1. 20 Mar, 2019 1 commit
  2. 08 Mar, 2019 1 commit
  3. 01 Mar, 2019 1 commit
  4. 07 Feb, 2019 1 commit
  5. 31 Jan, 2019 1 commit
  6. 25 Jan, 2019 2 commits
    • Milan Broz's avatar
    • Milan Broz's avatar
      Switch default cryptographic backend to OpenSSL. · bc3d0feb
      Milan Broz authored
      Cryptsetup/libcryptsetup currently supports several cryptographic
      library backends.
      The fully supported are libgcrypt, OpenSSL and kernel crypto API.
      FIPS mode extensions are maintained only for libgcrypt and OpenSSL.
      (Nettle and NSS are usable only for some subset of algorithms and
      cannot provide full backward compatibility.)
      For years, OpenSSL provided better performance for PBKDF.
      Since this commit, cryptsetup uses OpenSSL as the default backend.
      You can always switch to other backend by using a configure switch,
      for libgcrypt (compatibility for older distributions) use:
  7. 16 Jan, 2019 1 commit
  8. 14 Jan, 2019 1 commit
    • Milan Broz's avatar
      Do not require gcrypt-devel for authconfig. · c04d332b
      Milan Broz authored
      The gcrypt does not use standard pkgconfig detection and requires
      specific macro (part of gcrypt development fileS) to be present
      during autoconfigure.
      With other crypto backend, like OpenSSL, this makes no sense,
      so make this part of autoconfigure optional.
  9. 07 Jan, 2019 1 commit
    • Milan Broz's avatar
      Add keyslot encryption params. · 307a7ad0
      Milan Broz authored
      This patch makes available LUKS2 per-keyslot encryption settings to user.
      In LUKS2, keyslot can use different encryption that data.
      We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
      API calls to set/get this encryption.
      For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.
      The default keyslot encryption algorithm (if cannot be derived from data encryption)
      is now available as configure options (default is aes-xts-plain64 with 512-bits key).
      NOTE: default was increased from 256-bits.
  10. 02 Jan, 2019 1 commit
  11. 09 Nov, 2018 1 commit
  12. 07 Nov, 2018 1 commit
  13. 28 Oct, 2018 1 commit
  14. 14 Oct, 2018 1 commit
  15. 04 Oct, 2018 1 commit
  16. 07 Aug, 2018 4 commits
    • Milan Broz's avatar
      Fix configure typo in previous patch. · 31364c17
      Milan Broz authored
    • Milan Broz's avatar
      Make tests for strings in configure more consistent. · 5e56966e
      Milan Broz authored
      Intead of
        test x$enable_xyz = xyes;
        test "$enable_xyz" = "xyes"; then
    • Milan Broz's avatar
      Use AC_ARG_ENABLE consistently. · 1f951ed7
      Milan Broz authored
      AC_ARG_ENABLE(feature, ...) -> AC_ARG_ENABLE([feature], ...
    • joerichey@google.com's avatar
      Fix configure.ac formatting · ecd82f1f
      joerichey@google.com authored
      Currently, AC_ARG_[ENABLE|WITH] are used in multiple different ways.
      This change makes all their uses the same by following the style of
      the GNU manual:
        - AC_ARG_ENABLE(foo) should only define $enable_foo
        - Use the 2 argument form with a --enable_foo flag
        - Use the 4 argument form with a --disable_foo flag
        - Format all uses the same way
        - Always compare using: test "x$enable_foo" = "xyes"
      This makes the easier to debug, more readable, and shorter.
      This formatting fix also revealed a bug (fix submitted seperately).
  17. 03 Aug, 2018 1 commit
  18. 19 Jul, 2018 1 commit
  19. 11 Jul, 2018 3 commits
  20. 07 Jul, 2018 1 commit
    • Milan Broz's avatar
      Add optimized Argon2 SSE code. · ba384d15
      Milan Broz authored
      Note: it is always better to use external libargon2 library.
      Unfortunately, until Argon2 is in generic crypto libraries,
      we must sometimes use bundled version just for bureaucratic reasons.
      Let's include optimized variant of reference implementation as well.
      Note, this code will not add any SSE compiler switches.
      If --enable-internal-sse-argon2 option is used, it checks if current
      compilation flags support simple SSE progam and if so, it use
      the optimized variant.
      (Not tested for AVX optimizations; it expects that SSE is enabled as well.)
  21. 03 May, 2018 1 commit
  22. 25 Apr, 2018 1 commit
  23. 24 Apr, 2018 1 commit
  24. 04 Apr, 2018 2 commits
    • Milan Broz's avatar
      Move absolute path helper to m4 macro. · f7ad64a3
      Milan Broz authored
    • Eli Schwartz's avatar
      configure.ac: fix bashisms · 103d75f7
      Eli Schwartz authored
      In commits 9bcc97bc and
      5536b3a5 new features were
      added, which used bash-specific features in a POSIX sh script. This
      caused configure to completely fail with syntax errors on systems where
      /bin/sh was not symlinked to GNU bash.
      `==` is a bash-specific alias for `=` and should never, ever, ever be
      used since it offers no additional utility for bash but merely serves
      to confuse people writing POSIX.
      substring parameter expansion, e.g. `${with_tmpfilesdir:0:1}` is not
      POSIX but can be trivially replaced by case wildcards.
  25. 07 Mar, 2018 1 commit
  26. 01 Mar, 2018 1 commit
  27. 21 Jan, 2018 1 commit
  28. 17 Jan, 2018 1 commit
    • Milan Broz's avatar
      Introduce new 64bit *keyfile_device_offset functions. · f34ce81f
      Milan Broz authored
      The keyfile interface was designed, well, for keyfiles.
      Unfortunately, a keyfile can be placed on a device and the size_t offset
      can overflow.
      We have to introduce new set of fucntions that allows 64bit offsets even on 32bit systems:
       - crypt_resume_by_keyfile_device_offset
       - crypt_keyslot_add_by_keyfile_device_offset
       - crypt_activate_by_keyfile_device_offset
       - crypt_keyfile_device_read
      The new functions have added _device_ in name.
      Old functions are just internall wrappers around these.
      Also cryptsetup --keyfile-offset and --new-keyfile-offset must now
      process 64bit offsets.
      For more info see issue 359.
  29. 04 Jan, 2018 1 commit
    • Milan Broz's avatar
      Use /run/cryptsetup as default for cryptsetup locking dir. · 6f4c15b2
      Milan Broz authored
      There are problems with sharing /run/lock with lockdev and also in early boot
      we cannot create the whole subir chain.
      It is safe to switch to separate locking dir.
      This can be changed with --with-luks2-lock-path and --with-luks2-lock-dir-perms
      configure switches.
      See Issue#361 and issue#362.
  30. 17 Dec, 2017 1 commit
  31. 10 Dec, 2017 1 commit
  32. 05 Dec, 2017 1 commit
  33. 31 Oct, 2017 1 commit