"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/setup.c" between
cryptsetup-2.4.2.tar.xz and cryptsetup-2.4.3.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

setup.c  (cryptsetup-2.4.2.tar.xz):setup.c  (cryptsetup-2.4.3.tar.xz)
skipping to change at line 3956 skipping to change at line 3956
if (dmd->flags & CRYPT_ACTIVATE_REFRESH) if (dmd->flags & CRYPT_ACTIVATE_REFRESH)
r = _reload_device_with_integrity(cd, name, iname, ipath, dmd, dm di); r = _reload_device_with_integrity(cd, name, iname, ipath, dmd, dm di);
else else
r = _create_device_with_integrity(cd, type, name, iname, ipath, d md, dmdi); r = _create_device_with_integrity(cd, type, name, iname, ipath, d md, dmdi);
out: out:
free(ipath); free(ipath);
return r; return r;
} }
static int load_all_keys(struct crypt_device *cd, struct luks2_hdr *hdr, struct
volume_key *vks)
{
int r;
struct volume_key *vk = vks;
while (vk) {
r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt
_volume_key_get_id(vk));
if (r < 0)
return r;
vk = crypt_volume_key_next(vk);
}
return 0;
}
/* See fixmes in _open_and_activate_luks2 */ /* See fixmes in _open_and_activate_luks2 */
int update_reencryption_flag(struct crypt_device *cd, int enable, bool commit); int update_reencryption_flag(struct crypt_device *cd, int enable, bool commit);
/* TODO: This function should 1:1 with pre-reencryption code */ /* TODO: This function should 1:1 with pre-reencryption code */
static int _open_and_activate(struct crypt_device *cd, static int _open_and_activate(struct crypt_device *cd,
int keyslot, int keyslot,
const char *name, const char *name,
const char *passphrase, const char *passphrase,
size_t passphrase_size, size_t passphrase_size,
uint32_t flags) uint32_t flags)
skipping to change at line 4018 skipping to change at line 4003
if (name) if (name)
r = LUKS2_activate(cd, name, vk, flags); r = LUKS2_activate(cd, name, vk, flags);
out: out:
if (r < 0) if (r < 0)
crypt_drop_keyring_key(cd, vk); crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
return r < 0 ? r : keyslot; return r < 0 ? r : keyslot;
} }
#if USE_LUKS2_REENCRYPTION
static int load_all_keys(struct crypt_device *cd, struct luks2_hdr *hdr, struct
volume_key *vks)
{
int r;
struct volume_key *vk = vks;
while (vk) {
r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt
_volume_key_get_id(vk));
if (r < 0)
return r;
vk = crypt_volume_key_next(vk);
}
return 0;
}
static int _open_all_keys(struct crypt_device *cd, static int _open_all_keys(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int keyslot, int keyslot,
const char *passphrase, const char *passphrase,
size_t passphrase_size, size_t passphrase_size,
uint32_t flags, uint32_t flags,
struct volume_key **vks) struct volume_key **vks)
{ {
int r, segment; int r, segment;
struct volume_key *_vks = NULL; struct volume_key *_vks = NULL;
skipping to change at line 4132 skipping to change at line 4133
if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size)) if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size))
goto out; goto out;
if (!vks) { if (!vks) {
r = _open_all_keys(cd, hdr, keyslot, passphrase, passphrase_size, flags, &vks); r = _open_all_keys(cd, hdr, keyslot, passphrase, passphrase_size, flags, &vks);
if (r >= 0) if (r >= 0)
keyslot = r; keyslot = r;
} }
if (r >= 0) {
r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
if (r < 0)
goto out;
}
log_dbg(cd, "Entering clean reencryption state mode."); log_dbg(cd, "Entering clean reencryption state mode.");
if (r >= 0) if (r >= 0)
r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &dev ice_size, true, dynamic_size); r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &dev ice_size, true, dynamic_size);
if (r >= 0) if (r >= 0)
r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHI FT, flags); r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHI FT, flags);
out: out:
LUKS2_reencrypt_unlock(cd, reencrypt_lock); LUKS2_reencrypt_unlock(cd, reencrypt_lock);
if (r < 0) if (r < 0)
skipping to change at line 4159 skipping to change at line 4166
* Activation/deactivation of a device * Activation/deactivation of a device
*/ */
static int _open_and_activate_luks2(struct crypt_device *cd, static int _open_and_activate_luks2(struct crypt_device *cd,
int keyslot, int keyslot,
const char *name, const char *name,
const char *passphrase, const char *passphrase,
size_t passphrase_size, size_t passphrase_size,
uint32_t flags) uint32_t flags)
{ {
crypt_reencrypt_info ri; crypt_reencrypt_info ri;
int r; int r, rv;
struct luks2_hdr *hdr = &cd->u.luks2.hdr; struct luks2_hdr *hdr = &cd->u.luks2.hdr;
struct volume_key *vks = NULL;
ri = LUKS2_reencrypt_status(hdr); ri = LUKS2_reencrypt_status(hdr);
if (ri == CRYPT_REENCRYPT_INVALID) if (ri == CRYPT_REENCRYPT_INVALID)
return -EINVAL; return -EINVAL;
if (ri > CRYPT_REENCRYPT_NONE) { if (ri > CRYPT_REENCRYPT_NONE) {
if (name) if (name)
r = _open_and_activate_reencrypt_device(cd, hdr, keyslot, name, passphrase, r = _open_and_activate_reencrypt_device(cd, hdr, keyslot, name, passphrase,
passphrase_size, flags); passphrase_size, flags);
else else {
r = _open_all_keys(cd, hdr, keyslot, passphrase, r = _open_all_keys(cd, hdr, keyslot, passphrase,
passphrase_size, flags, NULL); passphrase_size, flags, &vks);
if (r < 0)
return r;
rv = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
crypt_free_volume_key(vks);
if (rv < 0)
return rv;
}
} else } else
r = _open_and_activate(cd, keyslot, name, passphrase, r = _open_and_activate(cd, keyslot, name, passphrase,
passphrase_size, flags); passphrase_size, flags);
return r; return r;
} }
#else
static int _open_and_activate_luks2(struct crypt_device *cd,
int keyslot,
const char *name,
const char *passphrase,
size_t passphrase_size,
uint32_t flags)
{
crypt_reencrypt_info ri;
ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr);
if (ri == CRYPT_REENCRYPT_INVALID)
return -EINVAL;
if (ri > CRYPT_REENCRYPT_NONE) {
log_err(cd, _("This operation is not supported for this device ty
pe."));
return -ENOTSUP;
}
return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size,
flags);
}
#endif
static int _activate_by_passphrase(struct crypt_device *cd, static int _activate_by_passphrase(struct crypt_device *cd,
const char *name, const char *name,
int keyslot, int keyslot,
const char *passphrase, const char *passphrase,
size_t passphrase_size, size_t passphrase_size,
uint32_t flags) uint32_t flags)
{ {
int r; int r;
struct volume_key *vk = NULL; struct volume_key *vk = NULL;
 End of changes. 8 change blocks. 
20 lines changed or deleted 60 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)