"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/docs/v1.4.3-ReleaseNotes" (12 Jun 2012, 2359 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Cryptsetup 1.4.3 Release Notes
    2 ==============================
    3 
    4 Changes since version 1.4.2
    5 
    6 * Fix readonly activation if underlying device is readonly (1.4.0).
    7 
    8 * Fix loop mapping on readonly file.
    9 
   10 * Include stddef.h in libdevmapper.h (size_t definition).
   11 
   12 * Fix keyslot removal for device with 4k hw block (1.4.0).
   13 (Wipe keyslot failed in this case.)
   14 
   15 * Relax --shared flag to allow mapping even for overlapping segments.
   16 
   17   The --shared flag (and API CRYPT_ACTIVATE_SHARED flag) is now able
   18   to map arbitrary overlapping area. From API it is even usable
   19   for LUKS devices.
   20   It is user responsibility to not cause data corruption though.
   21 
   22   This allows e.g. scubed to work again and also allows some
   23   tricky extensions later.
   24 
   25 * Allow empty cipher (cipher_null) for testing.
   26 
   27   You can now use "null" (or directly cipher_null-ecb) in cryptsetup.
   28   This means no encryption, useful for performance tests
   29   (measure dm-crypt layer overhead).
   30 
   31 * Switch on retry on device remove for libdevmapper.
   32   Device-mapper now retry removal if device is busy.
   33 
   34 * Allow "private" activation (skip some udev global rules) flag.
   35   Cryptsetup library API now allows to specify CRYPT_ACTIVATE_PRIVATE,
   36   which means that some udev rules are not processed.
   37   (Used for temporary devices, like internal keyslot mappings where
   38   it is not desirable to run any device scans.)
   39 
   40 * This release also includes some Red Hat/Fedora specific extensions
   41 related to FIPS140-2 compliance.
   42 
   43 In fact, all these patches are more formal changes and are just subset
   44 of building blocks for FIPS certification. See FAQ for more details
   45 about FIPS.
   46 
   47 FIPS extensions are enabled by using --enable-fips configure switch.
   48 
   49 In FIPS mode (kernel booted with fips=1 and gcrypt in FIPS mode)
   50 
   51   - it provides library and binary integrity verification using
   52   libfipscheck (requires pre-generated checksums)
   53 
   54   - it uses FIPS approved RNG for encryption key and salt generation
   55   (note that using /dev/random is not formally FIPS compliant RNG).
   56 
   57  - only gcrypt crypto backend is currently supported in FIPS mode.
   58 
   59 The FIPS RNG requirement for salt comes from NIST SP 800-132 recommendation.
   60 (Recommendation for Password-Based Key Derivation. Part 1: Storage Applications.
   61 http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf)
   62 LUKS should be aligned to this recommendation otherwise.