
+ goto out;
XORblock(dst+(blocksize*i),bufblock,bufblock,blocksize);
- if(diffuse(bufblock, bufblock, blocksize, hash))
+ r = diffuse(bufblock, bufblock, blocksize, hash);
+ if (r < 0)
goto out;
}
/* the last block is computed */
@@ -130,7 +135,7 @@ int AF_merge(const char *src, char *dst, size_t blocksize,
{
unsigned int i;
char *bufblock;
- int r = -EINVAL;
+ int r;
if((bufblock = calloc(blocksize, 1)) == NULL)
return -ENOMEM;
@@ -138,7 +143,8 @@ int AF_merge(const char *src, char *dst, size_t blocksize,
memset(bufblock,0,blocksize);
for(i=0; i<blocknumbers-1; i++) {
XORblock(src+(blocksize*i),bufblock,bufblock,blocksize);
- if(diffuse(bufblock, bufblock, blocksize, hash))
+ r = diffuse(bufblock, bufblock, blocksize, hash);
+ if (r < 0)
goto out;
}
XORblock(src + blocksize * i, bufblock, dst, blocksize);
--
2.19.1

74
0010-Check-for-device-size-and-sector-size-misalignment.patch
View File

@ -1,74 +0,0 @@
From 18c92103423ffb312a49509881da4692eb98d9e9 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sat, 24 Nov 2018 17:47:55 +0100
Subject: [PATCH 106/324] Check for device size and sector size misalignment.
Kernel prevents activation of device that is not aligned
to requested sector size.
Add early check to plain and LUKS2 formats to disallow
creation of such a device.
(Activation will fail in kernel later anyway.)
Fixes #390.
---
lib/setup.c | 20 ++++++++++++
tests/align-test | 53 +++++++++++++++++++++++++++---
tests/align-test2 | 83 +++++++++++++++++++++++++++++++++--------------
3 files changed, 127 insertions(+), 29 deletions(-)
diff --git a/lib/setup.c b/lib/setup.c
index a07c29c..ef4d453 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -1321,6 +1321,7 @@ static int _crypt_format_plain(struct crypt_device *cd,
struct crypt_params_plain *params)
{
unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE;
+ uint64_t dev_size;
if (!cipher || !cipher_mode) {
log_err(cd, _("Invalid plain crypt parameters."));
@@ -1347,6 +1348,15 @@ static int _crypt_format_plain(struct crypt_device *cd,
return -EINVAL;
}
+ if (sector_size > SECTOR_SIZE && !device_size(cd->device, &dev_size)) {
+ if (params && params->offset)
+ dev_size -= (params->offset * SECTOR_SIZE);
+ if (dev_size % sector_size) {
+ log_err(cd, _("Device size is not aligned to requested sector size."));
+ return -EINVAL;
+ }
+ }
+
if (!(cd->type = strdup(CRYPT_PLAIN)))
return -ENOMEM;
@@ -1472,6 +1482,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
unsigned long alignment_offset = 0;
unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE;
const char *integrity = params ? params->integrity : NULL;
+ uint64_t dev_size;
cd->u.luks2.hdr.jobj = NULL;
@@ -1578,6 +1589,15 @@ static int _crypt_format_luks2(struct crypt_device *cd,
if (r < 0)
goto out;
+ if (!integrity && sector_size > SECTOR_SIZE && !device_size(crypt_data_device(cd), &dev_size)) {
+ dev_size -= (crypt_get_data_offset(cd) * SECTOR_SIZE);
+ if (dev_size % sector_size) {
+ log_err(cd, _("Device size is not aligned to requested sector size."));
+ r = -EINVAL;
+ goto out;
+ }
+ }
+
if (params && (params->label || params->subsystem)) {
r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr,
params->label, params->subsystem, 0);
--
2.19.1

25
0011-Fix-a-possible-NULL-pointer-in-opt_type.patch
View File

@ -1,25 +0,0 @@
From 6dc2f7231b5f03d1b9322725798de16cadd99330 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 21 Jan 2019 14:07:33 +0100
Subject: [PATCH 208/324] Fix a possible NULL pointer in opt_type.
---
src/cryptsetup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 13461b2..f140136 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -2609,7 +2609,7 @@ int main(int argc, const char **argv)
poptGetInvocationName(popt_context));
if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") &&
- (strcmp(aname, "open") || strcmp(opt_type, "tcrypt")))
+ (strcmp(aname, "open") || !opt_type || strcmp(opt_type, "tcrypt")))
usage(popt_context, EXIT_FAILURE,
_("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"),
poptGetInvocationName(popt_context));
--
2.19.1

49
0012-Upstream-fixes-to-bundled-Argon2-code.patch
View File

@ -1,49 +0,0 @@
From 238b18b8ac339c09e11a913b913dffe03902edb5 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Wed, 13 Mar 2019 08:24:15 +0100
Subject: [PATCH 293/324] Upstream fixes to bundled Argon2 code.
Wait for already running threads if a thread creation failed.
Use explicit_bzero() on recent glibc versions.
(Without fixed logic, we have already macro definition through automake.)
Fixes #444.
---
lib/crypto_backend/argon2/core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
index 8e0a2a5..f5b0067 100644
--- a/lib/crypto_backend/argon2/core.c
+++ b/lib/crypto_backend/argon2/core.c
@@ -125,7 +125,7 @@ void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
SecureZeroMemory(v, n);
#elif defined memset_s
memset_s(v, n, 0, n);
-#elif defined(__OpenBSD__)
+#elif defined(HAVE_EXPLICIT_BZERO)
explicit_bzero(v, n);
#else
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
@@ -299,7 +299,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
for (r = 0; r < instance->passes; ++r) {
for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
- uint32_t l;
+ uint32_t l, ll;
/* 2. Calling threads */
for (l = 0; l < instance->lanes; ++l) {
@@ -324,6 +324,9 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
sizeof(argon2_position_t));
if (argon2_thread_create(&thread[l], &fill_segment_thr,
(void *)&thr_data[l])) {
+ /* Wait for already running threads */
+ for (ll = 0; ll < l; ++ll)
+ argon2_thread_join(thread[ll]);
rc = ARGON2_THREAD_FAIL;
goto fail;
}
--
2.19.1

BIN
cryptsetup-2.0.4.tar.xz → cryptsetup-2.3.3.tar.xz
View File

Binary file not shown.

85
cryptsetup.spec
View File

@ -1,39 +1,24 @@
Name: cryptsetup
Version: 2.0.4
Release: 3
Version: 2.3.3
Release: 1
Summary: Utility used to conveniently set up disk encryption
License: GPLv2+ and LGPLv2+
URL: https://gitlab.com/cryptsetup/cryptsetup
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz
Patch1: 0001-cryptsetup-add-system-library-paths.patch
Patch2: 0002-fix-compat-test.patch
Patch0: 0000-cryptsetup-add-system-library-paths.patch
Patch1: 0001-Emit-error-message-for-converting-inactive-keyslot.patch
Patch2: 0002-Move-blkid-scan-after-device-context-initialization.patch
Patch3: 0003-Add-blkid-scan-when-attemting-to-open-plain-device.patch
Patch4: 0004-Wiping-empty-device-should-not-fail.patch
Patch5: 0005-Do-not-copy-buffer-if-read-fails.patch
Patch6: 0006-Do-not-fail-if-device-is-smaller-than-requested-wipe.patch
Patch7: 0007-Do-not-print-error-for-used-device-twice.patch
Patch8: 0008-Fix-issues-found-by-Coverity-scan.patch
Patch9: 0009-Properly-propagate-error-from-AF-diffuse-function.patch
Patch10: 0010-Check-for-device-size-and-sector-size-misalignment.patch
Patch11: 0011-Fix-a-possible-NULL-pointer-in-opt_type.patch
Patch12: 0012-Upstream-fixes-to-bundled-Argon2-code.patch
Patch13: 0013-fix-blockwise-compat-and-compat-test.patch
BuildRequires: openssl-devel, popt-devel, device-mapper-devel git
BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel libblkid-devel
BuildRequires: python2-devel python3-devel
BuildRequires: openssl-devel, popt-devel, device-mapper-devel, git
BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
Requires: libpwquality >= 1.2.0
Provides: %{name}-luks = %{version}-%{release}
Obsoletes: %{name}-luks < 1.4.0
Provides: %{name}-libs %{name}-libs%{?_isa}
Obsoletes: %{name}-libs
%{!?python_sitearch: %global python_sitearch %(%{__python} -c \
"from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Obsoletes: python2-%{name} < 2.1.0
Obsoletes: %{name}-python3 < 2.1.0
%description
cryptsetup is a utility used to conveniently set up disk encryption based
@ -70,28 +55,6 @@ Requires: %{name} = %{version}-%{release}
%description reencrypt
It contains a utility for reencryption encrypted disks.
%package -n python2-cryptsetup
Summary: cryptsetup python2 version
Requires: %{name} = %{version}-%{release}
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
Obsoletes: python-cryptsetup < 1.4.0
%description -n python2-cryptsetup
It contains python2 bindings for libcryptsetup.
%package python3
Summary: cryptsetup python3 version
Requires: %{name} = %{version}-%{release}
%{?python_provide:%python_provide python3-cryptsetup}
Provides: python3-cryptsetup = %{version}-%{release}
%description python3
It contains python3 bindings for libcryptsetup.
%package help
Summary: Including man files for cryptsetup
BuildArch: noarch
@ -103,21 +66,12 @@ This contains man files for the using of cryptsetup.
%prep
%autosetup -n %{name}-%{version} -p1 -S git
cp -a . %{py3dir}
%build
%configure --enable-python --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl
%configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl
%make_build
pushd %{py3dir}
%configure --enable-python --with-python_version=3 --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl
%make_build
popd
%install
%make_install
%make_install -C %{py3dir}
%find_lang cryptsetup
%post -n cryptsetup -p /sbin/ldconfig
@ -133,14 +87,12 @@ popd
%ghost %dir /run/cryptsetup
%exclude %{_libdir}/*.la
%files devel
%doc docs/examples/*
%{_libdir}/libcryptsetup.so
%{_includedir}/libcryptsetup.h
%{_libdir}/pkgconfig/libcryptsetup.pc
%files -n veritysetup
%{_sbindir}/veritysetup
@ -151,24 +103,13 @@ popd
%doc %attr(644,-,-)misc/dracut_90reencrypt
%{_sbindir}/cryptsetup-reencrypt
%files -n python2-cryptsetup
%doc python/pycryptsetup-test.py
%{python2_sitearch}/pycryptsetup.so
%exclude %{python2_sitearch}/pycryptsetup.la
%files python3
%doc python/pycryptsetup-test.py
%{python3_sitearch}/pycryptsetup.so
%exclude %{python3_sitearch}/pycryptsetup.la
%files help
%{_mandir}/man8/*
%changelog
* Sat Jul 18 2020 Ruijun Ge <geruijun@huawei.com> - 2.3.3-1
- update to 2.3.3 version
* Tue Jun 30 2020 Zhiqiang Liu <liuzhiqiang26@huawei.com> - 2.0.4-3
- renumber patches.