summarylogtreecommitdiffstats
path: root/util-linux-2.34.diff
diff options
context:
space:
mode:
authorNarrat2020-06-12 17:47:21 +0200
committerNarrat2020-06-12 17:48:07 +0200
commitb2b1b30ee15f0d9e17a64eeb5d631eb02cb41842 (patch)
tree744a42afbac980979877b678dcf103a259ec3e98 /util-linux-2.34.diff
parent733b8a0b2bfbecc8a0a4997d4e5d5d45d75c074b (diff)
downloadaur-util-linux-aes.tar.gz
util-linux-aes: update to 2.35.2 to follow 3.7q release
Diffstat (limited to 'util-linux-2.34.diff')
-rw-r--r--util-linux-2.34.diff5787
1 files changed, 0 insertions, 5787 deletions
diff --git a/util-linux-2.34.diff b/util-linux-2.34.diff
deleted file mode 100644
index cd12beca6bb..00000000000
--- a/util-linux-2.34.diff
+++ /dev/null
@@ -1,5787 +0,0 @@
-If this patch does not apply cleanly to newer version of util-linux, try
-replacing original sys-utils/losetup.8 with version from util-linux that the
-patch is for. And then apply this patch.
-
-To compile this software, you need recent versions of autohell tools
-(autopoint aclocal autoconf autoheader automake libtoolize).
-
-Loop device setup and tear down bits are in included libmount library. This
-patch does not break libmount ABI or version numbering. This version of
-libmount library can be installed as system library. mount, umount, swapon,
-and swapoff programs require libmount library. losetup does not require
-libmount library. If you are uncomfortable replacing system libraries (due
-to library version dependency problems that it may cause), you can compile
-and link supplied programs so that included libraries are statically linked
-to programs, like this:
-
- ./autogen.sh
- CFLAGS="-O2 -Wall" ./configure --disable-shared --enable-static --disable-pylibmount --enable-libmount-support-mtab
- make
-
-
-diff -urN util-linux-2.34/include/Makemodule.am util-linux-2.34-AES/include/Makemodule.am
---- util-linux-2.34/include/Makemodule.am 2018-06-04 10:57:02.790445905 +0300
-+++ util-linux-2.34-AES/include/Makemodule.am 2019-07-11 09:31:03.205081083 +0300
-@@ -43,6 +43,7 @@
- include/procutils.h \
- include/pt-bsd.h \
- include/pt-mbr.h \
-+ include/xgetpass.h \
- include/pt-mbr-partnames.h \
- include/pt-sgi.h \
- include/pt-sun.h \
-diff -urN util-linux-2.34/include/xgetpass.h util-linux-2.34-AES/include/xgetpass.h
---- util-linux-2.34/include/xgetpass.h 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/include/xgetpass.h 2019-07-11 09:31:03.205081083 +0300
-@@ -0,0 +1,6 @@
-+#ifndef UTIL_LINUX_XGETPASS_H
-+#define UTIL_LINUX_XGETPASS_H
-+
-+extern char *xgetpass(int pfd, const char *prompt);
-+
-+#endif /* UTIL_LINUX_XGETPASS_H */
-diff -urN util-linux-2.34/lib/Makemodule.am util-linux-2.34-AES/lib/Makemodule.am
---- util-linux-2.34/lib/Makemodule.am 2019-02-22 12:17:43.704854212 +0200
-+++ util-linux-2.34-AES/lib/Makemodule.am 2019-07-11 09:31:03.206081088 +0300
-@@ -24,6 +24,7 @@
- lib/strutils.c \
- lib/timeutils.c \
- lib/ttyutils.c \
-+ lib/xgetpass.c \
- lib/exec_shell.c \
- lib/strv.c \
- lib/sha1.c \
-diff -urN util-linux-2.34/lib/xgetpass.c util-linux-2.34-AES/lib/xgetpass.c
---- util-linux-2.34/lib/xgetpass.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/lib/xgetpass.c 2019-07-11 09:31:03.206081088 +0300
-@@ -0,0 +1,64 @@
-+/*
-+ * A function to read the passphrase either from the terminal or from
-+ * an open file descriptor.
-+ *
-+ * Public domain.
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <sys/ioctl.h>
-+#include <sys/stat.h>
-+
-+#include "c.h"
-+#include "xgetpass.h"
-+
-+char *xgetpass(int pfd, const char *prompt)
-+{
-+ char *p = NULL, *n;
-+ int x = 0, y = 0;
-+
-+ if (pfd < 0) {
-+ /* read from terminal */
-+ p = getpass(prompt);
-+ if(!p) return NULL;
-+ /* caller insists on free()ing this pointer, so make sure it is such */
-+ n = strdup(p);
-+ y = strlen(p);
-+ if(y) memset(p, 0, y); /* erase original */
-+ /* return a free()able copy, or 0 if strdup() failed */
-+ return n;
-+ }
-+
-+ do {
-+ if(y >= (x - 1)) {
-+ x += 128;
-+ /* Must enforce some max limit here -- this code */
-+ /* runs as part of mount, and mount is setuid root */
-+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */
-+ if(x > (4*1024)) {
-+ error_out:
-+ if(p) {
-+ memset(p, 0, y);
-+ free(p);
-+ }
-+ return NULL;
-+ }
-+ n = malloc(x);
-+ if(!n) goto error_out;
-+ if(p) {
-+ memcpy(n, p, y);
-+ memset(p, 0, y);
-+ free(p);
-+ }
-+ p = n;
-+ }
-+ if(read(pfd, p + y, 1) != 1) break;
-+ if((p[y] == '\n') || !p[y]) break;
-+ y++;
-+ } while(1);
-+ if(p) p[y] = 0;
-+ return p;
-+}
-diff -urN util-linux-2.34/libmount/src/Makemodule.am util-linux-2.34-AES/libmount/src/Makemodule.am
---- util-linux-2.34/libmount/src/Makemodule.am 2018-06-04 10:57:02.802445812 +0300
-+++ util-linux-2.34-AES/libmount/src/Makemodule.am 2019-07-11 09:31:03.206081088 +0300
-@@ -27,7 +27,10 @@
- if LINUX
- libmount_la_SOURCES += \
- libmount/src/context.c \
-- libmount/src/context_loopdev.c \
-+ libmount/src/context_loopdev1.c \
-+ libmount/src/sha512.c \
-+ libmount/src/rmd160.c \
-+ libmount/src/aes.c \
- libmount/src/context_mount.c \
- libmount/src/context_umount.c \
- libmount/src/monitor.c
-diff -urN util-linux-2.34/libmount/src/aes.c util-linux-2.34-AES/libmount/src/aes.c
---- util-linux-2.34/libmount/src/aes.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/aes.c 2019-07-11 09:31:03.207081094 +0300
-@@ -0,0 +1,299 @@
-+// I retain copyright in this code but I encourage its free use provided
-+// that I don't carry any responsibility for the results. I am especially
-+// happy to see it used in free and open source software. If you do use
-+// it I would appreciate an acknowledgement of its origin in the code or
-+// the product that results and I would also appreciate knowing a little
-+// about the use to which it is being put. I am grateful to Frank Yellin
-+// for some ideas that are used in this implementation.
-+//
-+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
-+//
-+// This is an implementation of the AES encryption algorithm (Rijndael)
-+// designed by Joan Daemen and Vincent Rijmen. This version is designed
-+// to provide both fixed and dynamic block and key lengths and can also
-+// run with either big or little endian internal byte order (see aes.h).
-+// It inputs block and key lengths in bytes with the legal values being
-+// 16, 24 and 32.
-+
-+/*
-+ * Modified by Jari Ruusu, May 1 2001
-+ * - Fixed some compile warnings, code was ok but gcc warned anyway.
-+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
-+ * - Major name space cleanup: Names visible to outside now begin
-+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
-+ * - Removed C++ and DLL support as part of name space cleanup.
-+ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
-+ * - Merged precomputed constant tables to aes.c file.
-+ * - Removed data alignment restrictions for portability reasons.
-+ * - Made block and key lengths accept bit count (128/192/256)
-+ * as well byte count (16/24/32).
-+ * - Removed all error checks. This change also eliminated the need
-+ * to preinitialize the context struct to zero.
-+ * - Removed some totally unused constants.
-+ */
-+
-+/*
-+ * Modified by Jari Ruusu, June 9 2003
-+ * - Removed all code not necessary for small size
-+ * optimized encryption using 256 bit keys.
-+ */
-+
-+#include "aes.h"
-+
-+#if AES_BLOCK_SIZE != 16
-+#error an illegal block size has been specified
-+#endif
-+
-+// upr(x,n): rotates bytes within words by n positions, moving bytes
-+// to higher index positions with wrap around into low positions
-+// bval(x,n): extracts a byte from a word
-+
-+#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n))))
-+#define bval(x,n) ((unsigned char)((x) >> 8 * (n)))
-+#define bytes2word(b0, b1, b2, b3) \
-+ ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
-+
-+#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386)
-+/* little endian processor without data alignment restrictions */
-+#define word_in(x) *(u_int32_t*)(x)
-+#define word_out(x,v) *(u_int32_t*)(x) = (v)
-+#else
-+/* slower but generic big endian or with data alignment restrictions */
-+#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
-+#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
-+#endif
-+
-+// the finite field modular polynomial and elements
-+
-+#define ff_poly 0x011b
-+#define ff_hi 0x80
-+
-+static int tab_gen = 0;
-+static unsigned char s_box[256]; // the S box
-+static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants
-+static u_int32_t ft_tab[4][256];
-+static u_int32_t fl_tab[4][256];
-+
-+// Generate the tables for the dynamic table option
-+
-+// It will generally be sensible to use tables to compute finite
-+// field multiplies and inverses but where memory is scarse this
-+// code might sometimes be better.
-+
-+// return 2 ^ (n - 1) where n is the bit number of the highest bit
-+// set in x with x in the range 1 < x < 0x00000200. This form is
-+// used so that locals within FFinv can be bytes rather than words
-+
-+static unsigned char hibit(const u_int32_t x)
-+{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2));
-+
-+ r |= (r >> 2);
-+ r |= (r >> 4);
-+ return (r + 1) >> 1;
-+}
-+
-+// return the inverse of the finite field element x
-+
-+static unsigned char FFinv(const unsigned char x)
-+{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
-+
-+ if(x < 2) return x;
-+
-+ for(;;)
-+ {
-+ if(!n1) return v1;
-+
-+ while(n2 >= n1)
-+ {
-+ n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
-+ }
-+
-+ if(!n2) return v2;
-+
-+ while(n1 >= n2)
-+ {
-+ n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
-+ }
-+ }
-+}
-+
-+// define the finite field multiplies required for Rijndael
-+
-+#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0))
-+#define FFmul03(x) ((x) ^ FFmul02(x))
-+
-+// The forward and inverse affine transformations used in the S-box
-+
-+#define fwd_affine(x) \
-+ (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8)))
-+
-+static void gen_tabs(void)
-+{ u_int32_t i, w;
-+
-+ for(i = 0, w = 1; i < AES_RC_LENGTH; ++i)
-+ {
-+ rcon_tab[i] = bytes2word(w, 0, 0, 0);
-+ w = (w << 1) ^ (w & ff_hi ? ff_poly : 0);
-+ }
-+
-+ for(i = 0; i < 256; ++i)
-+ { unsigned char b;
-+
-+ s_box[i] = b = fwd_affine(FFinv((unsigned char)i));
-+
-+ w = bytes2word(b, 0, 0, 0);
-+ fl_tab[0][i] = w;
-+ fl_tab[1][i] = upr(w,1);
-+ fl_tab[2][i] = upr(w,2);
-+ fl_tab[3][i] = upr(w,3);
-+ w = bytes2word(FFmul02(b), b, b, FFmul03(b));
-+ ft_tab[0][i] = w;
-+ ft_tab[1][i] = upr(w,1);
-+ ft_tab[2][i] = upr(w,2);
-+ ft_tab[3][i] = upr(w,3);
-+ }
-+}
-+
-+#define four_tables(x,tab,vf,rf,c) \
-+ ( tab[0][bval(vf(x,0,c),rf(0,c))] \
-+ ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
-+ ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
-+ ^ tab[3][bval(vf(x,3,c),rf(3,c))])
-+
-+#define vf1(x,r,c) (x)
-+#define rf1(r,c) (r)
-+#define rf2(r,c) ((r-c)&3)
-+
-+#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c)
-+
-+#define nc (AES_BLOCK_SIZE / 4)
-+
-+// Initialise the key schedule from the user supplied key.
-+// The key length is now specified in bytes, 32.
-+// This corresponds to bit length of 256 bits, and
-+// to Nk value of 8 respectively.
-+
-+void __loDev_aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f)
-+{ u_int32_t *kf, *kt, rci;
-+
-+ if(!tab_gen) { gen_tabs(); tab_gen = 1; }
-+
-+ cx->aes_Nkey = 8;
-+ cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6;
-+
-+ cx->aes_e_key[0] = word_in(in_key );
-+ cx->aes_e_key[1] = word_in(in_key + 4);
-+ cx->aes_e_key[2] = word_in(in_key + 8);
-+ cx->aes_e_key[3] = word_in(in_key + 12);
-+
-+ kf = cx->aes_e_key;
-+ kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey;
-+ rci = 0;
-+
-+ switch(cx->aes_Nkey)
-+ {
-+ case 8: cx->aes_e_key[4] = word_in(in_key + 16);
-+ cx->aes_e_key[5] = word_in(in_key + 20);
-+ cx->aes_e_key[6] = word_in(in_key + 24);
-+ cx->aes_e_key[7] = word_in(in_key + 28);
-+ do
-+ { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++];
-+ kf[ 9] = kf[1] ^ kf[ 8];
-+ kf[10] = kf[2] ^ kf[ 9];
-+ kf[11] = kf[3] ^ kf[10];
-+ kf[12] = kf[4] ^ ls_box(kf[11],0);
-+ kf[13] = kf[5] ^ kf[12];
-+ kf[14] = kf[6] ^ kf[13];
-+ kf[15] = kf[7] ^ kf[14];
-+ kf += 8;
-+ }
-+ while (kf < kt);
-+ break;
-+ }
-+}
-+
-+// y = output word, x = input word, r = row, c = column
-+// for r = 0, 1, 2 and 3 = column accessed for row r
-+
-+#define s(x,c) x[c]
-+
-+// I am grateful to Frank Yellin for the following constructions
-+// which, given the column (c) of the output state variable that
-+// is being computed, return the input state variables which are
-+// needed for each row (r) of the state
-+
-+// For the fixed block size options, compilers reduce these two
-+// expressions to fixed variable references. For variable block
-+// size code conditional clauses will sometimes be returned
-+
-+#define fwd_var(x,r,c) \
-+ ( r==0 ? \
-+ ( c==0 ? s(x,0) \
-+ : c==1 ? s(x,1) \
-+ : c==2 ? s(x,2) \
-+ : c==3 ? s(x,3) \
-+ : c==4 ? s(x,4) \
-+ : c==5 ? s(x,5) \
-+ : c==6 ? s(x,6) \
-+ : s(x,7)) \
-+ : r==1 ? \
-+ ( c==0 ? s(x,1) \
-+ : c==1 ? s(x,2) \
-+ : c==2 ? s(x,3) \
-+ : c==3 ? nc==4 ? s(x,0) : s(x,4) \
-+ : c==4 ? s(x,5) \
-+ : c==5 ? nc==8 ? s(x,6) : s(x,0) \
-+ : c==6 ? s(x,7) \
-+ : s(x,0)) \
-+ : r==2 ? \
-+ ( c==0 ? nc==8 ? s(x,3) : s(x,2) \
-+ : c==1 ? nc==8 ? s(x,4) : s(x,3) \
-+ : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==4 ? nc==8 ? s(x,7) : s(x,0) \
-+ : c==5 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==6 ? s(x,1) \
-+ : s(x,2)) \
-+ : \
-+ ( c==0 ? nc==8 ? s(x,4) : s(x,3) \
-+ : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \
-+ : c==4 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==5 ? nc==8 ? s(x,1) : s(x,2) \
-+ : c==6 ? s(x,2) \
-+ : s(x,3)))
-+
-+#define si(y,x,k,c) s(y,c) = word_in(x + 4 * c) ^ k[c]
-+#define so(y,x,c) word_out(y + 4 * c, s(x,c))
-+
-+#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c)
-+#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c)
-+
-+#define locals(y,x) x[4],y[4]
-+
-+#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
-+ s(y,2) = s(x,2); s(y,3) = s(x,3);
-+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
-+#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
-+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
-+
-+void __loDev_aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
-+{ u_int32_t locals(b0, b1);
-+ const u_int32_t *kp = cx->aes_e_key;
-+
-+ state_in(b0, in_blk, kp); kp += nc;
-+
-+ { u_int32_t rnd;
-+
-+ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd)
-+ {
-+ round(fwd_rnd, b1, b0, kp);
-+ l_copy(b0, b1); kp += nc;
-+ }
-+
-+ round(fwd_lrnd, b0, b1, kp);
-+ }
-+
-+ state_out(out_blk, b0);
-+}
-diff -urN util-linux-2.34/libmount/src/aes.h util-linux-2.34-AES/libmount/src/aes.h
---- util-linux-2.34/libmount/src/aes.h 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/aes.h 2019-07-11 09:31:03.208081100 +0300
-@@ -0,0 +1,97 @@
-+// I retain copyright in this code but I encourage its free use provided
-+// that I don't carry any responsibility for the results. I am especially
-+// happy to see it used in free and open source software. If you do use
-+// it I would appreciate an acknowledgement of its origin in the code or
-+// the product that results and I would also appreciate knowing a little
-+// about the use to which it is being put. I am grateful to Frank Yellin
-+// for some ideas that are used in this implementation.
-+//
-+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
-+//
-+// This is an implementation of the AES encryption algorithm (Rijndael)
-+// designed by Joan Daemen and Vincent Rijmen. This version is designed
-+// to provide both fixed and dynamic block and key lengths and can also
-+// run with either big or little endian internal byte order (see aes.h).
-+// It inputs block and key lengths in bytes with the legal values being
-+// 16, 24 and 32.
-+
-+/*
-+ * Modified by Jari Ruusu, May 1 2001
-+ * - Fixed some compile warnings, code was ok but gcc warned anyway.
-+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
-+ * - Major name space cleanup: Names visible to outside now begin
-+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
-+ * - Removed C++ and DLL support as part of name space cleanup.
-+ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
-+ * - Merged precomputed constant tables to aes.c file.
-+ * - Removed data alignment restrictions for portability reasons.
-+ * - Made block and key lengths accept bit count (128/192/256)
-+ * as well byte count (16/24/32).
-+ * - Removed all error checks. This change also eliminated the need
-+ * to preinitialize the context struct to zero.
-+ * - Removed some totally unused constants.
-+ */
-+
-+#ifndef _AES_H
-+#define _AES_H
-+
-+#if defined(__linux__) && defined(__KERNEL__)
-+# include <linux/types.h>
-+#else
-+# include <sys/types.h>
-+#endif
-+
-+// CONFIGURATION OPTIONS (see also aes.c)
-+//
-+// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or
-+// leave this undefined for dynamically variable block size (this will
-+// result in much slower code).
-+// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If
-+// left undefined a slower version providing variable block length is compiled
-+
-+#define AES_BLOCK_SIZE 16
-+
-+// The number of key schedule words for different block and key lengths
-+// allowing for method of computation which requires the length to be a
-+// multiple of the key length
-+//
-+// Nk = 4 6 8
-+// -------------
-+// Nb = 4 | 60 60 64
-+// 6 | 96 90 96
-+// 8 | 120 120 120
-+
-+#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32)
-+#define AES_KS_LENGTH 120
-+#define AES_RC_LENGTH 29
-+#else
-+#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE
-+#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8
-+#endif
-+
-+typedef struct
-+{
-+ u_int32_t aes_Nkey; // the number of words in the key input block
-+ u_int32_t aes_Nrnd; // the number of cipher rounds
-+ u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule
-+ u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule
-+#if !defined(AES_BLOCK_SIZE)
-+ u_int32_t aes_Ncol; // the number of columns in the cipher state
-+#endif
-+} aes_context;
-+
-+// THE CIPHER INTERFACE
-+
-+#if !defined(AES_BLOCK_SIZE)
-+extern void aes_set_blk(aes_context *, const int);
-+#endif
-+extern void __loDev_aes_set_key(aes_context *, const unsigned char [], const int, const int);
-+extern void __loDev_aes_encrypt(const aes_context *, const unsigned char [], unsigned char []);
-+extern void __loDev_aes_decrypt(const aes_context *, const unsigned char [], unsigned char []);
-+
-+// The block length inputs to aes_set_block and aes_set_key are in numbers
-+// of bytes or bits. The calls to subroutines must be made in the above
-+// order but multiple calls can be made without repeating earlier calls
-+// if their parameters have not changed.
-+
-+#endif // _AES_H
-diff -urN util-linux-2.34/libmount/src/context.c util-linux-2.34-AES/libmount/src/context.c
---- util-linux-2.34/libmount/src/context.c 2019-04-10 14:28:20.591837314 +0300
-+++ util-linux-2.34-AES/libmount/src/context.c 2019-07-11 09:31:03.209081105 +0300
-@@ -99,7 +99,6 @@
- mnt_unref_table(cxt->fstab);
- mnt_unref_cache(cxt->cache);
-
-- mnt_context_clear_loopdev(cxt);
- mnt_free_lock(cxt->lock);
- mnt_free_update(cxt->update);
-
-@@ -142,6 +141,8 @@
- DBG(CXT, ul_debugobj(cxt, "<---- reset [status=%d] ---->",
- mnt_context_get_status(cxt)));
-
-+ mnt_context_clear_loopdev(cxt); /* this _has_ to be called before cxt->fs gets freed */
-+
- fl = cxt->flags;
-
- mnt_unref_fs(cxt->fs);
-diff -urN util-linux-2.34/libmount/src/context_loopdev1.c util-linux-2.34-AES/libmount/src/context_loopdev1.c
---- util-linux-2.34/libmount/src/context_loopdev1.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/context_loopdev1.c 2019-07-11 09:31:03.211081117 +0300
-@@ -0,0 +1,1525 @@
-+/*
-+ * Copyright (C) 2011 Karel Zak <kzak@redhat.com>
-+ *
-+ * This file may be redistributed under the terms of the
-+ * GNU Lesser General Public License.
-+ */
-+
-+/* (c) 2001-2012 Jari Ruusu */
-+
-+#include <blkid.h>
-+#include <sys/ioctl.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <strings.h>
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <pwd.h>
-+#include <fcntl.h>
-+#include <signal.h>
-+#include <sys/wait.h>
-+#include <sys/time.h>
-+#include <ctype.h>
-+
-+#include "mountP.h"
-+#include "linux_version.h"
-+
-+#include <linux/version.h>
-+#include <linux/posix_types.h>
-+
-+#include "sha512.h"
-+#include "rmd160.h"
-+#include "aes.h"
-+
-+
-+#define LO_CRYPT_NONE 0
-+#define LO_CRYPT_XOR 1
-+#define LO_CRYPT_DES 2
-+#define LO_CRYPT_CRYPTOAPI 18
-+
-+#define LOOP_SET_FD 0x4C00
-+#define LOOP_CLR_FD 0x4C01
-+#define LOOP_SET_STATUS 0x4C02
-+#define LOOP_GET_STATUS 0x4C03
-+#define LOOP_SET_STATUS64 0x4C04
-+#define LOOP_GET_STATUS64 0x4C05
-+#define LOOP_MULTI_KEY_SETUP 0x4C4D
-+#define LOOP_MULTI_KEY_SETUP_V3 0x4C4E
-+#define LOOP_RECOMPUTE_DEV_SIZE 0x4C52
-+
-+#define LO_NAME_SIZE 64
-+#define LO_KEY_SIZE 32
-+
-+struct loop_info {
-+ int lo_number;
-+#if LINUX_VERSION_CODE >= 0x20600
-+ __kernel_old_dev_t lo_device;
-+#else
-+ __kernel_dev_t lo_device;
-+#endif
-+ unsigned long lo_inode;
-+#if LINUX_VERSION_CODE >= 0x20600
-+ __kernel_old_dev_t lo_rdevice;
-+#else
-+ __kernel_dev_t lo_rdevice;
-+#endif
-+ int lo_offset;
-+ int lo_encrypt_type;
-+ int lo_encrypt_key_size;
-+ int lo_flags;
-+ char lo_name[LO_NAME_SIZE];
-+ unsigned char lo_encrypt_key[LO_KEY_SIZE];
-+ unsigned long lo_init[2];
-+ char reserved[4];
-+};
-+
-+struct loop_info64 {
-+ u_int64_t lo_device; /* ioctl r/o */
-+ u_int64_t lo_inode; /* ioctl r/o */
-+ u_int64_t lo_rdevice; /* ioctl r/o */
-+ u_int64_t lo_offset; /* bytes */
-+ u_int64_t lo_sizelimit; /* bytes, 0 == max available */
-+ u_int32_t lo_number; /* ioctl r/o */
-+ u_int32_t lo_encrypt_type;
-+ u_int32_t lo_encrypt_key_size; /* ioctl w/o */
-+ u_int32_t lo_flags; /* ioctl r/o */
-+ unsigned char lo_file_name[LO_NAME_SIZE];
-+ unsigned char lo_crypt_name[LO_NAME_SIZE];
-+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
-+ u_int64_t lo_init[2];
-+};
-+
-+#if !defined(LOOP_PASSWORD_MIN_LENGTH)
-+# define LOOP_PASSWORD_MIN_LENGTH 20
-+#endif
-+
-+typedef struct {
-+ char *multiKeyPass[66];
-+ int multiKeyMode;
-+ char *loopFileName;
-+ char *pass_cb_string;
-+ char *extraPtrToFree;
-+
-+ char *loopDevName;
-+ char *loopOffsetBytes;
-+ char *loopSizeBytes;
-+ char *loopEncryptionType;
-+ char *passSeedString;
-+ char *passHashFuncName;
-+ char *passIterThousands;
-+ char *loInitValue;
-+ char *gpgKeyFile;
-+ char *gpgHomeDir;
-+ char *clearTextKeyFile;
-+} loDev_passInfo;
-+
-+
-+
-+static int loDev_rd_wr_retry(int fd, char *buf, int cnt, int w)
-+{
-+ int x, y, z;
-+
-+ x = 0;
-+ while(x < cnt) {
-+ y = cnt - x;
-+ if(w) {
-+ z = write(fd, buf + x, y);
-+ } else {
-+ z = read(fd, buf + x, y);
-+ if (!z) return x;
-+ }
-+ if(z < 0) {
-+ if ((errno == EAGAIN) || (errno == ENOMEM) || (errno == ERESTART) || (errno == EINTR)) {
-+ continue;
-+ }
-+ return x;
-+ }
-+ x += z;
-+ }
-+ return x;
-+}
-+
-+static char *loDev_get_FD_pass(int fd)
-+{
-+ char *p = NULL, *n;
-+ int x = 0, y = 0;
-+
-+ do {
-+ if(y >= (x - 1)) {
-+ x += 128;
-+ /* Must enforce some max limit here -- this code */
-+ /* runs as part of mount, and mount is setuid root */
-+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */
-+ if(x > (4*1024)) {
-+ error_out:
-+ if(p) {
-+ memset(p, 0, y);
-+ free(p);
-+ }
-+ return NULL;
-+ }
-+ n = malloc(x);
-+ if(!n) goto error_out;
-+ if(p) {
-+ memcpy(n, p, y);
-+ memset(p, 0, y);
-+ free(p);
-+ }
-+ p = n;
-+ }
-+ if(loDev_rd_wr_retry(fd, p + y, 1, 0) != 1) break;
-+ if((p[y] == '\n') || !p[y]) break;
-+ y++;
-+ } while(1);
-+ if(p) p[y] = 0;
-+ return p;
-+}
-+
-+static unsigned long long loDev_mystrtoull(char *s, int acceptAT)
-+{
-+ unsigned long long v = 0;
-+ int negative = 0;
-+
-+ while ((*s == ' ') || (*s == '\t'))
-+ s++;
-+ if (acceptAT && (*s == '@')) {
-+ s++;
-+ negative = 1;
-+ }
-+ if (*s == '0') {
-+ s++;
-+ if ((*s == 'x') || (*s == 'X')) {
-+ s++;
-+ sscanf(s, "%llx", &v);
-+ } else {
-+ sscanf(s, "%llo", &v);
-+ }
-+ } else {
-+ sscanf(s, "%llu", &v);
-+ }
-+ return negative ? -v : v;
-+}
-+
-+static void loDev_warnAboutBadKeyData(struct libmnt_context *cxt, int x)
-+{
-+ if((x > 1) && (x != 64) && (x != 65)) {
-+ DBG(CXT, ul_debugobj(cxt, "Warning: Unknown key data format - using it anyway"));
-+ }
-+}
-+
-+
-+static int loDev_are_these_files_same(const char *name1, const char *name2)
-+{
-+ struct stat statbuf1;
-+ struct stat statbuf2;
-+
-+ if(!name1 || !*name1 || !name2 || !*name2) return 0;
-+ if(stat(name1, &statbuf1)) return 0;
-+ if(stat(name2, &statbuf2)) return 0;
-+ if(statbuf1.st_dev != statbuf2.st_dev) return 0;
-+ if(statbuf1.st_ino != statbuf2.st_ino) return 0;
-+ return 1; /* are same */
-+}
-+
-+static char *loDev_do_GPG_pipe(struct libmnt_context *cxt, loDev_passInfo *pi, char *pass)
-+{
-+ int x, pfdi[2], pfdo[2], failed = 0;
-+ char str[10], *a[16], *e[2], *h;
-+ pid_t gpid;
-+ struct passwd *p;
-+ void *oldSigPipeHandler;
-+
-+ if((getuid() == 0) && pi->gpgHomeDir && pi->gpgHomeDir[0]) {
-+ h = pi->gpgHomeDir;
-+ } else {
-+ if(!(p = getpwuid(getuid()))) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to detect home directory"));
-+ return NULL;
-+ }
-+ h = p->pw_dir;
-+ }
-+ if(!(e[0] = malloc(strlen(h) + 6))) {
-+ nomem1:
-+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to allocate memory"));
-+ return NULL;
-+ }
-+ sprintf(e[0], "HOME=%s", h);
-+ e[1] = 0;
-+
-+ if(pipe(&pfdi[0])) {
-+ nomem2:
-+ free(e[0]);
-+ goto nomem1;
-+ }
-+ if(pipe(&pfdo[0])) {
-+ close(pfdi[0]);
-+ close(pfdi[1]);
-+ goto nomem2;
-+ }
-+
-+ /*
-+ * When this code is run as part of mount, only root can set
-+ * 'gpgKeyFile' and as such, only root can decide what file is opened
-+ * below. However, since mount is usually setuid-root all non-root
-+ * users can also open() the file too, but that file's contents are
-+ * only piped to gpg. This readable-for-all is intended behaviour,
-+ * and is very useful in situations where non-root users mount loop
-+ * devices with their own gpg private key, and yet don't have access
-+ * to the actual key used to encrypt loop device.
-+ */
-+ if((x = open(pi->gpgKeyFile, O_RDONLY)) == -1) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open gpg key file for reading"));
-+ nomem3:
-+ free(e[0]);
-+ close(pfdo[0]);
-+ close(pfdo[1]);
-+ close(pfdi[0]);
-+ close(pfdi[1]);
-+ return NULL;
-+ }
-+
-+ /*
-+ * If someone puts a gpg key file at beginning of device and
-+ * puts the real file system at some offset into the device,
-+ * this code extracts that gpg key file into a temp file so gpg
-+ * won't end up reading whole device when decrypting the key file.
-+ *
-+ * Example of encrypted cdrom mount with 8192 bytes reserved for gpg key file:
-+ * mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192
-+ * ^^^^^^^^^^ ^^^^^^^^^^ ^^^^
-+ */
-+ if(pi->loopOffsetBytes && loDev_are_these_files_same(pi->loopFileName, pi->gpgKeyFile)) {
-+ FILE *f;
-+ char b[1024];
-+ long long cnt;
-+ int cnt2, cnt3;
-+
-+ cnt = loDev_mystrtoull(pi->loopOffsetBytes, 1);
-+ if(cnt < 0) cnt = -cnt;
-+ if(cnt > (1024 * 1024)) cnt = 1024 * 1024; /* sanity check */
-+ f = tmpfile();
-+ if(!f) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to create temp file"));
-+ close(x);
-+ goto nomem3;
-+ }
-+ while(cnt > 0) {
-+ cnt2 = sizeof(b);
-+ if(cnt < cnt2) cnt2 = cnt;
-+ cnt3 = loDev_rd_wr_retry(x, b, cnt2, 0);
-+ if(cnt3 && (fwrite(b, cnt3, 1, f) != 1)) {
-+ tmpWrErr:
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to write to temp file"));
-+ fclose(f);
-+ close(x);
-+ goto nomem3;
-+ }
-+ if(cnt2 != cnt3) break;
-+ cnt -= cnt3;
-+ }
-+ if(fflush(f)) goto tmpWrErr;
-+ close(x);
-+ x = dup(fileno(f));
-+ fclose(f);
-+ lseek(x, 0L, SEEK_SET);
-+ }
-+
-+ sprintf(str, "%d", pfdi[0]);
-+ if(!(gpid = fork())) {
-+ dup2(x, 0);
-+ dup2(pfdo[1], 1);
-+ close(x);
-+ close(pfdi[1]);
-+ close(pfdo[0]);
-+ close(pfdo[1]);
-+ if((x = open("/dev/null", O_WRONLY)) >= 0) {
-+ dup2(x, 2);
-+ close(x);
-+ }
-+ x = 0;
-+ a[x++] = "gpg";
-+ if(pi->gpgHomeDir && pi->gpgHomeDir[0]) {
-+ a[x++] = "--homedir";
-+ a[x++] = pi->gpgHomeDir;
-+ }
-+ a[x++] = "--no-options";
-+ a[x++] = "--quiet";
-+ a[x++] = "--batch";
-+ a[x++] = "--no-tty";
-+ a[x++] = "--passphrase-fd";
-+ a[x++] = str;
-+ a[x++] = "--decrypt";
-+ a[x] = 0;
-+ if(setgid(getgid())) exit(1);
-+ if(setuid(getuid())) exit(1);
-+ for(x = 3; x < 1024; x++) {
-+ if(x == pfdi[0]) continue;
-+ close(x);
-+ }
-+ execve("/bin/gpg", &a[0], &e[0]);
-+ execve("/usr/bin/gpg", &a[0], &e[0]);
-+ execve("/usr/local/bin/gpg", &a[0], &e[0]);
-+ exit(1);
-+ }
-+ free(e[0]);
-+ close(x);
-+ close(pfdi[0]);
-+ close(pfdo[1]);
-+ if(gpid == -1) {
-+ close(pfdi[1]);
-+ close(pfdo[0]);
-+ goto nomem1;
-+ }
-+
-+ x = strlen(pass);
-+
-+ /* ignore possible SIGPIPE signal while writing to gpg */
-+ oldSigPipeHandler = signal(SIGPIPE, SIG_IGN);
-+ loDev_rd_wr_retry(pfdi[1], pass, x, 1);
-+ loDev_rd_wr_retry(pfdi[1], "\n", 1, 1);
-+ if(oldSigPipeHandler != SIG_ERR) signal(SIGPIPE, oldSigPipeHandler);
-+
-+ close(pfdi[1]);
-+ memset(pass, 0, x);
-+ x = 0;
-+ while(x < 66) {
-+ if(pi->multiKeyPass[x]) {
-+ free(pi->multiKeyPass[x]);
-+ pi->multiKeyPass[x] = NULL;
-+ }
-+ x++;
-+ }
-+ x = 0;
-+ while(x < 66) {
-+ pi->multiKeyPass[x] = loDev_get_FD_pass(pfdo[0]);
-+ if(!pi->multiKeyPass[x]) {
-+ /* mem alloc failed - abort */
-+ failed = 1;
-+ break;
-+ }
-+ if(strlen(pi->multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
-+ x++;
-+ }
-+ loDev_warnAboutBadKeyData(cxt, x);
-+ if(x >= 65)
-+ pi->multiKeyMode = 65;
-+ if(x == 64)
-+ pi->multiKeyMode = 64;
-+ close(pfdo[0]);
-+ waitpid(gpid, &x, 0);
-+ if(failed || !pi->multiKeyPass[0]) goto nomem1;
-+ return pi->multiKeyPass[0];
-+}
-+
-+/* password returned by this function must not be free()ed directly, because it
-+ came from either cxt->pwd_get_cb() or is a duplicate of pi->multiKeyPass[0].
-+ cxt->pwd_release_cb() free()s the one that came from cxt->pwd_get_cb() and
-+ pi->multiKeyPass[0] gets free()d with rest of pi->multiKeyPass[] pointers.
-+ If this function actually malloc()s a pointer, a copy is at pi->extraPtrToFree */
-+static char *loDev_sGetPass(struct libmnt_context *cxt, loDev_passInfo *pi, int minLen, int warnLen)
-+{
-+ char *p, *s, *seed;
-+ int i, x;
-+
-+ if(pi->clearTextKeyFile) {
-+ if((i = open(pi->clearTextKeyFile, O_RDONLY)) == -1) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open cleartext key file for reading"));
-+ return NULL;
-+ }
-+ x = 0;
-+ while(x < 66) {
-+ pi->multiKeyPass[x] = loDev_get_FD_pass(i);
-+ if(!pi->multiKeyPass[x]) {
-+ close(i);
-+ goto nomem;
-+ }
-+ if(strlen(pi->multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
-+ x++;
-+ }
-+ close(i);
-+ loDev_warnAboutBadKeyData(cxt, x);
-+ if(x >= 65) {
-+ pi->multiKeyMode = 65;
-+ return pi->multiKeyPass[0];
-+ }
-+ if(x == 64) {
-+ pi->multiKeyMode = 64;
-+ return pi->multiKeyPass[0];
-+ }
-+ p = pi->multiKeyPass[0];
-+ } else {
-+ if(!cxt->pwd_get_cb)
-+ return NULL;
-+ DBG(CXT, ul_debugobj(cxt, "asking for pass"));
-+ p = pi->pass_cb_string = cxt->pwd_get_cb(cxt);
-+ }
-+
-+ if(!p) goto nomem;
-+ if(pi->gpgKeyFile && pi->gpgKeyFile[0]) {
-+ p = loDev_do_GPG_pipe(cxt, pi, p);
-+ if(!p) return NULL;
-+ if(!p[0]) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: gpg key file decryption failed"));
-+ return NULL;
-+ }
-+ if(pi->multiKeyMode) return p;
-+ }
-+ i = strlen(p);
-+ if(i < minLen) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: Password is too short"));
-+ return NULL;
-+ }
-+ seed = pi->passSeedString;
-+ if(!seed) seed = "";
-+ s = pi->extraPtrToFree = malloc(i + strlen(seed) + 1);
-+ if(!s) {
-+ memset(p, 0, i);
-+ nomem:
-+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to allocate memory"));
-+ return NULL;
-+ }
-+ strcpy(s, p);
-+ memset(p, 0, i);
-+ if(i < warnLen) {
-+ DBG(CXT, ul_debugobj(cxt, "WARNING - Please use longer password"));
-+ }
-+ strcat(s, seed);
-+ return(s);
-+}
-+
-+/* this is for compatibility with historic loop-AES version */
-+static void loDev_unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
-+{
-+ register int x, y, z, cnt = ile;
-+ unsigned char *kp;
-+
-+ memset(keyBuf, 0, bufSize);
-+ kp = keyStr;
-+ for(x = 0; x < (bufSize * 8); x += 6) {
-+ y = *kp++;
-+ if(--cnt <= 0) {
-+ kp = keyStr;
-+ cnt = ile;
-+ }
-+ if((y >= '0') && (y <= '9')) y -= '0';
-+ else if((y >= 'A') && (y <= 'Z')) y -= ('A' - 10);
-+ else if((y >= 'a') && (y <= 'z')) y -= ('a' - 36);
-+ else if((y == '.') || (y == '/')) y += (62 - '.');
-+ else y &= 63;
-+ z = x >> 3;
-+ if(z < bufSize) {
-+ keyBuf[z] |= y << (x & 7);
-+ }
-+ z++;
-+ if(z < bufSize) {
-+ keyBuf[z] |= y >> (8 - (x & 7));
-+ }
-+ }
-+}
-+
-+/* this is for compatibility with mainline mount */
-+static void loDev_unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
-+{
-+ memset(keyBuf, 0, bufSize);
-+ strncpy((char *)keyBuf, (char *)keyStr, bufSize - 1);
-+ keyBuf[bufSize - 1] = 0;
-+}
-+
-+static void loDev_rmd160HashTwiceWithA(unsigned char *ib, int ile, unsigned char *ob, int ole)
-+{
-+ char tmpBuf[20 + 20];
-+ char pwdCopy[130];
-+
-+ if(ole < 1) return;
-+ memset(ob, 0, ole);
-+ if(ole > 40) ole = 40;
-+ __loDev_rmd160_hash_buffer(&tmpBuf[0], (char *)ib, ile);
-+ pwdCopy[0] = 'A';
-+ if(ile > sizeof(pwdCopy) - 1) ile = sizeof(pwdCopy) - 1;
-+ memcpy(pwdCopy + 1, ib, ile);
-+ __loDev_rmd160_hash_buffer(&tmpBuf[20], pwdCopy, ile + 1);
-+ memcpy(ob, tmpBuf, ole);
-+ memset(tmpBuf, 0, sizeof(tmpBuf));
-+ memset(pwdCopy, 0, sizeof(pwdCopy));
-+}
-+
-+extern long long llseek(int, long long, int);
-+
-+static long long loDev_xx_lseek(int fd, long long offset, int whence)
-+{
-+ if(sizeof(off_t) >= 8) {
-+ return lseek(fd, offset, whence);
-+ } else {
-+ return llseek(fd, offset, whence);
-+ }
-+}
-+
-+static int loDev_create_random_keys(struct libmnt_context *cxt, char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k)
-+{
-+ int x, y, fd;
-+ sha512_context s;
-+ unsigned char b[4096];
-+
-+ if(loopro) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: read-only device"));
-+ return 1;
-+ }
-+
-+ /*
-+ * Compute SHA-512 over first 40 KB of old fs data. SHA-512 hash
-+ * output is then used as entropy for new fs encryption key.
-+ */
-+ if((fd = open(partition, O_RDWR)) == -1) {
-+ seekFailed:
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open/seek device"));
-+ return 1;
-+ }
-+ if(offset < 0) offset = -offset;
-+ if(loDev_xx_lseek(fd, offset, SEEK_SET) == -1) {
-+ close(fd);
-+ goto seekFailed;
-+ }
-+ __loDev_sha512_init(&s);
-+ for(x = 1; x <= 10; x++) {
-+ if((sizelimit > 0) && ((sizeof(b) * x) > sizelimit)) break;
-+ if(loDev_rd_wr_retry(fd, (char *) &b[0], sizeof(b), 0) != sizeof(b)) break;
-+ __loDev_sha512_write(&s, &b[0], sizeof(b));
-+ }
-+ __loDev_sha512_final(&s);
-+
-+ /*
-+ * Overwrite 40 KB of old fs data 20 times so that recovering
-+ * SHA-512 output beyond this point is difficult and expensive.
-+ */
-+ for(y = 0; y < 20; y++) {
-+ int z;
-+ struct {
-+ struct timeval tv;
-+ unsigned char h[64];
-+ int x,y,z;
-+ } j;
-+ if(loDev_xx_lseek(fd, offset, SEEK_SET) == -1) break;
-+ memcpy(&j.h[0], &s.sha_out[0], 64);
-+ gettimeofday(&j.tv, NULL);
-+ j.y = y;
-+ for(x = 1; x <= 10; x++) {
-+ j.x = x;
-+ for(z = 0; z < sizeof(b); z += 64) {
-+ j.z = z;
-+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64);
-+ }
-+ if((sizelimit > 0) && ((sizeof(b) * x) > sizelimit)) break;
-+ if(loDev_rd_wr_retry(fd, (char *) &b[0], sizeof(b), 1) != sizeof(b)) break;
-+ }
-+ memset(&j, 0, sizeof(j));
-+ if(fsync(fd)) break;
-+ }
-+ close(fd);
-+
-+ /*
-+ * Use all 512 bits of hash output
-+ */
-+ memcpy(&b[0], &s.sha_out[0], 64);
-+ memset(&s, 0, sizeof(s));
-+
-+ /*
-+ * Read 32 bytes of random entropy from kernel's random
-+ * number generator. This code may be executed early on startup
-+ * scripts and amount of random entropy may be non-existent.
-+ * SHA-512 of old fs data is used as workaround for missing
-+ * entropy in kernel's random number generator.
-+ */
-+ if((fd = open("/dev/urandom", O_RDONLY)) == -1) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open /dev/urandom"));
-+ return 1;
-+ }
-+ loDev_rd_wr_retry(fd, (char *) &b[64], 32, 0);
-+
-+ /* generate multi-key hashes */
-+ x = 0;
-+ while(x < 65) {
-+ loDev_rd_wr_retry(fd, (char *) &b[64+32], 16, 0);
-+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, k, 32);
-+ k += 32;
-+ x++;
-+ }
-+
-+ close(fd);
-+ memset(&b[0], 0, sizeof(b));
-+ return 0;
-+}
-+
-+static int loDev_fork_mkfs_command(struct libmnt_context *cxt, char *device, char *fstype)
-+{
-+ int x, y = 0;
-+ char *a[10], *e[2];
-+
-+ sync();
-+ if(!(x = fork())) {
-+ if((x = open("/dev/null", O_WRONLY)) >= 0) {
-+ dup2(x, 0);
-+ dup2(x, 1);
-+ dup2(x, 2);
-+ close(x);
-+ }
-+ x = 0;
-+ a[x++] = "mkfs";
-+ a[x++] = "-t";
-+ a[x++] = fstype;
-+ /* mkfs.reiserfs and mkfs.xfs need -f option */
-+ if(!strcmp(fstype, "reiserfs") || !strcmp(fstype, "xfs")) {
-+ a[x++] = "-f";
-+ }
-+ a[x++] = device;
-+ a[x] = 0;
-+ e[0] = "PATH=/sbin:/usr/sbin";
-+ e[1] = 0;
-+ if(setgid(getgid())) exit(1);
-+ if(setuid(getuid())) exit(1);
-+ for(x = 3; x < 1024; x++) {
-+ close(x);
-+ }
-+ execve("/sbin/mkfs", &a[0], &e[0]);
-+ exit(1);
-+ }
-+ if(x == -1) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: fork failed"));
-+ return 1;
-+ }
-+ waitpid(x, &y, 0);
-+ sync();
-+ if(!WIFEXITED(y) || (WEXITSTATUS(y) != 0)) {
-+ DBG(CXT, ul_debugobj(cxt, "Error: encrypted file system mkfs failed"));
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+static void loDev_convert_info_to_info64(struct loop_info *info, struct loop_info64 *info64)
-+{
-+ memset(info64, 0, sizeof(*info64));
-+ info64->lo_number = info->lo_number;
-+ info64->lo_device = info->lo_device;
-+ info64->lo_inode = info->lo_inode;
-+ info64->lo_rdevice = info->lo_rdevice;
-+ info64->lo_offset = info->lo_offset;
-+ info64->lo_encrypt_type = info->lo_encrypt_type;
-+ info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
-+ info64->lo_flags = info->lo_flags;
-+ info64->lo_init[0] = info->lo_init[0];
-+ info64->lo_init[1] = info->lo_init[1];
-+ info64->lo_sizelimit = 0;
-+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
-+ memcpy(info64->lo_crypt_name, info->lo_name, sizeof(info64->lo_crypt_name));
-+ else
-+ memcpy(info64->lo_file_name, info->lo_name, sizeof(info64->lo_file_name));
-+ memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, sizeof(info64->lo_encrypt_key));
-+}
-+
-+static int loDev_convert_info64_to_info(struct loop_info64 *info64, struct loop_info *info)
-+{
-+ memset(info, 0, sizeof(*info));
-+ info->lo_number = info64->lo_number;
-+ info->lo_device = info64->lo_device;
-+ info->lo_inode = info64->lo_inode;
-+ info->lo_rdevice = info64->lo_rdevice;
-+ info->lo_offset = info64->lo_offset;
-+ info->lo_encrypt_type = info64->lo_encrypt_type;
-+ info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
-+ info->lo_flags = info64->lo_flags;
-+ info->lo_init[0] = info64->lo_init[0];
-+ info->lo_init[1] = info64->lo_init[1];
-+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
-+ memcpy(info->lo_name, info64->lo_crypt_name, sizeof(info->lo_name));
-+ else
-+ memcpy(info->lo_name, info64->lo_file_name, sizeof(info->lo_name));
-+ memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, sizeof(info->lo_encrypt_key));
-+
-+ /* error in case values were truncated */
-+ if (info->lo_device != info64->lo_device ||
-+ info->lo_rdevice != info64->lo_rdevice ||
-+ info->lo_inode != info64->lo_inode ||
-+ info->lo_offset != info64->lo_offset ||
-+ info64->lo_sizelimit) {
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+static int loDev_set_status64_ioctl(int fd, struct loop_info64 *info64)
-+{
-+ struct loop_info info;
-+ struct loop_info64 tmp;
-+ int r;
-+
-+ /*
-+ * This ugly work around is needed because some
-+ * Red Hat kernels are using same ioctl code:
-+ * #define LOOP_CHANGE_FD 0x4C04
-+ * vs.
-+ * #define LOOP_SET_STATUS64 0x4C04
-+ * that is used by modern loop driver.
-+ *
-+ * Attempt to detect presense of LOOP_GET_STATUS64
-+ * ioctl before issuing LOOP_SET_STATUS64 ioctl.
-+ * Red Hat kernels with above LOOP_CHANGE_FD damage
-+ * should return -1 and set errno to EINVAL.
-+ */
-+ r = ioctl(fd, LOOP_GET_STATUS64, &tmp);
-+ memset(&tmp, 0, sizeof(tmp));
-+ if ((r == 0) || (errno != EINVAL)) {
-+ r = ioctl(fd, LOOP_SET_STATUS64, info64);
-+ if (!r)
-+ return 0;
-+ }
-+ r = loDev_convert_info64_to_info(info64, &info);
-+ if (!r)
-+ r = ioctl(fd, LOOP_SET_STATUS, &info);
-+
-+ /* don't leave copies of encryption key on stack */
-+ memset(&info, 0, sizeof(info));
-+ return r;
-+}
-+
-+static int loDev_get_status64_ioctl(int fd, struct loop_info64 *info64)
-+{
-+ struct loop_info info;
-+ int r;
-+
-+ memset(info64, 0, sizeof(*info64));
-+ r = ioctl(fd, LOOP_GET_STATUS64, info64);
-+ if (!r)
-+ return 0;
-+ r = ioctl(fd, LOOP_GET_STATUS, &info);
-+ if (!r)
-+ loDev_convert_info_to_info64(&info, info64);
-+
-+ /* don't leave copies of encryption key on stack */
-+ memset(&info, 0, sizeof(info));
-+ return r;
-+}
-+
-+/* returns: 1=unused 0=busy */
-+static int loDev_is_unused_loop_device(int fd)
-+{
-+ struct loop_info64 info64;
-+ struct loop_info info;
-+ int r;
-+
-+ r = ioctl(fd, LOOP_GET_STATUS64, &info64);
-+ memset(&info64, 0, sizeof(info64));
-+ if (!r)
-+ return 0;
-+ if (errno == ENXIO)
-+ return 1;
-+
-+ r = ioctl(fd, LOOP_GET_STATUS, &info);
-+ memset(&info, 0, sizeof(info));
-+ if (!r)
-+ return 0;
-+ if (errno == ENXIO)
-+ return 1;
-+ if (errno == EOVERFLOW)
-+ return 0;
-+ return 1;
-+}
-+
-+struct loDev_crypt_type_struct {
-+ short int id;
-+ unsigned char flags; /* bit0 = show keybits, bit1 = add '-' before keybits */
-+ unsigned char keyBytes;
-+ char *name;
-+};
-+
-+static struct loDev_crypt_type_struct loDev_crypt_type_tbl[] = {
-+ { 0, 0, 0, "no" },
-+ { 0, 0, 0, "none" },
-+ { 1, 0, 0, "xor" },
-+ { 3, 1, 16, "twofish" },
-+ { 4, 1, 16, "blowfish" },
-+ { 7, 1, 16, "serpent" },
-+ { 8, 1, 16, "mars" },
-+ { 11, 3, 16, "rc6" },
-+ { 12, 0, 21, "tripleDES" },
-+ { 12, 0, 24, "3des" },
-+ { 12, 0, 24, "des3_ede" },
-+ { 16, 1, 16, "AES" },
-+ { -1, 0, 0, NULL }
-+};
-+
-+static char *loDev_getApiName(char *e, int *len)
-+{
-+ int x, y, z = 1, q = -1;
-+ unsigned char *s;
-+
-+ *len = y = 0;
-+ s = (unsigned char *)strdup(e);
-+ if(!s)
-+ return NULL;
-+ x = strlen((char *)s);
-+ while(x > 0) {
-+ x--;
-+ if(!isdigit(s[x]))
-+ break;
-+ y += (s[x] - '0') * z;
-+ z *= 10;
-+ q = x;
-+ }
-+ while(x >= 0) {
-+ s[x] = tolower(s[x]);
-+ if(s[x] == '-')
-+ s[x] = 0;
-+ x--;
-+ }
-+ if(y >= 40) {
-+ if(q >= 0)
-+ s[q] = 0;
-+ *len = y;
-+ }
-+ return((char *)s);
-+}
-+
-+static int loDev_crypt_type_fn(const char *name, u_int32_t *kbyp, char **apiName)
-+{
-+ int i, k;
-+ char *s;
-+
-+ *apiName = s = loDev_getApiName((char *)name, &k);
-+ if(!s) s = "";
-+ if(k < 0)
-+ k = 0;
-+ if(k > 256)
-+ k = 256;
-+ for (i = 0; loDev_crypt_type_tbl[i].id != -1; i++) {
-+ if (!strcasecmp (s , loDev_crypt_type_tbl[i].name)) {
-+ *kbyp = k ? k >> 3 : loDev_crypt_type_tbl[i].keyBytes;
-+ return loDev_crypt_type_tbl[i].id;
-+ }
-+ }
-+ *kbyp = 16; /* 128 bits */
-+ return 18; /* LO_CRYPT_CRYPTOAPI */
-+}
-+
-+static int loDev_try_cryptoapi_interface(int fd, struct loop_info64 *loopinfo, char *apiName)
-+{
-+ if(!apiName) apiName = "";
-+ snprintf((char *)loopinfo->lo_crypt_name, sizeof(loopinfo->lo_crypt_name), "%s-cbc", apiName);
-+ loopinfo->lo_crypt_name[LO_NAME_SIZE - 1] = 0;
-+ loopinfo->lo_encrypt_type = 18; /* LO_CRYPT_CRYPTOAPI */
-+ return(loDev_set_status64_ioctl(fd, loopinfo));
-+}
-+
-+static int loDev_is_loop_device(const char *device)
-+{
-+ struct stat statbuf;
-+
-+ return (stat(device, &statbuf) == 0 &&
-+ S_ISBLK(statbuf.st_mode) &&
-+ major(statbuf.st_rdev) == 7);
-+}
-+
-+int __loDev_is_loop_active_same_back(char *dev, char *backdev, char *offsetStr, char *sizelimitStr)
-+{
-+ int fd;
-+ int ret = 0;
-+ struct stat statbuf;
-+ struct loop_info64 loopinfo;
-+ uint64_t offset = 0, sizelimit = 0;
-+
-+ if(offsetStr)
-+ offset = loDev_mystrtoull(offsetStr, 1);
-+ if(sizelimitStr)
-+ sizelimit = loDev_mystrtoull(sizelimitStr, 0);
-+
-+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode) && major(statbuf.st_rdev) == 7) {
-+ if(stat (backdev, &statbuf) != 0)
-+ return 0;
-+ fd = open (dev, O_RDONLY);
-+ if (fd < 0)
-+ return 0;
-+ if ((loDev_get_status64_ioctl(fd, &loopinfo) == 0)
-+ && (loopinfo.lo_offset == offset)
-+ && (loopinfo.lo_sizelimit == sizelimit)
-+ && (statbuf.st_dev == loopinfo.lo_device)
-+ && (statbuf.st_ino == loopinfo.lo_inode))
-+ ret = 1; /* backing device matches */
-+ memset(&loopinfo, 0, sizeof(loopinfo));
-+ close(fd);
-+ }
-+ return ret;
-+}
-+
-+#define SIZE(a) (sizeof(a)/sizeof(a[0]))
-+
-+static char * loDev_find_unused_loop_device(void)
-+{
-+ /* Just creating a device, say in /tmp, is probably a bad idea -
-+ people might have problems with backup or so.
-+ So, we just try /dev/loop[0-7]. */
-+ char dev[20];
-+ char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" };
-+ int i, j, fd, somedev = 0, someloop = 0;
-+ struct stat statbuf;
-+
-+ for (j = 0; j < SIZE(loop_formats); j++) {
-+ for(i = 0; i < 256; i++) {
-+ sprintf(dev, loop_formats[j], i);
-+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) {
-+ somedev++;
-+ fd = open (dev, O_RDONLY);
-+ if (fd >= 0) {
-+ if (loDev_is_unused_loop_device(fd) == 0)
-+ someloop++; /* in use */
-+ else if (errno == ENXIO) {
-+ close (fd);
-+ return strdup(dev);/* probably free */
-+ }
-+ close (fd);
-+ }
-+ continue;/* continue trying as long as devices exist */
-+ }
-+ break;
-+ }
-+ }
-+ return 0;
-+}
-+
-+int mnt_context_is_loopdev(struct libmnt_context *cxt)
-+{
-+ const char *type, *src;
-+
-+ assert(cxt);
-+
-+ /* The mount flags have to be merged, otherwise we have to use
-+ * expensive mnt_context_get_user_mflags() instead of cxt->user_mountflags. */
-+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
-+
-+ if (!cxt->fs)
-+ return 0;
-+ src = mnt_fs_get_srcpath(cxt->fs);
-+ if (!src)
-+ return 0; /* backing file not set */
-+
-+ if (cxt->user_mountflags & (MNT_MS_LOOP |
-+ MNT_MS_OFFSET |
-+ MNT_MS_SIZELIMIT)) {
-+
-+ DBG(CXT, ul_debugobj(cxt, "loopdev specific options detected"));
-+ return 1;
-+ }
-+
-+ if (cxt->mountflags & (MS_BIND | MS_MOVE | MS_PROPAGATION))
-+ return 0;
-+
-+ /* Automatically create a loop device from a regular file if a
-+ * filesystem is not specified or the filesystem is known for libblkid
-+ * (these filesystems work with block devices only). The file size
-+ * should be at least 1KiB otherwise we will create empty loopdev where
-+ * is no mountable filesystem...
-+ *
-+ * Note that there is not a restriction (on kernel side) that prevents regular
-+ * file as a mount(2) source argument. A filesystem that is able to mount
-+ * regular files could be implemented.
-+ */
-+ type = mnt_fs_get_fstype(cxt->fs);
-+
-+ if (mnt_fs_is_regular(cxt->fs) &&
-+ (!type || strcmp(type, "auto") == 0 || blkid_known_fstype(type))) {
-+ struct stat st;
-+
-+ if (stat(src, &st) == 0 && S_ISREG(st.st_mode) &&
-+ st.st_size > 1024)
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
-+/* Check, if there already exists a mounted loop device on the mountpoint node
-+ * with the same parameters.
-+ */
-+static int is_mounted_same_loopfile(struct libmnt_context *cxt,
-+ const char *target,
-+ char *backing_file,
-+ char *offsetStr, char *sizelimitStr)
-+{
-+ struct libmnt_table *tb;
-+ struct libmnt_iter itr;
-+ struct libmnt_fs *fs;
-+ struct libmnt_cache *cache;
-+
-+ assert(cxt);
-+ assert(cxt->fs);
-+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
-+
-+ if (!target || !backing_file || mnt_context_get_mtab(cxt, &tb))
-+ return 0;
-+
-+ DBG(CXT, ul_debugobj(cxt, "checking if %s mounted on %s",
-+ backing_file, target));
-+
-+ cache = mnt_context_get_cache(cxt);
-+ mnt_reset_iter(&itr, MNT_ITER_BACKWARD);
-+
-+ /* Search for mountpoint node in mtab, procceed if any of these has the
-+ * loop option set or the device is a loop device
-+ */
-+ while (mnt_table_next_fs(tb, &itr, &fs) == 0) {
-+ const char *src = mnt_fs_get_source(fs);
-+ const char *opts = mnt_fs_get_user_options(fs);
-+ char *val;
-+ size_t len;
-+ int res = 0;
-+
-+ if (!src || !mnt_fs_match_target(fs, target, cache))
-+ continue;
-+
-+ if (strncmp(src, "/dev/loop", 9) == 0) {
-+ res = __loDev_is_loop_active_same_back((char *) src, backing_file, offsetStr, sizelimitStr);
-+
-+ } else if (opts && (cxt->user_mountflags & MNT_MS_LOOP) &&
-+ mnt_optstr_get_option(opts, "loop", &val, &len) == 0 && val) {
-+
-+ val = strndup(val, len);
-+ res = __loDev_is_loop_active_same_back((char *) val, backing_file, offsetStr, sizelimitStr);
-+ free(val);
-+ }
-+
-+ if (res) {
-+ DBG(CXT, ul_debugobj(cxt, "%s already mounted", backing_file));
-+ return 1;
-+ }
-+ }
-+
-+ return 0;
-+}
-+
-+int mnt_context_setup_loopdev(struct libmnt_context *cxt)
-+{
-+ int loop_dev_fd = -1, backing_fi_fd = -1;
-+ loDev_passInfo pi;
-+ struct loop_info64 loopinfo;
-+ int i;
-+ char *pass = NULL, *apiName = NULL;
-+ void (*hashFunc)(unsigned char *, int, unsigned char *, int);
-+ unsigned char multiKeyBits[65][32];
-+ int minPassLen = LOOP_PASSWORD_MIN_LENGTH;
-+ int run_mkfs_command = 0;
-+ int mode = O_RDWR;
-+ int fixedLoopName = 0;
-+ unsigned int chmodVal = 0;
-+ const char *optstr;
-+ char *val = NULL;
-+ size_t len = 0;
-+ int rc = 0, myErrno = 0;
-+ uint64_t offset = 0, sizelimit = 0;
-+
-+
-+ memset(&pi, 0, sizeof(pi));
-+ assert(cxt);
-+ assert(cxt->fs);
-+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
-+ cxt->loopdev_fd = -1;
-+
-+ pi.loopFileName = (char *) mnt_fs_get_srcpath(cxt->fs);
-+ if (!pi.loopFileName)
-+ return -EINVAL;
-+
-+ DBG(CXT, ul_debugobj(cxt, "trying to setup loopdev for %s", pi.loopFileName));
-+
-+ if (cxt->mountflags & MS_RDONLY) {
-+ DBG(CXT, ul_debugobj(cxt, "enabling READ-ONLY flag"));
-+ mode = O_RDONLY;
-+ }
-+
-+ optstr = mnt_fs_get_user_options(cxt->fs);
-+
-+#define MM(a,b) if(mnt_optstr_get_option(optstr, a, &val, &len) == 0 && val && len) { \
-+ if(!(b = strndup(val, len))) rc = -ENOMEM; \
-+ }
-+
-+ MM("loop", pi.loopDevName);
-+ MM("offset", pi.loopOffsetBytes);
-+ MM("sizelimit", pi.loopSizeBytes);
-+ MM("encryption", pi.loopEncryptionType);
-+ MM("pseed", pi.passSeedString);
-+ MM("phash", pi.passHashFuncName);
-+ MM("itercountk", pi.passIterThousands);
-+ MM("loinit", pi.loInitValue);
-+ MM("gpgkey", pi.gpgKeyFile);
-+ MM("gpghome", pi.gpgHomeDir);
-+ MM("cleartextkey", pi.clearTextKeyFile);
-+
-+#undef MM
-+
-+ if(pi.loopOffsetBytes)
-+ offset = loDev_mystrtoull(pi.loopOffsetBytes, 1);
-+ if(pi.loopSizeBytes)
-+ sizelimit = loDev_mystrtoull(pi.loopSizeBytes, 0);
-+
-+ if (rc == 0 && is_mounted_same_loopfile(cxt, mnt_context_get_target(cxt), pi.loopFileName, pi.loopOffsetBytes, pi.loopSizeBytes))
-+ rc = -EBUSY;
-+ if (rc)
-+ goto clean_up_out;
-+ if(pi.loopDevName) {
-+ fixedLoopName = 1;
-+ if(__loDev_is_loop_active_same_back(pi.loopDevName, pi.loopFileName, pi.loopOffsetBytes, pi.loopSizeBytes)) {
-+ /* loop device appears to be already set up to same backing file, so skip most of loop setup */
-+ /* this is useful for encrypted losetup -> fsck -> mount, where passphrase needs to be typed only once */
-+ rc = mnt_fs_set_source(cxt->fs, pi.loopDevName);
-+ if(rc) goto clean_up_out;
-+ goto skip_setup_ok_out;
-+ }
-+ } else if(cxt->fs && mnt_optstr_get_option(optstr, "loop", &val, &len) != 0) {
-+ /* Looks like no "loop" option at all. Add one so it gets cleaned up by umount */
-+ mnt_optstr_append_option(&cxt->fs->user_optstr, "loop", NULL);
-+ }
-+ if((backing_fi_fd = open(pi.loopFileName, mode)) < 0) {
-+ DBG(CXT, ul_debugobj(cxt, "can't open backing device/file"));
-+ myErrno = ENODEV;
-+ rc = -MNT_ERR_LOOPDEV;
-+ goto clean_up_out;
-+ }
-+
-+try_again_another_loopdev:
-+ sync();
-+ if(!pi.loopDevName) {
-+ pi.loopDevName = loDev_find_unused_loop_device();
-+ if(!pi.loopDevName) {
-+ DBG(CXT, ul_debugobj(cxt, "can't find free loop device"));
-+ myErrno = ENODEV;
-+ rc = -MNT_ERR_LOOPDEV;
-+ goto clean_up_out;
-+ }
-+ }
-+ if((loop_dev_fd = open(pi.loopDevName, mode)) < 0) {
-+ DBG(CXT, ul_debugobj(cxt, "can't open loop device"));
-+ myErrno = ENODEV;
-+ rc = -MNT_ERR_LOOPDEV;
-+ goto clean_up_out;
-+ }
-+ if(ioctl(loop_dev_fd, LOOP_SET_FD, backing_fi_fd) < 0) {
-+ if(errno == EBUSY && !fixedLoopName) {
-+ close(loop_dev_fd);
-+ loop_dev_fd = -1;
-+ free(pi.loopDevName);
-+ pi.loopDevName = NULL;
-+ DBG(CXT, ul_debugobj(cxt, "loopdev stolen...trying again"));
-+ goto try_again_another_loopdev;
-+ }
-+ close(loop_dev_fd);
-+ loop_dev_fd = -1;
-+ DBG(CXT, ul_debugobj(cxt, "loop set-fd ioctl failed"));
-+ myErrno = EBUSY;
-+ rc = -MNT_ERR_LOOPDEV;
-+ goto clean_up_out;
-+ }
-+
-+ memset(&loopinfo, 0, sizeof (loopinfo));
-+ strncpy((char *)loopinfo.lo_file_name, pi.loopFileName, LO_NAME_SIZE - 1);
-+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0;
-+ if(pi.loopEncryptionType)
-+ loopinfo.lo_encrypt_type = loDev_crypt_type_fn(pi.loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName);
-+ loopinfo.lo_offset = offset;
-+ loopinfo.lo_sizelimit = sizelimit;
-+
-+ switch(loopinfo.lo_encrypt_type) {
-+ case 0: /* LO_CRYPT_NONE */
-+ loopinfo.lo_encrypt_key_size = 0;
-+ break;
-+ case 1: /* LO_CRYPT_XOR */
-+ pass = loDev_sGetPass(cxt, &pi, 1, 0);
-+ if(!pass) {
-+ myErrno = ENOKEY;
-+ goto loop_clr_fd_out;
-+ }
-+ strncpy((char *)loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE - 1);
-+ loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0;
-+ loopinfo.lo_encrypt_key_size = strlen((char*)loopinfo.lo_encrypt_key);
-+ break;
-+ case 3: /* LO_CRYPT_FISH2 */
-+ case 4: /* LO_CRYPT_BLOW */
-+ case 7: /* LO_CRYPT_SERPENT */
-+ case 8: /* LO_CRYPT_MARS */
-+ case 11: /* LO_CRYPT_RC6 */
-+ case 12: /* LO_CRYPT_DES_EDE3 */
-+ case 16: /* LO_CRYPT_AES */
-+ case 18: /* LO_CRYPT_CRYPTOAPI */
-+ /* set default hash function */
-+ hashFunc = __loDev_sha256_hash_buffer;
-+ if(loopinfo.lo_encrypt_key_size == 24) hashFunc = __loDev_sha384_hash_buffer;
-+ if(loopinfo.lo_encrypt_key_size == 32) hashFunc = __loDev_sha512_hash_buffer;
-+ /* possibly override default hash function */
-+ if(pi.passHashFuncName) {
-+ if(!strcasecmp(pi.passHashFuncName, "sha256")) {
-+ hashFunc = __loDev_sha256_hash_buffer;
-+ } else if(!strcasecmp(pi.passHashFuncName, "sha384")) {
-+ hashFunc = __loDev_sha384_hash_buffer;
-+ } else if(!strcasecmp(pi.passHashFuncName, "sha512")) {
-+ hashFunc = __loDev_sha512_hash_buffer;
-+ } else if(!strcasecmp(pi.passHashFuncName, "rmd160")) {
-+ hashFunc = loDev_rmd160HashTwiceWithA;
-+ minPassLen = 1;
-+ } else if(!strcasecmp(pi.passHashFuncName, "unhashed1")) {
-+ hashFunc = loDev_unhashed1_key_setup;
-+ } else if(!strcasecmp(pi.passHashFuncName, "unhashed2")) {
-+ hashFunc = loDev_unhashed2_key_setup;
-+ minPassLen = 1;
-+ } else if(!strncasecmp(pi.passHashFuncName, "random", 6) && ((pi.passHashFuncName[6] == 0) || (pi.passHashFuncName[6] == '/'))) {
-+ /* random hash type sets up 65 random keys */
-+ /* WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING */
-+ /* IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. */
-+ if(loDev_create_random_keys(cxt, pi.loopFileName, loopinfo.lo_offset, loopinfo.lo_sizelimit, cxt->mountflags & MS_RDONLY, &multiKeyBits[0][0])) {
-+ myErrno = ENOKEY;
-+ goto loop_clr_fd_out;
-+ }
-+ memcpy(&loopinfo.lo_encrypt_key[0], &multiKeyBits[0][0], sizeof(loopinfo.lo_encrypt_key));
-+ run_mkfs_command = pi.multiKeyMode = 1000;
-+ break; /* out of switch(loopinfo.lo_encrypt_type) */
-+ }
-+ }
-+ pass = loDev_sGetPass(cxt, &pi, minPassLen, LOOP_PASSWORD_MIN_LENGTH);
-+ if(!pass) {
-+ myErrno = ENOKEY;
-+ goto loop_clr_fd_out;
-+ }
-+ i = strlen(pass);
-+ if(hashFunc == loDev_unhashed1_key_setup) {
-+ /* this is for compatibility with historic loop-AES version */
-+ loopinfo.lo_encrypt_key_size = 16; /* 128 bits */
-+ if(i >= 32) loopinfo.lo_encrypt_key_size = 24; /* 192 bits */
-+ if(i >= 43) loopinfo.lo_encrypt_key_size = 32; /* 256 bits */
-+ }
-+ (*hashFunc)((unsigned char *)pass, i, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key));
-+ if(pi.multiKeyMode) {
-+ int r = 0, t;
-+ while(r < pi.multiKeyMode) {
-+ t = strlen(pi.multiKeyPass[r]);
-+ (*hashFunc)((unsigned char *)pi.multiKeyPass[r], t, &multiKeyBits[r][0], 32);
-+ memset(pi.multiKeyPass[r], 0, t);
-+ /*
-+ * MultiKeyMode uses md5 IV. One key mode uses sector IV. Sector IV
-+ * and md5 IV v2 and v3 are all computed differently. This first key
-+ * byte XOR with 0x55/0xF4 is needed to cause complete decrypt failure
-+ * in cases where data is encrypted with one type of IV and decrypted
-+ * with another type IV. If identical key was used but only IV was
-+ * computed differently, only first plaintext block of 512 byte CBC
-+ * chain would decrypt incorrectly and rest would decrypt correctly.
-+ * Partially correct decryption is dangerous. Decrypting all blocks
-+ * incorrectly is safer because file system mount will simply fail.
-+ */
-+ if(pi.multiKeyMode == 65) {
-+ multiKeyBits[r][0] ^= 0xF4; /* version 3 */
-+ } else {
-+ multiKeyBits[r][0] ^= 0x55; /* version 2 */
-+ }
-+ r++;
-+ }
-+ } else if(pi.passIterThousands) {
-+ aes_context ctx;
-+ unsigned long iter = 0;
-+ unsigned char tempkey[32];
-+ /*
-+ * Set up AES-256 encryption key using same password and hash function
-+ * as before but with password bit 0 flipped before hashing. That key
-+ * is then used to encrypt actual loop key 'itercountk' thousand times.
-+ */
-+ pass[0] ^= 1;
-+ (*hashFunc)((unsigned char *)pass, i, &tempkey[0], 32);
-+ __loDev_aes_set_key(&ctx, &tempkey[0], 32, 0);
-+ sscanf(pi.passIterThousands, "%lu", &iter);
-+ iter *= 1000;
-+ while(iter > 0) {
-+ /* encrypt both 128bit blocks with AES-256 */
-+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[ 0], &loopinfo.lo_encrypt_key[ 0]);
-+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[16], &loopinfo.lo_encrypt_key[16]);
-+ /* exchange upper half of first block with lower half of second block */
-+ memcpy(&tempkey[0], &loopinfo.lo_encrypt_key[8], 8);
-+ memcpy(&loopinfo.lo_encrypt_key[8], &loopinfo.lo_encrypt_key[16], 8);
-+ memcpy(&loopinfo.lo_encrypt_key[16], &tempkey[0], 8);
-+ iter--;
-+ }
-+ memset(&ctx, 0, sizeof(ctx));
-+ memset(&tempkey[0], 0, sizeof(tempkey));
-+ }
-+ memset(pass, 0, i); /* erase original password */
-+ break;
-+ default:
-+ DBG(CXT, ul_debugobj(cxt, "don't know how to set up this type encryption"));
-+ myErrno = ENOKEY;
-+ goto loop_clr_fd_out;
-+ }
-+
-+ if(pi.loInitValue) {
-+ /* cipher modules are free to do whatever they want with this value */
-+ i = 0;
-+ sscanf(pi.loInitValue, "%d", &i);
-+ loopinfo.lo_init[0] = i;
-+ }
-+
-+ /* type 18 == LO_CRYPT_CRYPTOAPI */
-+ if ((loopinfo.lo_encrypt_type == 18) || (loDev_set_status64_ioctl(loop_dev_fd, &loopinfo) < 0)) {
-+ /* direct cipher interface failed - try CryptoAPI interface now */
-+ if(!apiName || (loDev_try_cryptoapi_interface(loop_dev_fd, &loopinfo, apiName) < 0)) {
-+ DBG(CXT, ul_debugobj(cxt, "loop set-status ioctl failed"));
-+ myErrno = ENOTSUP;
-+ loop_clr_fd_out:
-+ (void) ioctl(loop_dev_fd, LOOP_CLR_FD, 0);
-+ rc = -MNT_ERR_LOOPDEV;
-+ goto clean_up_out;
-+ }
-+ }
-+ if(pi.multiKeyMode >= 65) {
-+ if(ioctl(loop_dev_fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) {
-+ if(pi.multiKeyMode == 1000) goto try_v2_setup;
-+ DBG(CXT, ul_debugobj(cxt, "loop multi-key-v3 ioctl failed"));
-+ myErrno = ENOTSUP;
-+ goto loop_clr_fd_out;
-+ }
-+ } else if(pi.multiKeyMode == 64) {
-+ try_v2_setup:
-+ if((ioctl(loop_dev_fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]) < 0) && (pi.multiKeyMode != 1000)) {
-+ DBG(CXT, ul_debugobj(cxt, "loop multi-key-v2 ioctl failed"));
-+ myErrno = ENOTSUP;
-+ goto loop_clr_fd_out;
-+ }
-+ }
-+
-+ if(run_mkfs_command && cxt->fs && cxt->fs->fstype && cxt->fs->fstype[0] && (getuid() == 0)) {
-+ if(!loDev_fork_mkfs_command(cxt, pi.loopDevName, cxt->fs->fstype)) {
-+ /* !strncasecmp(pi.passHashFuncName, "random", 6) test matched */
-+ /* This reads octal mode for newly created file system root */
-+ /* directory node from '-o phash=random/1777' mount option. */
-+ /* octal mode--^^^^ */
-+ if(sscanf(pi.passHashFuncName + 6, "/%o", &chmodVal) == 1) {
-+ /* bits 31...24 set to magic value, so that if something */
-+ /* interprets cxt->loopdev_fd as a file descriptor, it will fail */
-+ chmodVal &= 0x00FFFFFF;
-+ chmodVal |= 0x77000000;
-+ }
-+
-+ } else {
-+ myErrno = ENOMEM;
-+ goto loop_clr_fd_out;
-+ }
-+ }
-+
-+ rc = mnt_fs_set_source(cxt->fs, pi.loopDevName);
-+ if(rc) {
-+ myErrno = ENOMEM;
-+ goto loop_clr_fd_out;
-+ }
-+
-+skip_setup_ok_out:
-+ /* success */
-+ cxt->flags |= MNT_FL_LOOPDEV_READY;
-+ if(chmodVal) {
-+ cxt->loopdev_fd = (int)chmodVal;
-+ }
-+
-+clean_up_out:
-+ if(loop_dev_fd != -1) close(loop_dev_fd);
-+ if(backing_fi_fd != -1) close(backing_fi_fd);
-+
-+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key));
-+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
-+
-+ for(i = 0; i < 66; i++) {
-+ if(pi.multiKeyPass[i]) free(pi.multiKeyPass[i]);
-+ }
-+ if(pi.loopDevName) free(pi.loopDevName);
-+ if(pi.loopOffsetBytes) free(pi.loopOffsetBytes);
-+ if(pi.loopSizeBytes) free(pi.loopSizeBytes);
-+ if(pi.loopEncryptionType) free(pi.loopEncryptionType);
-+ if(pi.passSeedString) free(pi.passSeedString);
-+ if(pi.passHashFuncName) free(pi.passHashFuncName);
-+ if(pi.passIterThousands) free(pi.passIterThousands);
-+ if(pi.loInitValue) free(pi.loInitValue);
-+ if(pi.gpgKeyFile) free(pi.gpgKeyFile);
-+ if(pi.gpgHomeDir) free(pi.gpgHomeDir);
-+ if(pi.clearTextKeyFile) free(pi.clearTextKeyFile);
-+
-+ if(apiName) free(apiName);
-+ if(pi.extraPtrToFree) free(pi.extraPtrToFree);
-+
-+ if(pi.pass_cb_string && cxt->pwd_release_cb) {
-+ DBG(CXT, ul_debugobj(cxt, "release pass"));
-+ cxt->pwd_release_cb(cxt, pi.pass_cb_string);
-+ }
-+ if(myErrno) errno = myErrno;
-+ return rc;
-+}
-+
-+/*
-+ * Deletes loop device
-+ */
-+int mnt_context_delete_loopdev(struct libmnt_context *cxt)
-+{
-+ const char *src;
-+ int rc = 0, fd;
-+
-+ assert(cxt);
-+ assert(cxt->fs);
-+
-+ src = mnt_fs_get_srcpath(cxt->fs);
-+ if (!src)
-+ return -EINVAL;
-+
-+ if(!loDev_is_loop_device(src))
-+ return -EINVAL;
-+
-+ sync();
-+ if((fd = open(src, O_RDONLY)) < 0) {
-+ DBG(CXT, ul_debugobj(cxt, "can't open loop device"));
-+ rc = -ENODEV;
-+ } else {
-+ if(ioctl(fd, LOOP_CLR_FD, 0) < 0) {
-+ DBG(CXT, ul_debugobj(cxt, "loop crl-fd ioctl failed"));
-+ rc = -EINVAL;
-+ }
-+ close(fd);
-+ }
-+ cxt->flags &= ~MNT_FL_LOOPDEV_READY;
-+ cxt->loopdev_fd = -1;
-+
-+ DBG(CXT, ul_debugobj(cxt, "loopdev deleted [rc=%d]", rc));
-+ return rc;
-+}
-+
-+/*
-+ * Clears loopdev stuff in context, should be called after
-+ * failed or successful mount(2).
-+ */
-+int mnt_context_clear_loopdev(struct libmnt_context *cxt)
-+{
-+ unsigned int chmodVal;
-+
-+ assert(cxt);
-+
-+ if(mnt_context_get_status(cxt) == 0 && (cxt->flags & MNT_FL_LOOPDEV_READY)) {
-+ /* mount(2) failed, delete loopdev */
-+ mnt_context_delete_loopdev(cxt);
-+ } else if(cxt->loopdev_fd != -1) {
-+ chmodVal = (unsigned int) cxt->loopdev_fd;
-+ if((chmodVal & 0xFF000000) == 0x77000000) { /* check magic value */
-+ chmodVal &= 0x00FFFFFF;
-+ if(cxt->fs && cxt->fs->target && cxt->fs->target[0]) {
-+ /*
-+ * If loop was set up using random keys and new file system
-+ * was created on the loop device, initial permissions for
-+ * file system root directory need to be set here.
-+ */
-+ DBG(CXT, ul_debugobj(cxt, "doing chmod() on mountpoint"));
-+ if(chmod(cxt->fs->target, chmodVal)) {
-+ DBG(CXT, ul_debugobj(cxt, "chmod() on mountpoint failed"));
-+ }
-+ }
-+ }
-+ }
-+ cxt->loopdev_fd = -1;
-+ return 0;
-+}
-diff -urN util-linux-2.34/libmount/src/context_umount.c util-linux-2.34-AES/libmount/src/context_umount.c
---- util-linux-2.34/libmount/src/context_umount.c 2019-05-15 18:24:08.255894236 +0300
-+++ util-linux-2.34-AES/libmount/src/context_umount.c 2019-07-11 09:31:03.212081123 +0300
-@@ -330,11 +330,12 @@
- */
- static int is_associated_fs(const char *devname, struct libmnt_fs *fs)
- {
-- uintmax_t offset = 0;
-+ int r;
- const char *src, *optstr;
- char *val;
- size_t valsz;
-- int flags = 0;
-+ char *offsetStr = NULL, *sizelimitStr = NULL;
-+ extern int __loDev_is_loop_active_same_back(char *, char *, char *, char *);
-
- /* check if it begins with /dev/loop */
- if (strncmp(devname, _PATH_DEV_LOOP, sizeof(_PATH_DEV_LOOP) - 1))
-@@ -346,16 +347,16 @@
-
- /* check for the offset option in @fs */
- optstr = mnt_fs_get_user_options(fs);
--
-- if (optstr &&
-- mnt_optstr_get_option(optstr, "offset", &val, &valsz) == 0) {
-- flags |= LOOPDEV_FL_OFFSET;
--
-- if (mnt_parse_offset(val, valsz, &offset) != 0)
-- return 0;
-- }
--
-- return loopdev_is_used(devname, src, offset, 0, flags);
-+ if (optstr) {
-+ if(mnt_optstr_get_option(optstr, "offset", &val, &valsz) == 0 && val && valsz)
-+ offsetStr = strndup(val, valsz);
-+ if(mnt_optstr_get_option(optstr, "sizelimit", &val, &valsz) == 0 && val && valsz)
-+ sizelimitStr = strndup(val, valsz);
-+ }
-+ r = __loDev_is_loop_active_same_back((char *) devname, (char *) src, offsetStr, sizelimitStr);
-+ if(offsetStr) free(offsetStr);
-+ if(sizelimitStr) free(sizelimitStr);
-+ return r;
- }
-
- static int prepare_helper_from_options(struct libmnt_context *cxt,
-@@ -920,7 +921,7 @@
- if (!rc && mnt_context_is_loopdel(cxt) && cxt->fs) {
- const char *src = mnt_fs_get_srcpath(cxt->fs);
-
-- if (src && (!is_loopdev(src) || loopdev_is_autoclear(src)))
-+ if (src && !is_loopdev(src))
- mnt_context_enable_loopdel(cxt, FALSE);
- }
-
-diff -urN util-linux-2.34/libmount/src/optmap.c util-linux-2.34-AES/libmount/src/optmap.c
---- util-linux-2.34/libmount/src/optmap.c 2019-02-22 12:17:43.717854104 +0200
-+++ util-linux-2.34-AES/libmount/src/optmap.c 2019-07-11 09:31:03.212081123 +0300
-@@ -168,10 +168,19 @@
- { "x-", MNT_MS_XCOMMENT, MNT_NOHLPS | MNT_PREFIX }, /* persistent comments (utab) */
- { "X-", MNT_MS_XFSTABCOMM, MNT_NOHLPS | MNT_NOMTAB | MNT_PREFIX }, /* fstab only comments */
-
-- { "loop[=]", MNT_MS_LOOP, MNT_NOHLPS }, /* use the loop device */
-+ { "loop[=]", MNT_MS_LOOP, MNT_NOHLPS }, /* use the loop device (no MNT_NOMTAB flag) */
- { "offset=", MNT_MS_OFFSET, MNT_NOHLPS | MNT_NOMTAB }, /* loop device offset */
- { "sizelimit=", MNT_MS_SIZELIMIT, MNT_NOHLPS | MNT_NOMTAB }, /* loop device size limit */
-- { "encryption=", MNT_MS_ENCRYPTION, MNT_NOHLPS | MNT_NOMTAB }, /* loop device encryption */
-+/* IMPORTANT - make sure that bit numbers below do not conflict with other MNT_MS_* bit numbers in libmount.h.in */
-+ { "encryption=", (1 << 23), MNT_NOHLPS | MNT_NOMTAB }, /* loop device encryption */
-+ { "pseed=", (1 << 24), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase seed */
-+ { "phash=", (1 << 25), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase hash function */
-+ { "itercountk=", (1 << 26), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase iteration count */
-+ { "loinit=", (1 << 27), MNT_NOHLPS | MNT_NOMTAB }, /* loop device initialization code */
-+ { "gpgkey=", (1 << 28), MNT_NOHLPS | MNT_NOMTAB }, /* loop device GnuPG key file */
-+ { "gpghome=", (1 << 29), MNT_NOHLPS | MNT_NOMTAB }, /* loop device GnuPG home directory */
-+ { "cleartextkey=", (1 << 30), MNT_NOHLPS | MNT_NOMTAB }, /* loop device clear text key file */
-+/* end IMPORTANT */
-
- { "nofail", MNT_MS_NOFAIL, MNT_NOMTAB }, /* Do not fail if ENOENT on dev */
-
-diff -urN util-linux-2.34/libmount/src/rmd160.c util-linux-2.34-AES/libmount/src/rmd160.c
---- util-linux-2.34/libmount/src/rmd160.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/rmd160.c 2019-07-11 09:31:03.213081128 +0300
-@@ -0,0 +1,532 @@
-+/* rmd160.c - RIPE-MD160
-+ * Copyright (C) 1998 Free Software Foundation, Inc.
-+ */
-+
-+/* This file was part of GnuPG. Modified for use within the Linux
-+ * mount utility by Marc Mutz <Marc@Mutz.com>. None of this code is
-+ * by myself. I just removed everything that you don't need when all
-+ * you want to do is to use rmd160_hash_buffer().
-+ * My comments are marked with (mm). */
-+
-+/* GnuPG is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * GnuPG is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */
-+
-+#include <string.h> /* (mm) for memcpy */
-+#include <endian.h> /* (mm) for BIG_ENDIAN and BYTE_ORDER */
-+#include "rmd160.h"
-+
-+/* (mm) these are used by the original GnuPG file. In order to modify
-+ * that file not too much, we keep the notations. maybe it would be
-+ * better to include linux/types.h and typedef __u32 to u32 and __u8
-+ * to byte? */
-+typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */
-+typedef unsigned char byte;
-+
-+typedef struct {
-+ u32 h0,h1,h2,h3,h4;
-+ u32 nblocks;
-+ byte buf[64];
-+ int count;
-+} RMD160_CONTEXT;
-+
-+/****************
-+ * Rotate a 32 bit integer by n bytes
-+ */
-+#if defined(__GNUC__) && defined(__i386__)
-+static inline u32
-+rol( u32 x, int n)
-+{
-+ __asm__("roll %%cl,%0"
-+ :"=r" (x)
-+ :"0" (x),"c" (n));
-+ return x;
-+}
-+#else
-+ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
-+#endif
-+
-+/*********************************
-+ * RIPEMD-160 is not patented, see (as of 25.10.97)
-+ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
-+ * Note that the code uses Little Endian byteorder, which is good for
-+ * 386 etc, but we must add some conversion when used on a big endian box.
-+ *
-+ *
-+ * Pseudo-code for RIPEMD-160
-+ *
-+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
-+ * The round function takes as input a 5-word chaining variable and a 16-word
-+ * message block and maps this to a new chaining variable. All operations are
-+ * defined on 32-bit words. Padding is identical to that of MD4.
-+ *
-+ *
-+ * RIPEMD-160: definitions
-+ *
-+ *
-+ * nonlinear functions at bit level: exor, mux, -, mux, -
-+ *
-+ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
-+ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
-+ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
-+ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
-+ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
-+ *
-+ *
-+ * added constants (hexadecimal)
-+ *
-+ * K(j) = 0x00000000 (0 <= j <= 15)
-+ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
-+ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
-+ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
-+ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
-+ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
-+ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
-+ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
-+ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
-+ * K'(j) = 0x00000000 (64 <= j <= 79)
-+ *
-+ *
-+ * selection of message word
-+ *
-+ * r(j) = j (0 <= j <= 15)
-+ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
-+ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
-+ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
-+ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
-+ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
-+ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
-+ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
-+ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
-+ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
-+ *
-+ *
-+ * amount for rotate left (rol)
-+ *
-+ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
-+ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
-+ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
-+ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
-+ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
-+ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
-+ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
-+ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
-+ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
-+ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
-+ *
-+ *
-+ * initial value (hexadecimal)
-+ *
-+ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
-+ * h4 = 0xC3D2E1F0;
-+ *
-+ *
-+ * RIPEMD-160: pseudo-code
-+ *
-+ * It is assumed that the message after padding consists of t 16-word blocks
-+ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
-+ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
-+ * shift (rotate) over s positions.
-+ *
-+ *
-+ * for i := 0 to t-1 {
-+ * A := h0; B := h1; C := h2; D = h3; E = h4;
-+ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
-+ * for j := 0 to 79 {
-+ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
-+ * A := E; E := D; D := rol_10(C); C := B; B := T;
-+ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
-+ [+] K'(j)) [+] E';
-+ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
-+ * }
-+ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
-+ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
-+ * }
-+ */
-+
-+/* Some examples:
-+ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
-+ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
-+ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
-+ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
-+ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
-+ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
-+ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
-+ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
-+ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
-+ */
-+
-+
-+static void
-+rmd160_init( RMD160_CONTEXT *hd )
-+{
-+ hd->h0 = 0x67452301;
-+ hd->h1 = 0xEFCDAB89;
-+ hd->h2 = 0x98BADCFE;
-+ hd->h3 = 0x10325476;
-+ hd->h4 = 0xC3D2E1F0;
-+ hd->nblocks = 0;
-+ hd->count = 0;
-+}
-+
-+
-+
-+/****************
-+ * Transform the message X which consists of 16 32-bit-words
-+ */
-+static void
-+transform( RMD160_CONTEXT *hd, byte *data )
-+{
-+ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
-+ #if BYTE_ORDER == BIG_ENDIAN
-+ u32 x[16];
-+ { int i;
-+ byte *p2, *p1;
-+ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) {
-+ p2[3] = *p1++;
-+ p2[2] = *p1++;
-+ p2[1] = *p1++;
-+ p2[0] = *p1++;
-+ }
-+ }
-+ #else
-+ #if 0
-+ u32 *x =(u32*)data;
-+ #else
-+ /* this version is better because it is always aligned;
-+ * The performance penalty on a 586-100 is about 6% which
-+ * is acceptable - because the data is more local it might
-+ * also be possible that this is faster on some machines.
-+ * This function (when compiled with -02 on gcc 2.7.2)
-+ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
-+ * [measured with a 4MB data and "gpgm --print-md rmd160"] */
-+ u32 x[16];
-+ memcpy( x, data, 64 );
-+ #endif
-+ #endif
-+
-+
-+#define K0 0x00000000
-+#define K1 0x5A827999
-+#define K2 0x6ED9EBA1
-+#define K3 0x8F1BBCDC
-+#define K4 0xA953FD4E
-+#define KK0 0x50A28BE6
-+#define KK1 0x5C4DD124
-+#define KK2 0x6D703EF3
-+#define KK3 0x7A6D76E9
-+#define KK4 0x00000000
-+#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
-+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
-+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
-+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
-+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
-+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
-+ a = rol(t,s) + e; \
-+ c = rol(c,10); \
-+ } while(0)
-+
-+ /* left lane */
-+ a = hd->h0;
-+ b = hd->h1;
-+ c = hd->h2;
-+ d = hd->h3;
-+ e = hd->h4;
-+ R( a, b, c, d, e, F0, K0, 0, 11 );
-+ R( e, a, b, c, d, F0, K0, 1, 14 );
-+ R( d, e, a, b, c, F0, K0, 2, 15 );
-+ R( c, d, e, a, b, F0, K0, 3, 12 );
-+ R( b, c, d, e, a, F0, K0, 4, 5 );
-+ R( a, b, c, d, e, F0, K0, 5, 8 );
-+ R( e, a, b, c, d, F0, K0, 6, 7 );
-+ R( d, e, a, b, c, F0, K0, 7, 9 );
-+ R( c, d, e, a, b, F0, K0, 8, 11 );
-+ R( b, c, d, e, a, F0, K0, 9, 13 );
-+ R( a, b, c, d, e, F0, K0, 10, 14 );
-+ R( e, a, b, c, d, F0, K0, 11, 15 );
-+ R( d, e, a, b, c, F0, K0, 12, 6 );
-+ R( c, d, e, a, b, F0, K0, 13, 7 );
-+ R( b, c, d, e, a, F0, K0, 14, 9 );
-+ R( a, b, c, d, e, F0, K0, 15, 8 );
-+ R( e, a, b, c, d, F1, K1, 7, 7 );
-+ R( d, e, a, b, c, F1, K1, 4, 6 );
-+ R( c, d, e, a, b, F1, K1, 13, 8 );
-+ R( b, c, d, e, a, F1, K1, 1, 13 );
-+ R( a, b, c, d, e, F1, K1, 10, 11 );
-+ R( e, a, b, c, d, F1, K1, 6, 9 );
-+ R( d, e, a, b, c, F1, K1, 15, 7 );
-+ R( c, d, e, a, b, F1, K1, 3, 15 );
-+ R( b, c, d, e, a, F1, K1, 12, 7 );
-+ R( a, b, c, d, e, F1, K1, 0, 12 );
-+ R( e, a, b, c, d, F1, K1, 9, 15 );
-+ R( d, e, a, b, c, F1, K1, 5, 9 );
-+ R( c, d, e, a, b, F1, K1, 2, 11 );
-+ R( b, c, d, e, a, F1, K1, 14, 7 );
-+ R( a, b, c, d, e, F1, K1, 11, 13 );
-+ R( e, a, b, c, d, F1, K1, 8, 12 );
-+ R( d, e, a, b, c, F2, K2, 3, 11 );
-+ R( c, d, e, a, b, F2, K2, 10, 13 );
-+ R( b, c, d, e, a, F2, K2, 14, 6 );
-+ R( a, b, c, d, e, F2, K2, 4, 7 );
-+ R( e, a, b, c, d, F2, K2, 9, 14 );
-+ R( d, e, a, b, c, F2, K2, 15, 9 );
-+ R( c, d, e, a, b, F2, K2, 8, 13 );
-+ R( b, c, d, e, a, F2, K2, 1, 15 );
-+ R( a, b, c, d, e, F2, K2, 2, 14 );
-+ R( e, a, b, c, d, F2, K2, 7, 8 );
-+ R( d, e, a, b, c, F2, K2, 0, 13 );
-+ R( c, d, e, a, b, F2, K2, 6, 6 );
-+ R( b, c, d, e, a, F2, K2, 13, 5 );
-+ R( a, b, c, d, e, F2, K2, 11, 12 );
-+ R( e, a, b, c, d, F2, K2, 5, 7 );
-+ R( d, e, a, b, c, F2, K2, 12, 5 );
-+ R( c, d, e, a, b, F3, K3, 1, 11 );
-+ R( b, c, d, e, a, F3, K3, 9, 12 );
-+ R( a, b, c, d, e, F3, K3, 11, 14 );
-+ R( e, a, b, c, d, F3, K3, 10, 15 );
-+ R( d, e, a, b, c, F3, K3, 0, 14 );
-+ R( c, d, e, a, b, F3, K3, 8, 15 );
-+ R( b, c, d, e, a, F3, K3, 12, 9 );
-+ R( a, b, c, d, e, F3, K3, 4, 8 );
-+ R( e, a, b, c, d, F3, K3, 13, 9 );
-+ R( d, e, a, b, c, F3, K3, 3, 14 );
-+ R( c, d, e, a, b, F3, K3, 7, 5 );
-+ R( b, c, d, e, a, F3, K3, 15, 6 );
-+ R( a, b, c, d, e, F3, K3, 14, 8 );
-+ R( e, a, b, c, d, F3, K3, 5, 6 );
-+ R( d, e, a, b, c, F3, K3, 6, 5 );
-+ R( c, d, e, a, b, F3, K3, 2, 12 );
-+ R( b, c, d, e, a, F4, K4, 4, 9 );
-+ R( a, b, c, d, e, F4, K4, 0, 15 );
-+ R( e, a, b, c, d, F4, K4, 5, 5 );
-+ R( d, e, a, b, c, F4, K4, 9, 11 );
-+ R( c, d, e, a, b, F4, K4, 7, 6 );
-+ R( b, c, d, e, a, F4, K4, 12, 8 );
-+ R( a, b, c, d, e, F4, K4, 2, 13 );
-+ R( e, a, b, c, d, F4, K4, 10, 12 );
-+ R( d, e, a, b, c, F4, K4, 14, 5 );
-+ R( c, d, e, a, b, F4, K4, 1, 12 );
-+ R( b, c, d, e, a, F4, K4, 3, 13 );
-+ R( a, b, c, d, e, F4, K4, 8, 14 );
-+ R( e, a, b, c, d, F4, K4, 11, 11 );
-+ R( d, e, a, b, c, F4, K4, 6, 8 );
-+ R( c, d, e, a, b, F4, K4, 15, 5 );
-+ R( b, c, d, e, a, F4, K4, 13, 6 );
-+
-+ aa = a; bb = b; cc = c; dd = d; ee = e;
-+
-+ /* right lane */
-+ a = hd->h0;
-+ b = hd->h1;
-+ c = hd->h2;
-+ d = hd->h3;
-+ e = hd->h4;
-+ R( a, b, c, d, e, F4, KK0, 5, 8);
-+ R( e, a, b, c, d, F4, KK0, 14, 9);
-+ R( d, e, a, b, c, F4, KK0, 7, 9);
-+ R( c, d, e, a, b, F4, KK0, 0, 11);
-+ R( b, c, d, e, a, F4, KK0, 9, 13);
-+ R( a, b, c, d, e, F4, KK0, 2, 15);
-+ R( e, a, b, c, d, F4, KK0, 11, 15);
-+ R( d, e, a, b, c, F4, KK0, 4, 5);
-+ R( c, d, e, a, b, F4, KK0, 13, 7);
-+ R( b, c, d, e, a, F4, KK0, 6, 7);
-+ R( a, b, c, d, e, F4, KK0, 15, 8);
-+ R( e, a, b, c, d, F4, KK0, 8, 11);
-+ R( d, e, a, b, c, F4, KK0, 1, 14);
-+ R( c, d, e, a, b, F4, KK0, 10, 14);
-+ R( b, c, d, e, a, F4, KK0, 3, 12);
-+ R( a, b, c, d, e, F4, KK0, 12, 6);
-+ R( e, a, b, c, d, F3, KK1, 6, 9);
-+ R( d, e, a, b, c, F3, KK1, 11, 13);
-+ R( c, d, e, a, b, F3, KK1, 3, 15);
-+ R( b, c, d, e, a, F3, KK1, 7, 7);
-+ R( a, b, c, d, e, F3, KK1, 0, 12);
-+ R( e, a, b, c, d, F3, KK1, 13, 8);
-+ R( d, e, a, b, c, F3, KK1, 5, 9);
-+ R( c, d, e, a, b, F3, KK1, 10, 11);
-+ R( b, c, d, e, a, F3, KK1, 14, 7);
-+ R( a, b, c, d, e, F3, KK1, 15, 7);
-+ R( e, a, b, c, d, F3, KK1, 8, 12);
-+ R( d, e, a, b, c, F3, KK1, 12, 7);
-+ R( c, d, e, a, b, F3, KK1, 4, 6);
-+ R( b, c, d, e, a, F3, KK1, 9, 15);
-+ R( a, b, c, d, e, F3, KK1, 1, 13);
-+ R( e, a, b, c, d, F3, KK1, 2, 11);
-+ R( d, e, a, b, c, F2, KK2, 15, 9);
-+ R( c, d, e, a, b, F2, KK2, 5, 7);
-+ R( b, c, d, e, a, F2, KK2, 1, 15);
-+ R( a, b, c, d, e, F2, KK2, 3, 11);
-+ R( e, a, b, c, d, F2, KK2, 7, 8);
-+ R( d, e, a, b, c, F2, KK2, 14, 6);
-+ R( c, d, e, a, b, F2, KK2, 6, 6);
-+ R( b, c, d, e, a, F2, KK2, 9, 14);
-+ R( a, b, c, d, e, F2, KK2, 11, 12);
-+ R( e, a, b, c, d, F2, KK2, 8, 13);
-+ R( d, e, a, b, c, F2, KK2, 12, 5);
-+ R( c, d, e, a, b, F2, KK2, 2, 14);
-+ R( b, c, d, e, a, F2, KK2, 10, 13);
-+ R( a, b, c, d, e, F2, KK2, 0, 13);
-+ R( e, a, b, c, d, F2, KK2, 4, 7);
-+ R( d, e, a, b, c, F2, KK2, 13, 5);
-+ R( c, d, e, a, b, F1, KK3, 8, 15);
-+ R( b, c, d, e, a, F1, KK3, 6, 5);
-+ R( a, b, c, d, e, F1, KK3, 4, 8);
-+ R( e, a, b, c, d, F1, KK3, 1, 11);
-+ R( d, e, a, b, c, F1, KK3, 3, 14);
-+ R( c, d, e, a, b, F1, KK3, 11, 14);
-+ R( b, c, d, e, a, F1, KK3, 15, 6);
-+ R( a, b, c, d, e, F1, KK3, 0, 14);
-+ R( e, a, b, c, d, F1, KK3, 5, 6);
-+ R( d, e, a, b, c, F1, KK3, 12, 9);
-+ R( c, d, e, a, b, F1, KK3, 2, 12);
-+ R( b, c, d, e, a, F1, KK3, 13, 9);
-+ R( a, b, c, d, e, F1, KK3, 9, 12);
-+ R( e, a, b, c, d, F1, KK3, 7, 5);
-+ R( d, e, a, b, c, F1, KK3, 10, 15);
-+ R( c, d, e, a, b, F1, KK3, 14, 8);
-+ R( b, c, d, e, a, F0, KK4, 12, 8);
-+ R( a, b, c, d, e, F0, KK4, 15, 5);
-+ R( e, a, b, c, d, F0, KK4, 10, 12);
-+ R( d, e, a, b, c, F0, KK4, 4, 9);
-+ R( c, d, e, a, b, F0, KK4, 1, 12);
-+ R( b, c, d, e, a, F0, KK4, 5, 5);
-+ R( a, b, c, d, e, F0, KK4, 8, 14);
-+ R( e, a, b, c, d, F0, KK4, 7, 6);
-+ R( d, e, a, b, c, F0, KK4, 6, 8);
-+ R( c, d, e, a, b, F0, KK4, 2, 13);
-+ R( b, c, d, e, a, F0, KK4, 13, 6);
-+ R( a, b, c, d, e, F0, KK4, 14, 5);
-+ R( e, a, b, c, d, F0, KK4, 0, 15);
-+ R( d, e, a, b, c, F0, KK4, 3, 13);
-+ R( c, d, e, a, b, F0, KK4, 9, 11);
-+ R( b, c, d, e, a, F0, KK4, 11, 11);
-+
-+
-+ t = hd->h1 + d + cc;
-+ hd->h1 = hd->h2 + e + dd;
-+ hd->h2 = hd->h3 + a + ee;
-+ hd->h3 = hd->h4 + b + aa;
-+ hd->h4 = hd->h0 + c + bb;
-+ hd->h0 = t;
-+}
-+
-+
-+/* Update the message digest with the contents
-+ * of INBUF with length INLEN.
-+ */
-+static void
-+rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen)
-+{
-+ if( hd->count == 64 ) { /* flush the buffer */
-+ transform( hd, hd->buf );
-+ hd->count = 0;
-+ hd->nblocks++;
-+ }
-+ if( !inbuf )
-+ return;
-+ if( hd->count ) {
-+ for( ; inlen && hd->count < 64; inlen-- )
-+ hd->buf[hd->count++] = *inbuf++;
-+ rmd160_write( hd, NULL, 0 );
-+ if( !inlen )
-+ return;
-+ }
-+
-+ while( inlen >= 64 ) {
-+ transform( hd, inbuf );
-+ hd->count = 0;
-+ hd->nblocks++;
-+ inlen -= 64;
-+ inbuf += 64;
-+ }
-+ for( ; inlen && hd->count < 64; inlen-- )
-+ hd->buf[hd->count++] = *inbuf++;
-+}
-+
-+/* The routine terminates the computation
-+ */
-+
-+static void
-+rmd160_final( RMD160_CONTEXT *hd )
-+{
-+ u32 t, msb, lsb;
-+ byte *p;
-+
-+ rmd160_write(hd, NULL, 0); /* flush */;
-+
-+ msb = 0;
-+ t = hd->nblocks;
-+ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
-+ msb++;
-+ msb += t >> 26;
-+ t = lsb;
-+ if( (lsb = t + hd->count) < t ) /* add the count */
-+ msb++;
-+ t = lsb;
-+ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
-+ msb++;
-+ msb += t >> 29;
-+
-+ if( hd->count < 56 ) { /* enough room */
-+ hd->buf[hd->count++] = 0x80; /* pad */
-+ while( hd->count < 56 )
-+ hd->buf[hd->count++] = 0; /* pad */
-+ }
-+ else { /* need one extra block */
-+ hd->buf[hd->count++] = 0x80; /* pad character */
-+ while( hd->count < 64 )
-+ hd->buf[hd->count++] = 0;
-+ rmd160_write(hd, NULL, 0); /* flush */;
-+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
-+ }
-+ /* append the 64 bit count */
-+ hd->buf[56] = lsb ;
-+ hd->buf[57] = lsb >> 8;
-+ hd->buf[58] = lsb >> 16;
-+ hd->buf[59] = lsb >> 24;
-+ hd->buf[60] = msb ;
-+ hd->buf[61] = msb >> 8;
-+ hd->buf[62] = msb >> 16;
-+ hd->buf[63] = msb >> 24;
-+ transform( hd, hd->buf );
-+
-+ p = hd->buf;
-+ #if BYTE_ORDER == BIG_ENDIAN
-+ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \
-+ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
-+ #else /* little endian */
-+ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
-+ #endif
-+ X(0);
-+ X(1);
-+ X(2);
-+ X(3);
-+ X(4);
-+ #undef X
-+}
-+
-+/****************
-+ * Shortcut functions which puts the hash value of the supplied buffer
-+ * into outbuf which must have a size of 20 bytes.
-+ */
-+void
-+__loDev_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
-+{
-+ RMD160_CONTEXT hd;
-+
-+ rmd160_init( &hd );
-+ rmd160_write( &hd, (byte*)buffer, length );
-+ rmd160_final( &hd );
-+ memcpy( outbuf, hd.buf, 20 );
-+}
-diff -urN util-linux-2.34/libmount/src/rmd160.h util-linux-2.34-AES/libmount/src/rmd160.h
---- util-linux-2.34/libmount/src/rmd160.h 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/rmd160.h 2019-07-11 09:31:03.213081128 +0300
-@@ -0,0 +1,9 @@
-+#ifndef RMD160_H
-+#define RMD160_H
-+
-+void
-+__loDev_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length );
-+
-+#endif /*RMD160_H*/
-+
-+
-diff -urN util-linux-2.34/libmount/src/sha512.c util-linux-2.34-AES/libmount/src/sha512.c
---- util-linux-2.34/libmount/src/sha512.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/sha512.c 2019-07-11 09:31:03.213081128 +0300
-@@ -0,0 +1,432 @@
-+/*
-+ * sha512.c
-+ *
-+ * Written by Jari Ruusu, April 16 2001
-+ *
-+ * Copyright 2001 by Jari Ruusu.
-+ * Redistribution of this file is permitted under the GNU Public License.
-+ */
-+
-+#include <string.h>
-+#include <sys/types.h>
-+#include "sha512.h"
-+
-+/* Define one or more of these. If none is defined, you get all of them */
-+#if !defined(SHA256_NEEDED)&&!defined(SHA512_NEEDED)&&!defined(SHA384_NEEDED)
-+# define SHA256_NEEDED 1
-+# define SHA512_NEEDED 1
-+# define SHA384_NEEDED 1
-+#endif
-+
-+#if defined(SHA256_NEEDED)
-+static const u_int32_t sha256_hashInit[8] = {
-+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c,
-+ 0x1f83d9ab, 0x5be0cd19
-+};
-+static const u_int32_t sha256_K[64] = {
-+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
-+ 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
-+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
-+ 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
-+ 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
-+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
-+ 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
-+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
-+ 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
-+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-+};
-+#endif
-+
-+#if defined(SHA512_NEEDED)
-+static const u_int64_t sha512_hashInit[8] = {
-+ 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL,
-+ 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
-+ 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
-+};
-+#endif
-+
-+#if defined(SHA384_NEEDED)
-+static const u_int64_t sha384_hashInit[8] = {
-+ 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL,
-+ 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL,
-+ 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL
-+};
-+#endif
-+
-+#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED)
-+static const u_int64_t sha512_K[80] = {
-+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
-+ 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
-+ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
-+ 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
-+ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
-+ 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
-+ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
-+ 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
-+ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
-+ 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
-+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
-+ 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
-+ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
-+ 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
-+ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
-+ 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
-+ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
-+ 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
-+ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
-+ 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
-+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
-+ 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
-+ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
-+ 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
-+ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
-+ 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
-+ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
-+};
-+#endif
-+
-+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-+#define R(x,y) ((y) >> (x))
-+
-+#if defined(SHA256_NEEDED)
-+void __loDev_sha256_init(sha256_context *ctx)
-+{
-+ memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H));
-+ ctx->sha_blocks = 0;
-+ ctx->sha_bufCnt = 0;
-+}
-+
-+#define S(x,y) (((y) >> (x)) | ((y) << (32 - (x))))
-+#define uSig0(x) ((S(2,(x))) ^ (S(13,(x))) ^ (S(22,(x))))
-+#define uSig1(x) ((S(6,(x))) ^ (S(11,(x))) ^ (S(25,(x))))
-+#define lSig0(x) ((S(7,(x))) ^ (S(18,(x))) ^ (R(3,(x))))
-+#define lSig1(x) ((S(17,(x))) ^ (S(19,(x))) ^ (R(10,(x))))
-+
-+static void sha256_transform(sha256_context *ctx, unsigned char *datap)
-+{
-+ register int j;
-+ u_int32_t a, b, c, d, e, f, g, h;
-+ u_int32_t T1, T2, W[64], Wm2, Wm15;
-+
-+ /* read the data, big endian byte order */
-+ j = 0;
-+ do {
-+ W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) |
-+ (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3]));
-+ datap += 4;
-+ } while(++j < 16);
-+
-+ /* initialize variables a...h */
-+ a = ctx->sha_H[0];
-+ b = ctx->sha_H[1];
-+ c = ctx->sha_H[2];
-+ d = ctx->sha_H[3];
-+ e = ctx->sha_H[4];
-+ f = ctx->sha_H[5];
-+ g = ctx->sha_H[6];
-+ h = ctx->sha_H[7];
-+
-+ /* apply compression function */
-+ j = 0;
-+ do {
-+ if(j >= 16) {
-+ Wm2 = W[j - 2];
-+ Wm15 = W[j - 15];
-+ W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16];
-+ }
-+ T1 = h + uSig1(e) + Ch(e,f,g) + sha256_K[j] + W[j];
-+ T2 = uSig0(a) + Maj(a,b,c);
-+ h = g; g = f; f = e;
-+ e = d + T1;
-+ d = c; c = b; b = a;
-+ a = T1 + T2;
-+ } while(++j < 64);
-+
-+ /* compute intermediate hash value */
-+ ctx->sha_H[0] += a;
-+ ctx->sha_H[1] += b;
-+ ctx->sha_H[2] += c;
-+ ctx->sha_H[3] += d;
-+ ctx->sha_H[4] += e;
-+ ctx->sha_H[5] += f;
-+ ctx->sha_H[6] += g;
-+ ctx->sha_H[7] += h;
-+
-+ ctx->sha_blocks++;
-+}
-+
-+void __loDev_sha256_write(sha256_context *ctx, unsigned char *datap, int length)
-+{
-+ while(length > 0) {
-+ if(!ctx->sha_bufCnt) {
-+ while(length >= (int) sizeof(ctx->sha_out)) {
-+ sha256_transform(ctx, datap);
-+ datap += sizeof(ctx->sha_out);
-+ length -= sizeof(ctx->sha_out);
-+ }
-+ if(!length) return;
-+ }
-+ ctx->sha_out[ctx->sha_bufCnt] = *datap++;
-+ length--;
-+ if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) {
-+ sha256_transform(ctx, &ctx->sha_out[0]);
-+ ctx->sha_bufCnt = 0;
-+ }
-+ }
-+}
-+
-+void __loDev_sha256_final(sha256_context *ctx)
-+{
-+ register int j;
-+ u_int64_t bitLength;
-+ u_int32_t i;
-+ unsigned char padByte, *datap;
-+
-+ bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3);
-+ padByte = 0x80;
-+ __loDev_sha256_write(ctx, &padByte, 1);
-+
-+ /* pad extra space with zeroes */
-+ padByte = 0;
-+ while(ctx->sha_bufCnt != 56) {
-+ __loDev_sha256_write(ctx, &padByte, 1);
-+ }
-+
-+ /* write bit length, big endian byte order */
-+ ctx->sha_out[56] = bitLength >> 56;
-+ ctx->sha_out[57] = bitLength >> 48;
-+ ctx->sha_out[58] = bitLength >> 40;
-+ ctx->sha_out[59] = bitLength >> 32;
-+ ctx->sha_out[60] = bitLength >> 24;
-+ ctx->sha_out[61] = bitLength >> 16;
-+ ctx->sha_out[62] = bitLength >> 8;
-+ ctx->sha_out[63] = bitLength;
-+ sha256_transform(ctx, &ctx->sha_out[0]);
-+
-+ /* return results in ctx->sha_out[0...31] */
-+ datap = &ctx->sha_out[0];
-+ j = 0;
-+ do {
-+ i = ctx->sha_H[j];
-+ datap[0] = i >> 24;
-+ datap[1] = i >> 16;
-+ datap[2] = i >> 8;
-+ datap[3] = i;
-+ datap += 4;
-+ } while(++j < 8);
-+
-+ /* clear sensitive information */
-+ memset(&ctx->sha_out[32], 0, sizeof(sha256_context) - 32);
-+}
-+
-+void __loDev_sha256_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole)
-+{
-+ sha256_context ctx;
-+
-+ if(ole < 1) return;
-+ memset(ob, 0, ole);
-+ if(ole > 32) ole = 32;
-+ __loDev_sha256_init(&ctx);
-+ __loDev_sha256_write(&ctx, ib, ile);
-+ __loDev_sha256_final(&ctx);
-+ memcpy(ob, &ctx.sha_out[0], ole);
-+ memset(&ctx, 0, sizeof(ctx));
-+}
-+
-+#endif
-+
-+#if defined(SHA512_NEEDED)
-+void __loDev_sha512_init(sha512_context *ctx)
-+{
-+ memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H));
-+ ctx->sha_blocks = 0;
-+ ctx->sha_blocksMSB = 0;
-+ ctx->sha_bufCnt = 0;
-+}
-+#endif
-+
-+#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED)
-+#undef S
-+#undef uSig0
-+#undef uSig1
-+#undef lSig0
-+#undef lSig1
-+#define S(x,y) (((y) >> (x)) | ((y) << (64 - (x))))
-+#define uSig0(x) ((S(28,(x))) ^ (S(34,(x))) ^ (S(39,(x))))
-+#define uSig1(x) ((S(14,(x))) ^ (S(18,(x))) ^ (S(41,(x))))
-+#define lSig0(x) ((S(1,(x))) ^ (S(8,(x))) ^ (R(7,(x))))
-+#define lSig1(x) ((S(19,(x))) ^ (S(61,(x))) ^ (R(6,(x))))
-+
-+static void sha512_transform(sha512_context *ctx, unsigned char *datap)
-+{
-+ register int j;
-+ u_int64_t a, b, c, d, e, f, g, h;
-+ u_int64_t T1, T2, W[80], Wm2, Wm15;
-+
-+ /* read the data, big endian byte order */
-+ j = 0;
-+ do {
-+ W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) |
-+ (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) |
-+ (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) |
-+ (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7]));
-+ datap += 8;
-+ } while(++j < 16);
-+
-+ /* initialize variables a...h */
-+ a = ctx->sha_H[0];
-+ b = ctx->sha_H[1];
-+ c = ctx->sha_H[2];
-+ d = ctx->sha_H[3];
-+ e = ctx->sha_H[4];
-+ f = ctx->sha_H[5];
-+ g = ctx->sha_H[6];
-+ h = ctx->sha_H[7];
-+
-+ /* apply compression function */
-+ j = 0;
-+ do {
-+ if(j >= 16) {
-+ Wm2 = W[j - 2];
-+ Wm15 = W[j - 15];
-+ W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16];
-+ }
-+ T1 = h + uSig1(e) + Ch(e,f,g) + sha512_K[j] + W[j];
-+ T2 = uSig0(a) + Maj(a,b,c);
-+ h = g; g = f; f = e;
-+ e = d + T1;
-+ d = c; c = b; b = a;
-+ a = T1 + T2;
-+ } while(++j < 80);
-+
-+ /* compute intermediate hash value */
-+ ctx->sha_H[0] += a;
-+ ctx->sha_H[1] += b;
-+ ctx->sha_H[2] += c;
-+ ctx->sha_H[3] += d;
-+ ctx->sha_H[4] += e;
-+ ctx->sha_H[5] += f;
-+ ctx->sha_H[6] += g;
-+ ctx->sha_H[7] += h;
-+
-+ ctx->sha_blocks++;
-+ if(!ctx->sha_blocks) ctx->sha_blocksMSB++;
-+}
-+
-+void __loDev_sha512_write(sha512_context *ctx, unsigned char *datap, int length)
-+{
-+ while(length > 0) {
-+ if(!ctx->sha_bufCnt) {
-+ while(length >= (int) sizeof(ctx->sha_out)) {
-+ sha512_transform(ctx, datap);
-+ datap += sizeof(ctx->sha_out);
-+ length -= sizeof(ctx->sha_out);
-+ }
-+ if(!length) return;
-+ }
-+ ctx->sha_out[ctx->sha_bufCnt] = *datap++;
-+ length--;
-+ if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) {
-+ sha512_transform(ctx, &ctx->sha_out[0]);
-+ ctx->sha_bufCnt = 0;
-+ }
-+ }
-+}
-+
-+void __loDev_sha512_final(sha512_context *ctx)
-+{
-+ register int j;
-+ u_int64_t bitLength, bitLengthMSB;
-+ u_int64_t i;
-+ unsigned char padByte, *datap;
-+
-+ bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3);
-+ bitLengthMSB = (ctx->sha_blocksMSB << 10) | (ctx->sha_blocks >> 54);
-+ padByte = 0x80;
-+ __loDev_sha512_write(ctx, &padByte, 1);
-+
-+ /* pad extra space with zeroes */
-+ padByte = 0;
-+ while(ctx->sha_bufCnt != 112) {
-+ __loDev_sha512_write(ctx, &padByte, 1);
-+ }
-+
-+ /* write bit length, big endian byte order */
-+ ctx->sha_out[112] = bitLengthMSB >> 56;
-+ ctx->sha_out[113] = bitLengthMSB >> 48;
-+ ctx->sha_out[114] = bitLengthMSB >> 40;
-+ ctx->sha_out[115] = bitLengthMSB >> 32;
-+ ctx->sha_out[116] = bitLengthMSB >> 24;
-+ ctx->sha_out[117] = bitLengthMSB >> 16;
-+ ctx->sha_out[118] = bitLengthMSB >> 8;
-+ ctx->sha_out[119] = bitLengthMSB;
-+ ctx->sha_out[120] = bitLength >> 56;
-+ ctx->sha_out[121] = bitLength >> 48;
-+ ctx->sha_out[122] = bitLength >> 40;
-+ ctx->sha_out[123] = bitLength >> 32;
-+ ctx->sha_out[124] = bitLength >> 24;
-+ ctx->sha_out[125] = bitLength >> 16;
-+ ctx->sha_out[126] = bitLength >> 8;
-+ ctx->sha_out[127] = bitLength;
-+ sha512_transform(ctx, &ctx->sha_out[0]);
-+
-+ /* return results in ctx->sha_out[0...63] */
-+ datap = &ctx->sha_out[0];
-+ j = 0;
-+ do {
-+ i = ctx->sha_H[j];
-+ datap[0] = i >> 56;
-+ datap[1] = i >> 48;
-+ datap[2] = i >> 40;
-+ datap[3] = i >> 32;
-+ datap[4] = i >> 24;
-+ datap[5] = i >> 16;
-+ datap[6] = i >> 8;
-+ datap[7] = i;
-+ datap += 8;
-+ } while(++j < 8);
-+
-+ /* clear sensitive information */
-+ memset(&ctx->sha_out[64], 0, sizeof(sha512_context) - 64);
-+}
-+
-+void __loDev_sha512_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole)
-+{
-+ sha512_context ctx;
-+
-+ if(ole < 1) return;
-+ memset(ob, 0, ole);
-+ if(ole > 64) ole = 64;
-+ __loDev_sha512_init(&ctx);
-+ __loDev_sha512_write(&ctx, ib, ile);
-+ __loDev_sha512_final(&ctx);
-+ memcpy(ob, &ctx.sha_out[0], ole);
-+ memset(&ctx, 0, sizeof(ctx));
-+}
-+#endif
-+
-+#if defined(SHA384_NEEDED)
-+void __loDev_sha384_init(sha512_context *ctx)
-+{
-+ memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H));
-+ ctx->sha_blocks = 0;
-+ ctx->sha_blocksMSB = 0;
-+ ctx->sha_bufCnt = 0;
-+}
-+
-+void __loDev_sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole)
-+{
-+ sha512_context ctx;
-+
-+ if(ole < 1) return;
-+ memset(ob, 0, ole);
-+ if(ole > 48) ole = 48;
-+ __loDev_sha384_init(&ctx);
-+ __loDev_sha512_write(&ctx, ib, ile);
-+ __loDev_sha512_final(&ctx);
-+ memcpy(ob, &ctx.sha_out[0], ole);
-+ memset(&ctx, 0, sizeof(ctx));
-+}
-+#endif
-diff -urN util-linux-2.34/libmount/src/sha512.h util-linux-2.34-AES/libmount/src/sha512.h
---- util-linux-2.34/libmount/src/sha512.h 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/libmount/src/sha512.h 2019-07-11 09:31:03.213081128 +0300
-@@ -0,0 +1,45 @@
-+/*
-+ * sha512.h
-+ *
-+ * Written by Jari Ruusu, April 16 2001
-+ *
-+ * Copyright 2001 by Jari Ruusu.
-+ * Redistribution of this file is permitted under the GNU Public License.
-+ */
-+
-+#include <sys/types.h>
-+
-+typedef struct {
-+ unsigned char sha_out[64]; /* results are here, bytes 0...31 */
-+ u_int32_t sha_H[8];
-+ u_int64_t sha_blocks;
-+ int sha_bufCnt;
-+} sha256_context;
-+
-+typedef struct {
-+ unsigned char sha_out[128]; /* results are here, bytes 0...63 */
-+ u_int64_t sha_H[8];
-+ u_int64_t sha_blocks;
-+ u_int64_t sha_blocksMSB;
-+ int sha_bufCnt;
-+} sha512_context;
-+
-+/* no sha384_context, use sha512_context */
-+
-+/* 256 bit hash, provides 128 bits of security against collision attacks */
-+extern void __loDev_sha256_init(sha256_context *);
-+extern void __loDev_sha256_write(sha256_context *, unsigned char *, int);
-+extern void __loDev_sha256_final(sha256_context *);
-+extern void __loDev_sha256_hash_buffer(unsigned char *, int, unsigned char *, int);
-+
-+/* 512 bit hash, provides 256 bits of security against collision attacks */
-+extern void __loDev_sha512_init(sha512_context *);
-+extern void __loDev_sha512_write(sha512_context *, unsigned char *, int);
-+extern void __loDev_sha512_final(sha512_context *);
-+extern void __loDev_sha512_hash_buffer(unsigned char *, int, unsigned char *, int);
-+
-+/* 384 bit hash, provides 192 bits of security against collision attacks */
-+extern void __loDev_sha384_init(sha512_context *);
-+/* no sha384_write(), use sha512_write() */
-+/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */
-+extern void __loDev_sha384_hash_buffer(unsigned char *, int, unsigned char *, int);
-diff -urN util-linux-2.34/sys-utils/Makemodule.am util-linux-2.34-AES/sys-utils/Makemodule.am
---- util-linux-2.34/sys-utils/Makemodule.am 2019-04-10 14:28:20.658836607 +0300
-+++ util-linux-2.34-AES/sys-utils/Makemodule.am 2019-07-11 09:31:03.214081134 +0300
-@@ -231,7 +231,7 @@
- if BUILD_LOSETUP
- sbin_PROGRAMS += losetup
- dist_man_MANS += sys-utils/losetup.8
--losetup_SOURCES = sys-utils/losetup.c
-+losetup_SOURCES = sys-utils/losetup1.c sys-utils/loop.c libmount/src/sha512.c libmount/src/rmd160.c libmount/src/aes.c
- losetup_LDADD = $(LDADD) libcommon.la libsmartcols.la
- losetup_CFLAGS = $(AM_CFLAGS) -I$(ul_libsmartcols_incdir)
-
-@@ -330,6 +330,8 @@
-
- swapon_SOURCES = \
- sys-utils/swapon.c \
-+ sys-utils/loop.c \
-+ libmount/src/sha512.c \
- sys-utils/swapon-common.c \
- sys-utils/swapon-common.h \
- lib/swapprober.c \
-@@ -346,6 +348,7 @@
-
- swapoff_SOURCES = \
- sys-utils/swapoff.c \
-+ sys-utils/loop.c \
- sys-utils/swapon-common.c \
- sys-utils/swapon-common.h \
- lib/swapprober.c \
-diff -urN util-linux-2.34/sys-utils/loop.c util-linux-2.34-AES/sys-utils/loop.c
---- util-linux-2.34/sys-utils/loop.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/sys-utils/loop.c 2019-07-11 09:31:03.214081134 +0300
-@@ -0,0 +1,221 @@
-+/*
-+ * loop.c
-+ *
-+ * Copyright 2003 by Jari Ruusu.
-+ * Redistribution of this file is permitted under the GNU GPL
-+ */
-+
-+/* collection of loop helper functions used by losetup, mount and swapon */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <sys/ioctl.h>
-+#include <sys/types.h>
-+#include <errno.h>
-+#include "loop.h"
-+
-+static void convert_info_to_info64(struct loop_info *info, struct loop_info64 *info64)
-+{
-+ memset(info64, 0, sizeof(*info64));
-+ info64->lo_number = info->lo_number;
-+ info64->lo_device = info->lo_device;
-+ info64->lo_inode = info->lo_inode;
-+ info64->lo_rdevice = info->lo_rdevice;
-+ info64->lo_offset = info->lo_offset;
-+ info64->lo_encrypt_type = info->lo_encrypt_type;
-+ info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
-+ info64->lo_flags = info->lo_flags;
-+ info64->lo_init[0] = info->lo_init[0];
-+ info64->lo_init[1] = info->lo_init[1];
-+ info64->lo_sizelimit = 0;
-+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
-+ memcpy(info64->lo_crypt_name, info->lo_name, sizeof(info64->lo_crypt_name));
-+ else
-+ memcpy(info64->lo_file_name, info->lo_name, sizeof(info64->lo_file_name));
-+ memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, sizeof(info64->lo_encrypt_key));
-+}
-+
-+static int convert_info64_to_info(struct loop_info64 *info64, struct loop_info *info)
-+{
-+ memset(info, 0, sizeof(*info));
-+ info->lo_number = info64->lo_number;
-+ info->lo_device = info64->lo_device;
-+ info->lo_inode = info64->lo_inode;
-+ info->lo_rdevice = info64->lo_rdevice;
-+ info->lo_offset = info64->lo_offset;
-+ info->lo_encrypt_type = info64->lo_encrypt_type;
-+ info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
-+ info->lo_flags = info64->lo_flags;
-+ info->lo_init[0] = info64->lo_init[0];
-+ info->lo_init[1] = info64->lo_init[1];
-+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */
-+ memcpy(info->lo_name, info64->lo_crypt_name, sizeof(info->lo_name));
-+ else
-+ memcpy(info->lo_name, info64->lo_file_name, sizeof(info->lo_name));
-+ memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, sizeof(info->lo_encrypt_key));
-+
-+ /* error in case values were truncated */
-+ if (info->lo_device != info64->lo_device ||
-+ info->lo_rdevice != info64->lo_rdevice ||
-+ info->lo_inode != info64->lo_inode ||
-+ (u_int64_t) info->lo_offset != info64->lo_offset ||
-+ info64->lo_sizelimit) {
-+ errno = EOVERFLOW;
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+int loop_set_status64_ioctl(int fd, struct loop_info64 *info64)
-+{
-+ struct loop_info info;
-+ struct loop_info64 tmp;
-+ int r;
-+
-+ /*
-+ * This ugly work around is needed because some
-+ * Red Hat kernels are using same ioctl code:
-+ * #define LOOP_CHANGE_FD 0x4C04
-+ * vs.
-+ * #define LOOP_SET_STATUS64 0x4C04
-+ * that is used by modern loop driver.
-+ *
-+ * Attempt to detect presense of LOOP_GET_STATUS64
-+ * ioctl before issuing LOOP_SET_STATUS64 ioctl.
-+ * Red Hat kernels with above LOOP_CHANGE_FD damage
-+ * should return -1 and set errno to EINVAL.
-+ */
-+ r = ioctl(fd, LOOP_GET_STATUS64, &tmp);
-+ memset(&tmp, 0, sizeof(tmp));
-+ if ((r == 0) || (errno != EINVAL)) {
-+ r = ioctl(fd, LOOP_SET_STATUS64, info64);
-+ if (!r)
-+ return 0;
-+ }
-+ r = convert_info64_to_info(info64, &info);
-+ if (!r)
-+ r = ioctl(fd, LOOP_SET_STATUS, &info);
-+
-+ /* don't leave copies of encryption key on stack */
-+ memset(&info, 0, sizeof(info));
-+ return r;
-+}
-+
-+int loop_get_status64_ioctl(int fd, struct loop_info64 *info64)
-+{
-+ struct loop_info info;
-+ int r;
-+
-+ memset(info64, 0, sizeof(*info64));
-+ r = ioctl(fd, LOOP_GET_STATUS64, info64);
-+ if (!r)
-+ return 0;
-+ r = ioctl(fd, LOOP_GET_STATUS, &info);
-+ if (!r)
-+ convert_info_to_info64(&info, info64);
-+
-+ /* don't leave copies of encryption key on stack */
-+ memset(&info, 0, sizeof(info));
-+ return r;
-+}
-+
-+/* returns: 1=unused 0=busy */
-+int is_unused_loop_device(int fd)
-+{
-+ struct loop_info64 info64;
-+ struct loop_info info;
-+ int r;
-+
-+ r = ioctl(fd, LOOP_GET_STATUS64, &info64);
-+ memset(&info64, 0, sizeof(info64));
-+ if (!r)
-+ return 0;
-+ if (errno == ENXIO)
-+ return 1;
-+
-+ r = ioctl(fd, LOOP_GET_STATUS, &info);
-+ memset(&info, 0, sizeof(info));
-+ if (!r)
-+ return 0;
-+ if (errno == ENXIO)
-+ return 1;
-+ if (errno == EOVERFLOW)
-+ return 0;
-+ return 1;
-+}
-+
-+struct loop_crypt_type_struct loop_crypt_type_tbl[] = {
-+ { 0, 0, 0, "no" },
-+ { 0, 0, 0, "none" },
-+ { 1, 0, 0, "xor" },
-+ { 3, 1, 16, "twofish" },
-+ { 4, 1, 16, "blowfish" },
-+ { 7, 1, 16, "serpent" },
-+ { 8, 1, 16, "mars" },
-+ { 11, 3, 16, "rc6" },
-+ { 12, 0, 21, "tripleDES" },
-+ { 12, 0, 24, "3des" },
-+ { 12, 0, 24, "des3_ede" },
-+ { 16, 1, 16, "AES" },
-+ { -1, 0, 0, NULL }
-+};
-+
-+static char *getApiName(char *e, int *len)
-+{
-+ int x, y, z = 1, q = -1;
-+ unsigned char *s;
-+
-+ *len = y = 0;
-+ s = (unsigned char *)strdup(e);
-+ if(!s)
-+ return "";
-+ x = strlen((char *)s);
-+ while(x > 0) {
-+ x--;
-+ if(!isdigit(s[x]))
-+ break;
-+ y += (s[x] - '0') * z;
-+ z *= 10;
-+ q = x;
-+ }
-+ while(x >= 0) {
-+ s[x] = tolower(s[x]);
-+ if(s[x] == '-')
-+ s[x] = 0;
-+ x--;
-+ }
-+ if(y >= 40) {
-+ if(q >= 0)
-+ s[q] = 0;
-+ *len = y;
-+ }
-+ return((char *)s);
-+}
-+
-+int loop_crypt_type(const char *name, u_int32_t *kbyp, char **apiName)
-+{
-+ int i, k;
-+
-+ *apiName = getApiName((char *)name, &k);
-+ if(k < 0)
-+ k = 0;
-+ if(k > 256)
-+ k = 256;
-+ for (i = 0; loop_crypt_type_tbl[i].id != -1; i++) {
-+ if (!strcasecmp (*apiName , loop_crypt_type_tbl[i].name)) {
-+ *kbyp = k ? k >> 3 : loop_crypt_type_tbl[i].keyBytes;
-+ return loop_crypt_type_tbl[i].id;
-+ }
-+ }
-+ *kbyp = 16; /* 128 bits */
-+ return 18; /* LO_CRYPT_CRYPTOAPI */
-+}
-+
-+int try_cryptoapi_loop_interface(int fd, struct loop_info64 *loopinfo, char *apiName)
-+{
-+ snprintf((char *)loopinfo->lo_crypt_name, sizeof(loopinfo->lo_crypt_name), "%s-cbc", apiName);
-+ loopinfo->lo_crypt_name[LO_NAME_SIZE - 1] = 0;
-+ loopinfo->lo_encrypt_type = 18; /* LO_CRYPT_CRYPTOAPI */
-+ return(loop_set_status64_ioctl(fd, loopinfo));
-+}
-diff -urN util-linux-2.34/sys-utils/loop.h util-linux-2.34-AES/sys-utils/loop.h
---- util-linux-2.34/sys-utils/loop.h 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/sys-utils/loop.h 2019-07-11 09:31:03.214081134 +0300
-@@ -0,0 +1,87 @@
-+/*
-+ * loop.h
-+ *
-+ * Copyright 2003 by Jari Ruusu.
-+ * Redistribution of this file is permitted under the GNU GPL
-+ */
-+
-+#ifndef _LOOP_H
-+#define _LOOP_H 1
-+
-+#include <sys/types.h>
-+#include <linux/version.h>
-+#include <linux/posix_types.h>
-+
-+#define LO_CRYPT_NONE 0
-+#define LO_CRYPT_XOR 1
-+#define LO_CRYPT_DES 2
-+#define LO_CRYPT_CRYPTOAPI 18
-+
-+#define LOOP_SET_FD 0x4C00
-+#define LOOP_CLR_FD 0x4C01
-+#define LOOP_SET_STATUS 0x4C02
-+#define LOOP_GET_STATUS 0x4C03
-+#define LOOP_SET_STATUS64 0x4C04
-+#define LOOP_GET_STATUS64 0x4C05
-+#define LOOP_MULTI_KEY_SETUP 0x4C4D
-+#define LOOP_MULTI_KEY_SETUP_V3 0x4C4E
-+#define LOOP_RECOMPUTE_DEV_SIZE 0x4C52
-+
-+#define LO_NAME_SIZE 64
-+#define LO_KEY_SIZE 32
-+
-+struct loop_info {
-+ int lo_number;
-+#if LINUX_VERSION_CODE >= 0x20600
-+ __kernel_old_dev_t lo_device;
-+#else
-+ __kernel_dev_t lo_device;
-+#endif
-+ unsigned long lo_inode;
-+#if LINUX_VERSION_CODE >= 0x20600
-+ __kernel_old_dev_t lo_rdevice;
-+#else
-+ __kernel_dev_t lo_rdevice;
-+#endif
-+ int lo_offset;
-+ int lo_encrypt_type;
-+ int lo_encrypt_key_size;
-+ int lo_flags;
-+ char lo_name[LO_NAME_SIZE];
-+ unsigned char lo_encrypt_key[LO_KEY_SIZE];
-+ unsigned long lo_init[2];
-+ char reserved[4];
-+};
-+
-+struct loop_info64 {
-+ u_int64_t lo_device; /* ioctl r/o */
-+ u_int64_t lo_inode; /* ioctl r/o */
-+ u_int64_t lo_rdevice; /* ioctl r/o */
-+ u_int64_t lo_offset; /* bytes */
-+ u_int64_t lo_sizelimit; /* bytes, 0 == max available */
-+ u_int32_t lo_number; /* ioctl r/o */
-+ u_int32_t lo_encrypt_type;
-+ u_int32_t lo_encrypt_key_size; /* ioctl w/o */
-+ u_int32_t lo_flags; /* ioctl r/o */
-+ unsigned char lo_file_name[LO_NAME_SIZE];
-+ unsigned char lo_crypt_name[LO_NAME_SIZE];
-+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
-+ u_int64_t lo_init[2];
-+};
-+
-+extern int loop_set_status64_ioctl(int, struct loop_info64 *);
-+extern int loop_get_status64_ioctl(int, struct loop_info64 *);
-+extern int is_unused_loop_device(int);
-+
-+struct loop_crypt_type_struct {
-+ short int id;
-+ unsigned char flags; /* bit0 = show keybits, bit1 = add '-' before keybits */
-+ unsigned char keyBytes;
-+ char *name;
-+};
-+
-+extern struct loop_crypt_type_struct loop_crypt_type_tbl[];
-+extern int loop_crypt_type(const char *, u_int32_t *, char **);
-+extern int try_cryptoapi_loop_interface(int, struct loop_info64 *, char *);
-+
-+#endif
-diff -urN util-linux-2.34/sys-utils/losetup.8 util-linux-2.34-AES/sys-utils/losetup.8
---- util-linux-2.34/sys-utils/losetup.8 2019-04-24 13:42:25.234752668 +0300
-+++ util-linux-2.34-AES/sys-utils/losetup.8 2019-07-11 09:31:03.214081134 +0300
-@@ -1,210 +1,200 @@
--.TH LOSETUP 8 "November 2015" "util-linux" "System Administration"
-+.TH LOSETUP 8 "2012-09-24" "Linux" "MAINTENANCE COMMANDS"
- .SH NAME
- losetup \- set up and control loop devices
- .SH SYNOPSIS
- .ad l
--Get info:
--.sp
--.in +5
--.B losetup
--[\fIloopdev\fP]
--.sp
--.B losetup -l
--.RB [ \-a ]
--.sp
--.B losetup -j
--.I file
--.RB [ \-o
--.IR offset ]
--.sp
--.in -5
--Detach a loop device:
--.sp
--.in +5
--.B "losetup \-d"
--.IR loopdev ...
--.sp
--.in -5
--Detach all associated loop devices:
--.sp
--.in +5
--.B "losetup \-D"
--.sp
--.in -5
--Set up a loop device:
--.sp
--.in +5
--.B losetup
--.RB [ \-o
--.IR offset ]
--.RB [ \-\-sizelimit
--.IR size ]
--.RB [ \-\-sector\-size
--.IR size ]
--.in +8
--.RB [ \-Pr ]
--.RB [ \-\-show ] " \-f" | \fIloopdev\fP
--.I file
--.sp
--.in -13
--Resize a loop device:
--.sp
--.in +5
--.B "losetup \-c"
--.I loopdev
--.in -5
-+.B losetup
-+[options]
-+.I loop_device
-+file
-+.br
-+.B losetup -F
-+[options]
-+.I loop_device
-+[file]
-+.br
-+.B losetup
-+[
-+.B \-d
-+]
-+.I loop_device
-+.br
-+.B losetup -a
-+.br
-+.B losetup -f
-+.br
-+.B losetup
-+.B \-R
-+.I loop_device
- .ad b
- .SH DESCRIPTION
- .B losetup
- is used to associate loop devices with regular files or block devices,
--to detach loop devices, and to query the status of a loop device. If only the
--\fIloopdev\fP argument is given, the status of the corresponding loop
--device is shown. If no option is given, all loop devices are shown.
--.sp
--Note that the old output format (i.e., \fBlosetup -a\fR) with comma-delimited
--strings is deprecated in favour of the \fB--list\fR output format.
--.sp
--It's possible to create more independent loop devices for the same backing
--file.
--.B This setup may be dangerous, can cause data loss, corruption and overwrites.
--Use \fB\-\-nooverlap\fR with \fB\-\-find\fR during setup to avoid this problem.
--
-+to detach loop devices and to query the status of a loop device. If only the
-+\fIloop_device\fP argument is given, the status of the corresponding loop
-+device is shown.
- .SH OPTIONS
--The \fIsize\fR and \fIoffset\fR
--arguments may be followed by the multiplicative suffixes KiB (=1024),
--MiB (=1024*1024), and so on for GiB, TiB, PiB, EiB, ZiB and YiB (the "iB" is
--optional, e.g., "K" has the same meaning as "KiB") or the suffixes
--KB (=1000), MB (=1000*1000), and so on for GB, TB, PB, EB, ZB and YB.
--
--.TP
--.BR \-a , " \-\-all"
--Show the status of all loop devices. Note that not all information is accessible
--for non-root users. See also \fB\-\-list\fR. The old output format (as printed
--without \fB--list)\fR is deprecated.
--.TP
--.BR \-d , " \-\-detach " \fIloopdev\fR...
--Detach the file or device associated with the specified loop device(s). Note
--that since Linux v3.7 kernel uses "lazy device destruction". The detach
--operation does not return EBUSY error anymore if device is actively used by
--system, but it is marked by autoclear flag and destroyed later.
--.TP
--.BR \-D , " \-\-detach\-all"
--Detach all associated loop devices.
--.TP
--.BR \-f , " \-\-find " "\fR[\fIfile\fR]"
--Find the first unused loop device. If a \fIfile\fR argument is present, use
--the found device as loop device. Otherwise, just print its name.
--.IP "\fB\-\-show\fP"
--Display the name of the assigned loop device if the \fB\-f\fP option and a
--\fIfile\fP argument are present.
--.TP
--.BR \-L , " \-\-nooverlap"
--Check for conflicts between loop devices to avoid situation when the same
--backing file is shared between more loop devices. If the file is already used
--by another device then re-use the device rather than a new one. The option
--makes sense only with \fB\-\-find\fP.
--.TP
--.BR \-j , " \-\-associated " \fIfile\fR " \fR[\fB\-o \fIoffset\fR]"
--Show the status of all loop devices associated with the given \fIfile\fR.
--.TP
--.BR \-o , " \-\-offset " \fIoffset
--The data start is moved \fIoffset\fP bytes into the specified file or device. The \fIoffset\fP
--may be followed by the multiplicative suffixes; see above.
--.IP "\fB\-\-sizelimit \fIsize\fP"
--The data end is set to no more than \fIsize\fP bytes after the data start. The \fIsize\fP
--may be followed by the multiplicative suffixes; see above.
--.TP
--.BR \-b , " \-\-sector-size " \fIsize
--Set the logical sector size of the loop device in bytes (since Linux 4.14). The
--option may be used when create a new loop device as well as stand-alone command
--to modify sector size of the already existing loop device.
--.TP
--.BR \-c , " \-\-set\-capacity " \fIloopdev
--Force the loop driver to reread the size of the file associated with the
--specified loop device.
--.TP
--.BR \-P , " \-\-partscan"
--Force the kernel to scan the partition table on a newly created loop device. Note that the
--partition table parsing depends on sector sizes. The default is sector size is 512 bytes,
--otherwise you need to use the option \fB\-\-sector\-size\fR together with \fB\-\-partscan\fR.
--.TP
--.BR \-r , " \-\-read\-only"
--Set up a read-only loop device.
--.TP
--.BR \-\-direct\-io [ =on | off ]
--Enable or disable direct I/O for the backing file. The optional argument
--can be either \fBon\fR or \fBoff\fR. If the argument is omitted, it defaults
--to \fBon\fR.
--.TP
--.BR \-v , " \-\-verbose"
-+.IP \fB\-a\fP
-+Show status of all loop devices.
-+.IP "\fB\-C \fIitercountk\fP"
-+Runs hashed passphrase through \fIitercountk\fP thousand iterations of AES-256
-+before using it for loop encryption. This consumes lots of CPU cycles at
-+loop setup/mount time but not thereafter. In combination with passphrase seed
-+this slows down dictionary attacks. Iteration is not done in multi-key mode.
-+.IP "\fB\-d\fP"
-+Detach the file or device associated with the specified loop device.
-+.IP "\fB\-e \fIencryption\fP"
-+.RS
-+Enable data encryption. Following encryption types are recognized:
-+.IP \fBNONE\fP
-+Use no encryption (default).
-+.PD 0
-+.IP \fBXOR\fP
-+Use a simple XOR encryption.
-+.IP "\fBAES128 AES\fP"
-+Use 128 bit AES encryption. Passphrase is hashed with SHA-256 by default.
-+.IP \fBAES192\fP
-+Use 192 bit AES encryption. Passphrase is hashed with SHA-384 by default.
-+.IP \fBAES256\fP
-+Use 256 bit AES encryption. Passphrase is hashed with SHA-512 by default.
-+
-+.IP "\fBtwofish128 twofish160 twofish192 twofish256\fP"
-+.IP "\fBblowfish128 blowfish160 blowfish192 blowfish256\fP"
-+.IP "\fBserpent128 serpent192 serpent256 mars128 mars192\fP"
-+.IP "\fBmars256 rc6-128 rc6-192 rc6-256 tripleDES\fP"
-+These encryption types are available if they are enabled in kernel
-+configuration or corresponding modules have been loaded to kernel.
-+.PD
-+.RE
-+.IP "\fB\-f\fP"
-+Find and show next unused loop device.
-+.IP "\fB\-F\fP"
-+Reads and uses mount options from /etc/fstab that match specified loop
-+device, including offset= sizelimit= encryption= pseed= phash= loinit=
-+gpgkey= gpghome= cleartextkey= itercountk= and looped to device/file name.
-+loop= option in /etc/fstab must match specified loop device name. Command
-+line options take precedence in case of conflict.
-+.IP "\fB\-G \fIgpghome\fP"
-+Set gpg home directory to \fIgpghome\fP, so that gpg uses public/private
-+keys on \fIgpghome\fP directory. This is only used when gpgkey file needs to
-+be decrypted using public/private keys. If gpgkey file is encrypted with
-+symmetric cipher only, public/private keys are not required and this option
-+has no effect.
-+.IP "\fB\-H \fIphash\fP"
-+Uses \fIphash\fP function to hash passphrase. Available hash functions are
-+sha256, sha384, sha512 and rmd160. unhashed1 and unhashed2
-+functions also exist for compatibility with some obsolete implementations.
-+
-+Hash function random does not ask for passphrase but sets up random keys and
-+attempts to put loop to multi-key mode. When random/1777 hash type is used
-+as mount option for mount program, mount program will create new file system
-+on the loop device and construct initial permissions of file system root
-+directory from octal digits that follow the slash character.
-+
-+WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING IMPORTANT
-+DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA.
-+.IP "\fB\-I \fIloinit\fP"
-+Passes a numeric value of \fIloinit\fP as a parameter to cipher transfer
-+function. Cipher transfer functions are free to interpret value as they
-+want.
-+.IP "\fB\-K \fIgpgkey\fP"
-+Passphrase is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which
-+contains the real keys that are used to encrypt loop device. If decryption
-+requires public/private keys and gpghome is not specified, all users use
-+their own gpg public/private keys to decrypt \fIgpgkey\fP. Decrypted
-+\fIgpgkey\fP should contain 1 or 64 or 65 keys, each key at least 20
-+characters and separated by newline. If decrypted \fIgpgkey\fP contains 64
-+or 65 keys, then loop device is put to multi-key mode. In multi-key mode
-+first key is used for first sector, second key for second sector, and so on.
-+65th key, if present, is used as additional input to MD5 IV computation.
-+.IP "\fB\-o \fIoffset\fP"
-+The data start is moved \fIoffset\fP bytes into the specified file or
-+device. Normally offset is included in IV (initialization vector)
-+computations. If offset is prefixed with @ character, then offset is not
-+included in IV computations. @ prefix functionality may not be supported on
-+some older kernels and/or loop drivers.
-+.IP "\fB\-p \fIpasswdfd\fP"
-+Read the passphrase from file descriptor \fIpasswdfd\fP instead of the
-+terminal. If -K option is not being used (no gpg key file), then losetup
-+attempts to read 65 keys from \fIpasswdfd\fP, each key at least 20
-+characters and separated by newline. If losetup successfully reads 64 or 65
-+keys, then loop device is put to multi-key mode. If losetup encounters
-+end-of-file before 64 keys are read, then only first key is used in
-+single-key mode.
-+
-+echo SecretPassphraseHere | losetup -p0 -K foo.gpg -e AES128 ...
-+
-+In above example, losetup reads passphrase from file descriptor 0 (stdin).
-+.IP "\fB\-P \fIcleartextkey\fP"
-+Read the passphrase from file \fIcleartextkey\fP instead of the
-+terminal. If -K option is not being used (no gpg key file), then losetup
-+attempts to read 65 keys from \fIcleartextkey\fP, each key at least 20
-+characters and separated by newline. If losetup successfully reads 64 or 65
-+keys, then loop device is put to multi-key mode. If losetup encounters
-+end-of-file before 64 keys are read, then only first key is used in
-+single-key mode. If both -p and -P options are used, then -p option takes
-+precedence. These are equivalent:
-+
-+losetup -p3 -K foo.gpg -e AES128 ... 3<someFileName
-+
-+losetup -P someFileName -K foo.gpg -e AES128 ...
-+
-+In first line of above example, in addition to normal open file descriptors
-+(0==stdin 1==stdout 2==stderr), shell opens the file and passes open file
-+descriptor to started losetup program. In second line of above example,
-+losetup opens the file itself.
-+.IP "\fB\-r\fP"
-+Read-only mode.
-+.IP "\fB\-R\fP"
-+Resize existing, already set up loop device, to new changed underlying
-+device size. This option is for changing mounted live file system size on
-+LVM volume. This functionality may not be supported on some older kernels
-+and/or loop drivers.
-+.IP "\fB\-s \fIsizelimit\fP"
-+Size of loop device is limited to \fIsizelimit\fP bytes. If unspecified or
-+set to zero, loop device size is set to maximum available (file size minus
-+offset). This option may not be supported on some older kernels and/or loop
-+drivers.
-+.IP "\fB\-S \fIpseed\fP"
-+Sets encryption passphrase seed \fIpseed\fP which is appended to user supplied
-+passphrase before hashing. Using different seeds for different partitions
-+makes dictionary attacks slower but does not prevent them if user supplied
-+passphrase is guessable. Seed is not used in multi-key mode.
-+.IP "\fB\-T\fP"
-+Asks passphrase twice.
-+.IP "\fB\-v\fP"
- Verbose mode.
--.TP
--.BR \-l , " \-\-list"
--If a loop device or the \fB-a\fR option is specified, print the default columns
--for either the specified loop device or all loop devices; the default is to
--print info about all devices. See also \fB\-\-output\fP, \fB\-\-noheadings\fP,
--\fB\-\-raw\fP, and \fB\-\-json\fP.
--.TP
--.BR \-O , " \-\-output " \fIcolumn\fR[,\fIcolumn\fR]...
--Specify the columns that are to be printed for the \fB\-\-list\fP output.
--Use \fB\-\-help\fR to get a list of all supported columns.
--.TP
--.B \-\-output\-all
--Output all available columns.
--.TP
--.BR \-n , " \-\-noheadings"
--Don't print headings for \fB\-\-list\fP output format.
--.IP "\fB\-\-raw\fP"
--Use the raw \fB\-\-list\fP output format.
--.TP
--.BR \-J , " \-\-json"
--Use JSON format for \fB\-\-list\fP output.
--.TP
--.BR \-V , " \-\-version"
--Display version information and exit.
--.TP
--.BR \-h , " \-\-help"
--Display help text and exit.
--
--.SH ENCRYPTION
--.B Cryptoloop is no longer supported in favor of dm-crypt.
--.B For more details see cryptsetup(8).
--
- .SH RETURN VALUE
- .B losetup
--returns 0 on success, nonzero on failure. When
-+returns 0 on success, nonzero on failure. When
- .B losetup
- displays the status of a loop device, it returns 1 if the device
- is not configured and 2 if an error occurred which prevented
--determining the status of the device.
-+.B losetup
-+from determining the status of the device.
-
- .SH FILES
--.TP
--.I /dev/loop[0..N]
--loop block devices
--.TP
--.I /dev/loop-control
--loop control device
--
-+.nf
-+/dev/loop0,/dev/loop1,... loop devices (major=7)
-+.fi
- .SH EXAMPLE
- The following commands can be used as an example of using the loop device.
- .nf
--.IP
--# dd if=/dev/zero of=~/file.img bs=1024k count=10
--# losetup --find --show ~/file.img
--/dev/loop0
--# mkfs -t ext2 /dev/loop0
--# mount /dev/loop0 /mnt
-+
-+dd if=/dev/zero of=/file bs=1k count=500
-+head -c 3705 /dev/random | uuencode -m - | head -n 66 \\
-+ | tail -n 65 | gpg --symmetric -a >/etc/fskey9.gpg
-+losetup -e AES128 -K /etc/fskey9.gpg /dev/loop0 /file
-+mkfs -t ext2 /dev/loop0
-+mount -t ext2 /dev/loop0 /mnt
- ...
--# umount /dev/loop0
--# losetup --detach /dev/loop0
-+umount /dev/loop0
-+losetup -d /dev/loop0
- .fi
--.SH ENVIRONMENT
--.IP LOOPDEV_DEBUG=all
--enables debug output.
-+.SH RESTRICTION
-+XOR encryption is terribly weak.
- .SH AUTHORS
--Karel Zak <kzak@redhat.com>, based on the original version from
--Theodore Ts'o <tytso@athena.mit.edu>
--.SH AVAILABILITY
--The losetup command is part of the util-linux package and is available from
--https://www.kernel.org/pub/linux/utils/util-linux/.
-+.nf
-+Original version: Theodore Ts'o <tytso@athena.mit.edu>
-+AES support: Jari Ruusu
-+.fi
-diff -urN util-linux-2.34/sys-utils/losetup1.c util-linux-2.34-AES/sys-utils/losetup1.c
---- util-linux-2.34/sys-utils/losetup1.c 1970-01-01 02:00:00.000000000 +0200
-+++ util-linux-2.34-AES/sys-utils/losetup1.c 2019-07-11 09:31:03.214081134 +0300
-@@ -0,0 +1,1281 @@
-+/* Taken from Ted's losetup.c - Mitch <m.dsouza@mrc-apu.cam.ac.uk> */
-+/* Added vfs mount options - aeb - 960223 */
-+/* Removed lomount - aeb - 960224 */
-+
-+/*
-+ * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
-+ * - added Native Language Support
-+ * 1999-03-21 Arnaldo Carvalho de Melo <acme@conectiva.com.br>
-+ * - fixed strerr(errno) in gettext calls
-+ * 2001-04-11 Jari Ruusu
-+ * - added AES support
-+ */
-+
-+#define LOOPMAJOR 7
-+
-+/*
-+ * losetup.c - setup and control loop devices
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <fcntl.h>
-+#include <errno.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <pwd.h>
-+#include <sys/types.h>
-+#include <sys/ioctl.h>
-+#include <sys/stat.h>
-+#include <sys/mman.h>
-+#include <sys/sysmacros.h>
-+#include <sys/wait.h>
-+#include <limits.h>
-+#include <fcntl.h>
-+#include <mntent.h>
-+#include <locale.h>
-+#include <sys/time.h>
-+#include <sys/utsname.h>
-+#include <signal.h>
-+
-+#include "loop.h"
-+#include "nls.h"
-+#include "../libmount/src/sha512.h"
-+#include "../libmount/src/rmd160.h"
-+#include "../libmount/src/aes.h"
-+
-+#if !defined(BLKGETSIZE64)
-+# define BLKGETSIZE64 _IOR(0x12,114,size_t)
-+#endif
-+
-+int verbose = 0;
-+
-+#if !defined(LOOP_PASSWORD_MIN_LENGTH)
-+# define LOOP_PASSWORD_MIN_LENGTH 20
-+#endif
-+
-+char *passFDnumber = (char *)0;
-+char *passAskTwice = (char *)0;
-+char *passSeedString = (char *)0;
-+char *passHashFuncName = (char *)0;
-+char *passIterThousands = (char *)0;
-+char *loInitValue = (char *)0;
-+char *gpgKeyFile = (char *)0;
-+char *gpgHomeDir = (char *)0;
-+char *clearTextKeyFile = (char *)0;
-+char *loopOffsetBytes = (char *)0;
-+char *loopSizeBytes = (char *)0;
-+char *loopEncryptionType = (char *)0;
-+
-+static int multiKeyMode = 0; /* 0=single-key 64=multi-key-v2 65=multi-key-v3 1000=any */
-+static char *multiKeyPass[66];
-+static char *loopFileName;
-+
-+static char *xstrdup(const char *s)
-+{
-+ char *t;
-+ if(!s) return NULL;
-+ t = strdup(s);
-+ if(!t) {
-+ fprintf(stderr, "not enough memory\n");
-+ exit(2); /* EX_SYSERR */
-+ }
-+ return t;
-+}
-+
-+static char *
-+crypt_name (int id, int *flags) {
-+ int i;
-+
-+ for (i = 0; loop_crypt_type_tbl[i].id != -1; i++)
-+ if(id == loop_crypt_type_tbl[i].id) {
-+ *flags = loop_crypt_type_tbl[i].flags;
-+ return loop_crypt_type_tbl[i].name;
-+ }
-+ *flags = 0;
-+ if(id == 18)
-+ return "CryptoAPI";
-+ return "undefined";
-+}
-+
-+static int
-+show_loop(char *device) {
-+ struct loop_info64 loopinfo;
-+ int fd;
-+
-+ if ((fd = open(device, O_RDONLY)) < 0) {
-+ int errsv = errno;
-+ fprintf(stderr, _("loop: can't open device %s: %s\n"),
-+ device, strerror (errsv));
-+ return 2;
-+ }
-+ if (loop_get_status64_ioctl(fd, &loopinfo) < 0) {
-+ int errsv = errno;
-+ close (fd);
-+ fprintf(stderr, _("loop: can't get info on device %s: %s\n"),
-+ device, strerror (errsv));
-+ return 1;
-+ }
-+ close (fd);
-+ loopinfo.lo_file_name[LO_NAME_SIZE-1] = 0;
-+ loopinfo.lo_crypt_name[LO_NAME_SIZE-1] = 0;
-+ printf("%s: [%04llx]:%llu (%s)", device, (unsigned long long)loopinfo.lo_device,
-+ (unsigned long long)loopinfo.lo_inode, loopinfo.lo_file_name);
-+ if (loopinfo.lo_offset) {
-+ if ((long long)loopinfo.lo_offset < 0) {
-+ printf(_(" offset=@%llu"), -((unsigned long long)loopinfo.lo_offset));
-+ } else {
-+ printf(_(" offset=%llu"), (unsigned long long)loopinfo.lo_offset);
-+ }
-+ }
-+ if (loopinfo.lo_sizelimit)
-+ printf(_(" sizelimit=%llu"), (unsigned long long)loopinfo.lo_sizelimit);
-+ if (loopinfo.lo_encrypt_type) {
-+ int flags;
-+ char *s = crypt_name (loopinfo.lo_encrypt_type, &flags);
-+
-+ printf(_(" encryption=%s"), s);
-+ /* type 18 == LO_CRYPT_CRYPTOAPI */
-+ if (loopinfo.lo_encrypt_type == 18) {
-+ printf("/%s", loopinfo.lo_crypt_name);
-+ } else {
-+ if(flags & 2)
-+ printf("-");
-+ if(flags & 1)
-+ printf("%u", (unsigned int)loopinfo.lo_encrypt_key_size << 3);
-+ }
-+ }
-+ switch(loopinfo.lo_flags & 0x180000) {
-+ case 0x180000:
-+ printf(_(" multi-key-v3"));
-+ break;
-+ case 0x100000:
-+ printf(_(" multi-key-v2"));
-+ break;
-+ }
-+ /* type 2 == LO_CRYPT_DES */
-+ if (loopinfo.lo_init[0] && (loopinfo.lo_encrypt_type != 2))
-+ printf(_(" loinit=%llu"), (unsigned long long)loopinfo.lo_init[0]);
-+ if (loopinfo.lo_flags & 0x200000)
-+ printf(_(" read-only"));
-+ printf("\n");
-+
-+ return 0;
-+}
-+
-+#define SIZE(a) (sizeof(a)/sizeof(a[0]))
-+
-+static char *
-+find_unused_loop_device (void) {
-+ /* Just creating a device, say in /tmp, is probably a bad idea -
-+ people might have problems with backup or so.
-+ So, we just try /dev/loop[0-7]. */
-+ char dev[20];
-+ char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" };
-+ int i, j, fd, somedev = 0, someloop = 0;
-+ struct stat statbuf;
-+
-+ for (j = 0; j < (int)SIZE(loop_formats); j++) {
-+ for(i = 0; i < 256; i++) {
-+ sprintf(dev, loop_formats[j], i);
-+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) {
-+ somedev++;
-+ fd = open (dev, O_RDONLY);
-+ if (fd >= 0) {
-+ if (is_unused_loop_device(fd) == 0)
-+ someloop++; /* in use */
-+ else if (errno == ENXIO) {
-+ close (fd);
-+ return xstrdup(dev);/* probably free */
-+ }
-+ close (fd);
-+ }
-+ continue;/* continue trying as long as devices exist */
-+ }
-+ break;
-+ }
-+ }
-+
-+ if (!somedev)
-+ fprintf(stderr, _("Error: could not find any loop device\n"));
-+ else if (!someloop)
-+ fprintf(stderr, _("Error: could not open any loop device\n"));
-+ else
-+ fprintf(stderr, _("Error: could not find any free loop device\n"));
-+ return 0;
-+}
-+
-+static int rd_wr_retry(int fd, char *buf, int cnt, int w)
-+{
-+ int x, y, z;
-+
-+ x = 0;
-+ while(x < cnt) {
-+ y = cnt - x;
-+ if(w) {
-+ z = write(fd, buf + x, y);
-+ } else {
-+ z = read(fd, buf + x, y);
-+ if (!z) return x;
-+ }
-+ if(z < 0) {
-+ if ((errno == EAGAIN) || (errno == ENOMEM) || (errno == ERESTART) || (errno == EINTR)) {
-+ continue;
-+ }
-+ return x;
-+ }
-+ x += z;
-+ }
-+ return x;
-+}
-+
-+static char *get_FD_pass(int fd)
-+{
-+ char *p = NULL, *n;
-+ int x = 0, y = 0;
-+
-+ do {
-+ if(y >= (x - 1)) {
-+ x += 128;
-+ /* Must enforce some max limit here -- this code */
-+ /* runs as part of mount, and mount is setuid root */
-+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */
-+ if(x > (4*1024)) return(NULL);
-+ n = malloc(x);
-+ if(!n) return(NULL);
-+ if(p) {
-+ memcpy(n, p, y);
-+ memset(p, 0, y);
-+ free(p);
-+ }
-+ p = n;
-+ }
-+ if(rd_wr_retry(fd, p + y, 1, 0) != 1) break;
-+ if((p[y] == '\n') || !p[y]) break;
-+ y++;
-+ } while(1);
-+ if(p) p[y] = 0;
-+ return p;
-+}
-+
-+static unsigned long long mystrtoull(char *s, int acceptAT)
-+{
-+ unsigned long long v = 0;
-+ int negative = 0;
-+
-+ while ((*s == ' ') || (*s == '\t'))
-+ s++;
-+ if (acceptAT && (*s == '@')) {
-+ s++;
-+ negative = 1;
-+ }
-+ if (*s == '0') {
-+ s++;
-+ if ((*s == 'x') || (*s == 'X')) {
-+ s++;
-+ sscanf(s, "%llx", &v);
-+ } else {
-+ sscanf(s, "%llo", &v);
-+ }
-+ } else {
-+ sscanf(s, "%llu", &v);
-+ }
-+ return negative ? -v : v;
-+}
-+
-+static void warnAboutBadKeyData(int x)
-+{
-+ if((x > 1) && (x != 64) && (x != 65)) {
-+ fprintf(stderr, _("Warning: Unknown key data format - using it anyway\n"));
-+ }
-+}
-+
-+static int are_these_files_same(const char *name1, const char *name2)
-+{
-+ struct stat statbuf1;
-+ struct stat statbuf2;
-+
-+ if(!name1 || !*name1 || !name2 || !*name2) return 0;
-+ if(stat(name1, &statbuf1)) return 0;
-+ if(stat(name2, &statbuf2)) return 0;
-+ if(statbuf1.st_dev != statbuf2.st_dev) return 0;
-+ if(statbuf1.st_ino != statbuf2.st_ino) return 0;
-+ return 1; /* are same */
-+}
-+
-+static char *do_GPG_pipe(char *pass)
-+{
-+ int x, pfdi[2], pfdo[2];
-+ char str[10], *a[16], *e[2], *h;
-+ pid_t gpid;
-+ struct passwd *p;
-+ void *oldSigPipeHandler;
-+
-+ if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) {
-+ h = gpgHomeDir;
-+ } else {
-+ if(!(p = getpwuid(getuid()))) {
-+ fprintf(stderr, _("Error: Unable to detect home directory for uid %d\n"), (int)getuid());
-+ return NULL;
-+ }
-+ h = p->pw_dir;
-+ }
-+ if(!(e[0] = malloc(strlen(h) + 6))) {
-+ nomem1:
-+ fprintf(stderr, _("Error: Unable to allocate memory\n"));
-+ return NULL;
-+ }
-+ sprintf(e[0], "HOME=%s", h);
-+ e[1] = 0;
-+
-+ if(pipe(&pfdi[0])) {
-+ nomem2:
-+ free(e[0]);
-+ goto nomem1;
-+ }
-+ if(pipe(&pfdo[0])) {
-+ close(pfdi[0]);
-+ close(pfdi[1]);
-+ goto nomem2;
-+ }
-+
-+ /*
-+ * When this code is run as part of losetup, normal read permissions
-+ * affect the open() below because losetup is not setuid-root.
-+ *
-+ * When this code is run as part of mount, only root can set
-+ * 'gpgKeyFile' and as such, only root can decide what file is opened
-+ * below. However, since mount is usually setuid-root all non-root
-+ * users can also open() the file too, but that file's contents are
-+ * only piped to gpg. This readable-for-all is intended behaviour,
-+ * and is very useful in situations where non-root users mount loop
-+ * devices with their own gpg private key, and yet don't have access
-+ * to the actual key used to encrypt loop device.
-+ */
-+ if((x = open(gpgKeyFile, O_RDONLY)) == -1) {
-+ fprintf(stderr, _("Error: unable to open %s for reading\n"), gpgKeyFile);
-+ nomem3:
-+ free(e[0]);
-+ close(pfdo[0]);
-+ close(pfdo[1]);
-+ close(pfdi[0]);
-+ close(pfdi[1]);
-+ return NULL;
-+ }
-+
-+ /*
-+ * If someone puts a gpg key file at beginning of device and
-+ * puts the real file system at some offset into the device,
-+ * this code extracts that gpg key file into a temp file so gpg
-+ * won't end up reading whole device when decrypting the key file.
-+ *
-+ * Example of encrypted cdrom mount with 8192 bytes reserved for gpg key file:
-+ * mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192
-+ * ^^^^^^^^^^ ^^^^^^^^^^ ^^^^
-+ */
-+ if(loopOffsetBytes && are_these_files_same(loopFileName, gpgKeyFile)) {
-+ FILE *f;
-+ char b[1024];
-+ long long cnt;
-+ int cnt2, cnt3;
-+
-+ cnt = mystrtoull(loopOffsetBytes, 1);
-+ if(cnt < 0) cnt = -cnt;
-+ if(cnt > (1024 * 1024)) cnt = 1024 * 1024; /* sanity check */
-+ f = tmpfile();
-+ if(!f) {
-+ fprintf(stderr, _("Error: unable to create temp file\n"));
-+ close(x);
-+ goto nomem3;
-+ }
-+ while(cnt > 0) {
-+ cnt2 = sizeof(b);
-+ if(cnt < cnt2) cnt2 = cnt;
-+ cnt3 = rd_wr_retry(x, b, cnt2, 0);
-+ if(cnt3 && (fwrite(b, cnt3, 1, f) != 1)) {
-+ tmpWrErr:
-+ fprintf(stderr, _("Error: unable to write to temp file\n"));
-+ fclose(f);
-+ close(x);
-+ goto nomem3;
-+ }
-+ if(cnt2 != cnt3) break;
-+ cnt -= cnt3;
-+ }
-+ if(fflush(f)) goto tmpWrErr;
-+ close(x);
-+ x = dup(fileno(f));
-+ fclose(f);
-+ lseek(x, 0L, SEEK_SET);
-+ }
-+
-+ sprintf(str, "%d", pfdi[0]);
-+ if(!(gpid = fork())) {
-+ dup2(x, 0);
-+ dup2(pfdo[1], 1);
-+ close(x);
-+ close(pfdi[1]);
-+ close(pfdo[0]);
-+ close(pfdo[1]);
-+ if((x = open("/dev/null", O_WRONLY)) >= 0) {
-+ dup2(x, 2);
-+ close(x);
-+ }
-+ x = 0;
-+ a[x++] = "gpg";
-+ if(gpgHomeDir && gpgHomeDir[0]) {
-+ a[x++] = "--homedir";
-+ a[x++] = gpgHomeDir;
-+ }
-+ a[x++] = "--no-options";
-+ a[x++] = "--quiet";
-+ a[x++] = "--batch";
-+ a[x++] = "--no-tty";
-+ a[x++] = "--passphrase-fd";
-+ a[x++] = str;
-+ a[x++] = "--decrypt";
-+ a[x] = 0;
-+ if(setgid(getgid())) exit(1);
-+ if(setuid(getuid())) exit(1);
-+ for(x = 3; x < 1024; x++) {
-+ if(x == pfdi[0]) continue;
-+ close(x);
-+ }
-+ execve("/bin/gpg", &a[0], &e[0]);
-+ execve("/usr/bin/gpg", &a[0], &e[0]);
-+ execve("/usr/local/bin/gpg", &a[0], &e[0]);
-+ exit(1);
-+ }
-+ free(e[0]);
-+ close(x);
-+ close(pfdi[0]);
-+ close(pfdo[1]);
-+ if(gpid == -1) {
-+ close(pfdi[1]);
-+ close(pfdo[0]);
-+ goto nomem1;
-+ }
-+
-+ x = strlen(pass);
-+
-+ /* ignore possible SIGPIPE signal while writing to gpg */
-+ oldSigPipeHandler = signal(SIGPIPE, SIG_IGN);
-+ rd_wr_retry(pfdi[1], pass, x, 1);
-+ rd_wr_retry(pfdi[1], "\n", 1, 1);
-+ if(oldSigPipeHandler != SIG_ERR) signal(SIGPIPE, oldSigPipeHandler);
-+
-+ close(pfdi[1]);
-+ memset(pass, 0, x);
-+ x = 0;
-+ while(x < 66) {
-+ multiKeyPass[x] = get_FD_pass(pfdo[0]);
-+ if(!multiKeyPass[x]) {
-+ /* mem alloc failed - abort */
-+ multiKeyPass[0] = 0;
-+ break;
-+ }
-+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
-+ x++;
-+ }
-+ warnAboutBadKeyData(x);
-+ if(x >= 65)
-+ multiKeyMode = 65;
-+ if(x == 64)
-+ multiKeyMode = 64;
-+ close(pfdo[0]);
-+ waitpid(gpid, &x, 0);
-+ if(!multiKeyPass[0]) goto nomem1;
-+ return multiKeyPass[0];
-+}
-+
-+static char *sGetPass(int minLen, int warnLen)
-+{
-+ char *p, *s, *seed;
-+ int i, ask2, close_i_fd = 0;
-+
-+ if(!passFDnumber) {
-+ if(clearTextKeyFile) {
-+ if((i = open(clearTextKeyFile, O_RDONLY)) == -1) {
-+ fprintf(stderr, _("Error: unable to open %s for reading\n"), clearTextKeyFile);
-+ return NULL;
-+ }
-+ close_i_fd = 1;
-+ goto contReadFrom_i;
-+ }
-+ p = getpass(_("Password: "));
-+ ask2 = passAskTwice ? 1 : 0;
-+ } else {
-+ i = atoi(passFDnumber);
-+ contReadFrom_i:
-+ if(gpgKeyFile && gpgKeyFile[0]) {
-+ p = get_FD_pass(i);
-+ if(close_i_fd) close(i);
-+ } else {
-+ int x = 0;
-+ while(x < 66) {
-+ multiKeyPass[x] = get_FD_pass(i);
-+ if(!multiKeyPass[x]) goto nomem;
-+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
-+ x++;
-+ }
-+ if(close_i_fd) close(i);
-+ warnAboutBadKeyData(x);
-+ if(x >= 65) {
-+ multiKeyMode = 65;
-+ return multiKeyPass[0];
-+ }
-+ if(x == 64) {
-+ multiKeyMode = 64;
-+ return multiKeyPass[0];
-+ }
-+ p = multiKeyPass[0];
-+ }
-+ ask2 = 0;
-+ }
-+ if(!p) goto nomem;
-+ if(gpgKeyFile && gpgKeyFile[0]) {
-+ if(ask2) {
-+ i = strlen(p);
-+ s = malloc(i + 1);
-+ if(!s) goto nomem;
-+ strcpy(s, p);
-+ p = getpass(_("Retype password: "));
-+ if(!p) goto nomem;
-+ if(strcmp(s, p)) goto compareErr;
-+ memset(s, 0, i);
-+ free(s);
-+ ask2 = 0;
-+ }
-+ p = do_GPG_pipe(p);
-+ if(!p) return(NULL);
-+ if(!p[0]) {
-+ fprintf(stderr, _("Error: gpg key file decryption failed\n"));
-+ return(NULL);
-+ }
-+ if(multiKeyMode) return(p);
-+ }
-+ i = strlen(p);
-+ if(i < minLen) {
-+ fprintf(stderr, _("Error: Password must be at least %d characters.\n"), minLen);
-+ return(NULL);
-+ }
-+ seed = passSeedString;
-+ if(!seed) seed = "";
-+ s = malloc(i + strlen(seed) + 1);
-+ if(!s) {
-+ nomem:
-+ fprintf(stderr, _("Error: Unable to allocate memory\n"));
-+ return(NULL);
-+ }
-+ strcpy(s, p);
-+ memset(p, 0, i);
-+ if(ask2) {
-+ p = getpass(_("Retype password: "));
-+ if(!p) goto nomem;
-+ if(strcmp(s, p)) {
-+ compareErr:
-+ fprintf(stderr, _("Error: Passwords are not identical\n"));
-+ return(NULL);
-+ }
-+ memset(p, 0, i);
-+ }
-+ if(i < warnLen) {
-+ fprintf(stderr, _("WARNING - Please use longer password (%d or more characters)\n"), LOOP_PASSWORD_MIN_LENGTH);
-+ }
-+ strcat(s, seed);
-+ return(s);
-+}
-+
-+/* this is for compatibility with historic loop-AES version */
-+static void unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
-+{
-+ register int x, y, z, cnt = ile;
-+ unsigned char *kp;
-+
-+ memset(keyBuf, 0, bufSize);
-+ kp = keyStr;
-+ for(x = 0; x < (bufSize * 8); x += 6) {
-+ y = *kp++;
-+ if(--cnt <= 0) {
-+ kp = keyStr;
-+ cnt = ile;
-+ }
-+ if((y >= '0') && (y <= '9')) y -= '0';
-+ else if((y >= 'A') && (y <= 'Z')) y -= ('A' - 10);
-+ else if((y >= 'a') && (y <= 'z')) y -= ('a' - 36);
-+ else if((y == '.') || (y == '/')) y += (62 - '.');
-+ else y &= 63;
-+ z = x >> 3;
-+ if(z < bufSize) {
-+ keyBuf[z] |= y << (x & 7);
-+ }
-+ z++;
-+ if(z < bufSize) {
-+ keyBuf[z] |= y >> (8 - (x & 7));
-+ }
-+ }
-+}
-+
-+/* this is for compatibility with mainline mount */
-+static void unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
-+{
-+ memset(keyBuf, 0, bufSize);
-+ strncpy((char *)keyBuf, (char *)keyStr, bufSize - 1);
-+ keyBuf[bufSize - 1] = 0;
-+}
-+
-+static void rmd160HashTwiceWithA(unsigned char *ib, int ile, unsigned char *ob, int ole)
-+{
-+ char tmpBuf[20 + 20];
-+ char pwdCopy[130];
-+
-+ if(ole < 1) return;
-+ memset(ob, 0, ole);
-+ if(ole > 40) ole = 40;
-+ __loDev_rmd160_hash_buffer(&tmpBuf[0], (char *)ib, ile);
-+ pwdCopy[0] = 'A';
-+ if(ile > (int)sizeof(pwdCopy) - 1) ile = sizeof(pwdCopy) - 1;
-+ memcpy(pwdCopy + 1, ib, ile);
-+ __loDev_rmd160_hash_buffer(&tmpBuf[20], pwdCopy, ile + 1);
-+ memcpy(ob, tmpBuf, ole);
-+ memset(tmpBuf, 0, sizeof(tmpBuf));
-+ memset(pwdCopy, 0, sizeof(pwdCopy));
-+}
-+
-+extern long long llseek(int, long long, int);
-+
-+static long long xx_lseek(int fd, long long offset, int whence)
-+{
-+ if(sizeof(off_t) >= 8) {
-+ return lseek(fd, offset, whence);
-+ } else {
-+ return llseek(fd, offset, whence);
-+ }
-+}
-+
-+static int loop_create_random_keys(char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k)
-+{
-+ int x, y, fd;
-+ sha512_context s;
-+ unsigned char b[4096];
-+
-+ if(loopro) {
-+ fprintf(stderr, _("Error: read-only device %s\n"), partition);
-+ return 1;
-+ }
-+
-+ /*
-+ * Compute SHA-512 over first 40 KB of old fs data. SHA-512 hash
-+ * output is then used as entropy for new fs encryption key.
-+ */
-+ if((fd = open(partition, O_RDWR)) == -1) {
-+ seekFailed:
-+ fprintf(stderr, _("Error: unable to open/seek device %s\n"), partition);
-+ return 1;
-+ }
-+ if(offset < 0) offset = -offset;
-+ if(xx_lseek(fd, offset, SEEK_SET) == -1) {
-+ close(fd);
-+ goto seekFailed;
-+ }
-+ __loDev_sha512_init(&s);
-+ for(x = 1; x <= 10; x++) {
-+ if((sizelimit > 0) && ((long long)(sizeof(b) * x) > sizelimit)) break;
-+ if(rd_wr_retry(fd, (char *) &b[0], sizeof(b), 0) != sizeof(b)) break;
-+ __loDev_sha512_write(&s, &b[0], sizeof(b));
-+ }
-+ __loDev_sha512_final(&s);
-+
-+ /*
-+ * Overwrite 40 KB of old fs data 20 times so that recovering
-+ * SHA-512 output beyond this point is difficult and expensive.
-+ */
-+ for(y = 0; y < 20; y++) {
-+ int z;
-+ struct {
-+ struct timeval tv;
-+ unsigned char h[64];
-+ int x,y,z;
-+ } j;
-+ if(xx_lseek(fd, offset, SEEK_SET) == -1) break;
-+ memcpy(&j.h[0], &s.sha_out[0], 64);
-+ gettimeofday(&j.tv, NULL);
-+ j.y = y;
-+ for(x = 1; x <= 10; x++) {
-+ j.x = x;
-+ for(z = 0; z < (int)sizeof(b); z += 64) {
-+ j.z = z;
-+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64);
-+ }
-+ if((sizelimit > 0) && ((long long)(sizeof(b) * x) > sizelimit)) break;
-+ if(rd_wr_retry(fd, (char *) &b[0], sizeof(b), 1) != sizeof(b)) break;
-+ }
-+ memset(&j, 0, sizeof(j));
-+ if(fsync(fd)) break;
-+ }
-+ close(fd);
-+
-+ /*
-+ * Use all 512 bits of hash output
-+ */
-+ memcpy(&b[0], &s.sha_out[0], 64);
-+ memset(&s, 0, sizeof(s));
-+
-+ /*
-+ * Read 32 bytes of random entropy from kernel's random
-+ * number generator. This code may be executed early on startup
-+ * scripts and amount of random entropy may be non-existent.
-+ * SHA-512 of old fs data is used as workaround for missing
-+ * entropy in kernel's random number generator.
-+ */
-+ if((fd = open("/dev/urandom", O_RDONLY)) == -1) {
-+ fprintf(stderr, _("Error: unable to open /dev/urandom\n"));
-+ return 1;
-+ }
-+ rd_wr_retry(fd, (char *) &b[64], 32, 0);
-+
-+ /* generate multi-key hashes */
-+ x = 0;
-+ while(x < 65) {
-+ rd_wr_retry(fd, (char *) &b[64+32], 16, 0);
-+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, k, 32);
-+ k += 32;
-+ x++;
-+ }
-+
-+ close(fd);
-+ memset(&b[0], 0, sizeof(b));
-+ return 0;
-+}
-+
-+static int
-+set_loop(const char *device, const char *file, int *loopro, int busyRetVal) {
-+ struct loop_info64 loopinfo;
-+ int fd, ffd, mode, i, errRetVal = 1;
-+ char *pass, *apiName = NULL;
-+ void (*hashFunc)(unsigned char *, int, unsigned char *, int);
-+ unsigned char multiKeyBits[65][32];
-+ int minPassLen = LOOP_PASSWORD_MIN_LENGTH;
-+
-+ sync();
-+ loopFileName = (char *)file;
-+ multiKeyMode = 0;
-+ mode = (*loopro ? O_RDONLY : O_RDWR);
-+ if ((ffd = open(file, mode)) < 0) {
-+ if (!*loopro && errno == EROFS)
-+ ffd = open(file, mode = O_RDONLY);
-+ if (ffd < 0) {
-+ perror(file);
-+ return 1;
-+ }
-+ }
-+ if ((fd = open(device, mode)) < 0) {
-+ perror (device);
-+ goto close_ffd_return1;
-+ }
-+ *loopro = (mode == O_RDONLY);
-+
-+ if (ioctl(fd, LOOP_SET_FD, ffd) < 0) {
-+ if(errno == EBUSY)
-+ errRetVal = busyRetVal;
-+ if((errRetVal != 2) || verbose)
-+ perror("ioctl: LOOP_SET_FD");
-+keyclean_close_fd_ffd_return1:
-+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key));
-+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
-+ close (fd);
-+close_ffd_return1:
-+ close (ffd);
-+ return errRetVal;
-+ }
-+
-+ memset (&loopinfo, 0, sizeof (loopinfo));
-+ strncpy ((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE - 1);
-+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0;
-+ if (loopEncryptionType)
-+ loopinfo.lo_encrypt_type = loop_crypt_type (loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName);
-+ if (loopOffsetBytes)
-+ loopinfo.lo_offset = mystrtoull(loopOffsetBytes, 1);
-+ if (loopSizeBytes)
-+ loopinfo.lo_sizelimit = mystrtoull(loopSizeBytes, 0);
-+
-+#ifdef MCL_FUTURE
-+ /*
-+ * Oh-oh, sensitive data coming up. Better lock into memory to prevent
-+ * passwd etc being swapped out and left somewhere on disk.
-+ */
-+
-+ if(loopinfo.lo_encrypt_type && mlockall(MCL_CURRENT | MCL_FUTURE)) {
-+ perror("memlock");
-+ ioctl (fd, LOOP_CLR_FD, 0);
-+ fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
-+ exit(1);
-+ }
-+#endif
-+
-+ switch (loopinfo.lo_encrypt_type) {
-+ case LO_CRYPT_NONE:
-+ loopinfo.lo_encrypt_key_size = 0;
-+ break;
-+ case LO_CRYPT_XOR:
-+ pass = sGetPass (1, 0);
-+ if(!pass) goto loop_clr_fd_out;
-+ strncpy ((char *)loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE - 1);
-+ loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0;
-+ loopinfo.lo_encrypt_key_size = strlen((char*)loopinfo.lo_encrypt_key);
-+ break;
-+ case 3: /* LO_CRYPT_FISH2 */
-+ case 4: /* LO_CRYPT_BLOW */
-+ case 7: /* LO_CRYPT_SERPENT */
-+ case 8: /* LO_CRYPT_MARS */
-+ case 11: /* LO_CRYPT_RC6 */
-+ case 12: /* LO_CRYPT_DES_EDE3 */
-+ case 16: /* LO_CRYPT_AES */
-+ case 18: /* LO_CRYPT_CRYPTOAPI */
-+ /* set default hash function */
-+ hashFunc = __loDev_sha256_hash_buffer;
-+ if(loopinfo.lo_encrypt_key_size == 24) hashFunc = __loDev_sha384_hash_buffer;
-+ if(loopinfo.lo_encrypt_key_size == 32) hashFunc = __loDev_sha512_hash_buffer;
-+ /* possibly override default hash function */
-+ if(passHashFuncName) {
-+ if(!strcasecmp(passHashFuncName, "sha256")) {
-+ hashFunc = __loDev_sha256_hash_buffer;
-+ } else if(!strcasecmp(passHashFuncName, "sha384")) {
-+ hashFunc = __loDev_sha384_hash_buffer;
-+ } else if(!strcasecmp(passHashFuncName, "sha512")) {
-+ hashFunc = __loDev_sha512_hash_buffer;
-+ } else if(!strcasecmp(passHashFuncName, "rmd160")) {
-+ hashFunc = rmd160HashTwiceWithA;
-+ minPassLen = 1;
-+ } else if(!strcasecmp(passHashFuncName, "unhashed1")) {
-+ hashFunc = unhashed1_key_setup;
-+ } else if(!strcasecmp(passHashFuncName, "unhashed2")) {
-+ hashFunc = unhashed2_key_setup;
-+ minPassLen = 1;
-+ } else if(!strncasecmp(passHashFuncName, "random", 6) && ((passHashFuncName[6] == 0) || (passHashFuncName[6] == '/'))) {
-+ /* random hash type sets up 65 random keys */
-+ /* WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING */
-+ /* IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. */
-+ if(loop_create_random_keys((char*)file, loopinfo.lo_offset, loopinfo.lo_sizelimit, *loopro, &multiKeyBits[0][0])) {
-+ goto loop_clr_fd_out;
-+ }
-+ memcpy(&loopinfo.lo_encrypt_key[0], &multiKeyBits[0][0], sizeof(loopinfo.lo_encrypt_key));
-+ multiKeyMode = 1000;
-+ break; /* out of switch(loopinfo.lo_encrypt_type) */
-+ }
-+ }
-+ pass = sGetPass (minPassLen, LOOP_PASSWORD_MIN_LENGTH);
-+ if(!pass) goto loop_clr_fd_out;
-+ i = strlen(pass);
-+ if(hashFunc == unhashed1_key_setup) {
-+ /* this is for compatibility with historic loop-AES version */
-+ loopinfo.lo_encrypt_key_size = 16; /* 128 bits */
-+ if(i >= 32) loopinfo.lo_encrypt_key_size = 24; /* 192 bits */
-+ if(i >= 43) loopinfo.lo_encrypt_key_size = 32; /* 256 bits */
-+ }
-+ (*hashFunc)((unsigned char *)pass, i, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key));
-+ if(multiKeyMode) {
-+ int r = 0, t;
-+ while(r < multiKeyMode) {
-+ t = strlen(multiKeyPass[r]);
-+ (*hashFunc)((unsigned char *)multiKeyPass[r], t, &multiKeyBits[r][0], 32);
-+ memset(multiKeyPass[r], 0, t);
-+ /*
-+ * MultiKeyMode uses md5 IV. One key mode uses sector IV. Sector IV
-+ * and md5 IV v2 and v3 are all computed differently. This first key
-+ * byte XOR with 0x55/0xF4 is needed to cause complete decrypt failure
-+ * in cases where data is encrypted with one type of IV and decrypted
-+ * with another type IV. If identical key was used but only IV was
-+ * computed differently, only first plaintext block of 512 byte CBC
-+ * chain would decrypt incorrectly and rest would decrypt correctly.
-+ * Partially correct decryption is dangerous. Decrypting all blocks
-+ * incorrectly is safer because file system mount will simply fail.
-+ */
-+ if(multiKeyMode == 65) {
-+ multiKeyBits[r][0] ^= 0xF4; /* version 3 */
-+ } else {
-+ multiKeyBits[r][0] ^= 0x55; /* version 2 */
-+ }
-+ r++;
-+ }
-+ } else if(passIterThousands) {
-+ aes_context ctx;
-+ unsigned long iter = 0;
-+ unsigned char tempkey[32];
-+ /*
-+ * Set up AES-256 encryption key using same password and hash function
-+ * as before but with password bit 0 flipped before hashing. That key
-+ * is then used to encrypt actual loop key 'itercountk' thousand times.
-+ */
-+ pass[0] ^= 1;
-+ (*hashFunc)((unsigned char *)pass, i, &tempkey[0], 32);
-+ __loDev_aes_set_key(&ctx, &tempkey[0], 32, 0);
-+ sscanf(passIterThousands, "%lu", &iter);
-+ iter *= 1000;
-+ while(iter > 0) {
-+ /* encrypt both 128bit blocks with AES-256 */
-+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[ 0], &loopinfo.lo_encrypt_key[ 0]);
-+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[16], &loopinfo.lo_encrypt_key[16]);
-+ /* exchange upper half of first block with lower half of second block */
-+ memcpy(&tempkey[0], &loopinfo.lo_encrypt_key[8], 8);
-+ memcpy(&loopinfo.lo_encrypt_key[8], &loopinfo.lo_encrypt_key[16], 8);
-+ memcpy(&loopinfo.lo_encrypt_key[16], &tempkey[0], 8);
-+ iter--;
-+ }
-+ memset(&ctx, 0, sizeof(ctx));
-+ memset(&tempkey[0], 0, sizeof(tempkey));
-+ }
-+ memset(pass, 0, i); /* erase original password */
-+ break;
-+ default:
-+ fprintf (stderr, _("Error: don't know how to get key for encryption system %d\n"), loopinfo.lo_encrypt_type);
-+ goto loop_clr_fd_out;
-+ }
-+
-+ if(loInitValue) {
-+ /* cipher modules are free to do whatever they want with this value */
-+ i = 0;
-+ sscanf(loInitValue, "%d", &i);
-+ loopinfo.lo_init[0] = i;
-+ }
-+
-+ /* type 18 == LO_CRYPT_CRYPTOAPI */
-+ if ((loopinfo.lo_encrypt_type == 18) || (loop_set_status64_ioctl(fd, &loopinfo) < 0)) {
-+ /* direct cipher interface failed - try CryptoAPI interface now */
-+ if(!apiName || (try_cryptoapi_loop_interface(fd, &loopinfo, apiName) < 0)) {
-+ fprintf(stderr, _("ioctl: LOOP_SET_STATUS: %s, requested cipher or key length (%d bits) not supported by kernel\n"), strerror(errno), loopinfo.lo_encrypt_key_size << 3);
-+ loop_clr_fd_out:
-+ (void) ioctl (fd, LOOP_CLR_FD, 0);
-+ goto keyclean_close_fd_ffd_return1;
-+ }
-+ }
-+ if(multiKeyMode >= 65) {
-+ if(ioctl(fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) {
-+ if(multiKeyMode == 1000) goto try_v2_setup;
-+ perror("ioctl: LOOP_MULTI_KEY_SETUP_V3");
-+ goto loop_clr_fd_out;
-+ }
-+ } else if(multiKeyMode == 64) {
-+ try_v2_setup:
-+ if((ioctl(fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]) < 0) && (multiKeyMode != 1000)) {
-+ perror("ioctl: LOOP_MULTI_KEY_SETUP");
-+ goto loop_clr_fd_out;
-+ }
-+ }
-+
-+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key));
-+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
-+ close (fd);
-+ close (ffd);
-+
-+ if (verbose > 1)
-+ printf(_("set_loop(%s,%s): success\n"), device, file);
-+ return 0;
-+}
-+
-+#include <getopt.h>
-+#include <stdarg.h>
-+
-+static char *progname;
-+
-+static void
-+usage(void) {
-+ fprintf(stderr, _("usage:\n\
-+ %s [options] loop_device file # setup\n\
-+ %s -F [options] loop_device [file] # setup, read /etc/fstab\n\
-+ %s loop_device # give info\n\
-+ %s -a # give info of all loops\n\
-+ %s -f # show next free loop device\n\
-+ %s -d loop_device # delete\n\
-+ %s -R loop_device # resize\n\
-+options: -e encryption -o offset -s sizelimit -p passwdfd -T -S pseed\n\
-+ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n\
-+ -P cleartextkey\n"),
-+ progname, progname, progname, progname, progname, progname, progname);
-+ exit(1);
-+}
-+
-+static void
-+show_all_loops(void)
-+{
-+ char dev[20];
-+ char *lfmt[] = { "/dev/loop%d", "/dev/loop/%d" };
-+ int i, j, fd, x;
-+ struct stat statbuf;
-+
-+ for(i = 0; i < 256; i++) {
-+ for(j = (sizeof(lfmt) / sizeof(lfmt[0])) - 1; j >= 0; j--) {
-+ sprintf(dev, lfmt[j], i);
-+ if(stat(dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) {
-+ fd = open(dev, O_RDONLY);
-+ if(fd >= 0) {
-+ x = is_unused_loop_device(fd);
-+ close(fd);
-+ if(x == 0) {
-+ show_loop(dev);
-+ j = 0;
-+ }
-+ }
-+ }
-+ }
-+ }
-+}
-+
-+static int
-+read_options_from_fstab(char *loopToFind, char **partitionPtr)
-+{
-+ FILE *f;
-+ struct mntent *m;
-+ int y, foundMatch = 0;
-+ char *opt, *fr1, *fr2;
-+ struct options {
-+ char *name; /* name of /etc/fstab option */
-+ char **dest; /* destination where it is written to */
-+ char *line; /* temp */
-+ };
-+ struct options tbl[] = {
-+ { "device/file name ", partitionPtr }, /* must be index 0 */
-+ { "loop=", &loopToFind }, /* must be index 1 */
-+ { "offset=", &loopOffsetBytes },
-+ { "sizelimit=", &loopSizeBytes },
-+ { "encryption=", &loopEncryptionType },
-+ { "pseed=", &passSeedString },
-+ { "phash=", &passHashFuncName },
-+ { "loinit=", &loInitValue },
-+ { "gpgkey=", &gpgKeyFile },
-+ { "gpghome=", &gpgHomeDir },
-+ { "cleartextkey=", &clearTextKeyFile },
-+ { "itercountk=", &passIterThousands },
-+ };
-+ struct options *p;
-+
-+ if (!(f = setmntent("/etc/fstab", "r"))) {
-+ fprintf(stderr, _("Error: unable to open /etc/fstab for reading\n"));
-+ return 0;
-+ }
-+ while ((m = getmntent(f)) != NULL) {
-+ tbl[0].line = fr1 = xstrdup(m->mnt_fsname);
-+ p = &tbl[1];
-+ do {
-+ p->line = NULL;
-+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]);
-+ opt = fr2 = xstrdup(m->mnt_opts);
-+ for (opt = strtok(opt, ","); opt != NULL; opt = strtok(NULL, ",")) {
-+ p = &tbl[1];
-+ do {
-+ y = strlen(p->name);
-+ if (!strncmp(opt, p->name, y))
-+ p->line = opt + y;
-+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]);
-+ }
-+ if (tbl[1].line && !strcmp(loopToFind, tbl[1].line)) {
-+ if (++foundMatch > 1) {
-+ fprintf(stderr, _("Error: multiple loop=%s options found in /etc/fstab\n"), loopToFind);
-+ endmntent(f);
-+ return 0;
-+ }
-+ p = &tbl[0];
-+ do {
-+ if (!*p->dest && p->line) {
-+ *p->dest = p->line;
-+ if (verbose)
-+ printf(_("using %s%s from /etc/fstab\n"), p->name, p->line);
-+ }
-+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]);
-+ fr1 = fr2 = NULL;
-+ }
-+ if(fr1) free(fr1);
-+ if(fr2) free(fr2);
-+ }
-+ endmntent(f);
-+ if (foundMatch == 0) {
-+ fprintf(stderr, _("Error: loop=%s option not found in /etc/fstab\n"), loopToFind);
-+ }
-+ return foundMatch;
-+}
-+
-+static int
-+recompute_loop_dev_size(char *device)
-+{
-+ int fd, err1 = 0, err2, err3;
-+ long long oldBytes = -1, newBytes = -1;
-+
-+ fd = open(device, O_RDONLY);
-+ if(fd < 0) {
-+ perror(device);
-+ return 1;
-+ }
-+ if(verbose) {
-+ err1 = ioctl(fd, BLKGETSIZE64, &oldBytes);
-+ }
-+ err2 = ioctl(fd, LOOP_RECOMPUTE_DEV_SIZE, 0);
-+ if(err2) {
-+ perror(device);
-+ goto done1;
-+ }
-+ if(verbose) {
-+ err3 = ioctl(fd, BLKGETSIZE64, &newBytes);
-+ if(!err1 && (oldBytes >= 0)) {
-+ printf("%s: old size %lld bytes\n", device, oldBytes);
-+ }
-+ if(!err3 && (newBytes >= 0)) {
-+ printf("%s: new size %lld bytes\n", device, newBytes);
-+ }
-+ }
-+done1:
-+ close(fd);
-+ return err2;
-+}
-+
-+static int
-+del_loop (const char *device) {
-+ int fd;
-+
-+ sync();
-+ if ((fd = open (device, O_RDONLY)) < 0) {
-+ int errsv = errno;
-+ fprintf(stderr, _("loop: can't delete device %s: %s\n"),
-+ device, strerror (errsv));
-+ return 1;
-+ }
-+ if (ioctl (fd, LOOP_CLR_FD, 0) < 0) {
-+ perror ("ioctl: LOOP_CLR_FD");
-+ return 1;
-+ }
-+ close (fd);
-+ if (verbose > 1)
-+ printf(_("del_loop(%s): success\n"), device);
-+ return 0;
-+}
-+
-+int
-+main(int argc, char **argv) {
-+ char *partitionName = NULL;
-+ char *device = NULL;
-+ int delete,find,c,option_a=0,option_F=0,option_R=0,setup_o=0;
-+ int res = 0;
-+ int ro = 0;
-+
-+ setlocale(LC_ALL, "");
-+ bindtextdomain(PACKAGE, LOCALEDIR);
-+ textdomain(PACKAGE);
-+
-+ delete = find = 0;
-+ progname = argv[0];
-+ while ((c = getopt(argc,argv,"aC:de:fFG:H:I:K:o:p:P:rRs:S:Tv")) != -1) {
-+ switch (c) {
-+ case 'a': /* show status of all loops */
-+ option_a = 1;
-+ break;
-+ case 'C':
-+ passIterThousands = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'd':
-+ delete = 1;
-+ break;
-+ case 'e':
-+ loopEncryptionType = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'f': /* find free loop */
-+ find = 1;
-+ break;
-+ case 'F': /* read loop related options from /etc/fstab */
-+ option_F = 1;
-+ setup_o = 1;
-+ break;
-+ case 'G': /* GnuPG home dir */
-+ gpgHomeDir = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'H': /* passphrase hash function name */
-+ passHashFuncName = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'I': /* lo_init[0] value (in string form) */
-+ loInitValue = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'K': /* GnuPG key file name */
-+ gpgKeyFile = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'o':
-+ loopOffsetBytes = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'p': /* read passphrase from given fd */
-+ passFDnumber = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'P': /* read passphrase from given file */
-+ clearTextKeyFile = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'r': /* read-only */
-+ ro = 1;
-+ setup_o = 1;
-+ break;
-+ case 'R': /* recompute loop dev size */
-+ option_R = 1;
-+ break;
-+ case 's':
-+ loopSizeBytes = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'S': /* optional seed for passphrase */
-+ passSeedString = optarg;
-+ setup_o = 1;
-+ break;
-+ case 'T': /* ask passphrase _twice_ */
-+ passAskTwice = "T";
-+ setup_o = 1;
-+ break;
-+ case 'v':
-+ verbose++;
-+ break;
-+ default:
-+ usage();
-+ }
-+ }
-+ if (option_a + delete + option_R + setup_o + find > 1) usage();
-+ if (option_a) {
-+ /* show all loops */
-+ if (argc != optind) usage();
-+ show_all_loops();
-+ res = 0;
-+ } else if (find) {
-+ if (argc != optind)
-+ usage();
-+ device = find_unused_loop_device();
-+ if (device == NULL)
-+ return -1;
-+ if (verbose)
-+ printf("Loop device is %s\n", device);
-+ printf("%s\n", device);
-+ res = 0;
-+ } else if (delete) {
-+ /* delete loop */
-+ if (argc != optind+1) usage();
-+ res = del_loop(argv[optind]);
-+ } else if (option_R) {
-+ /* resize existing loop */
-+ if (argc != optind+1) usage();
-+ res = recompute_loop_dev_size(argv[optind]);
-+ } else if ((argc == optind+1) && !setup_o) {
-+ /* show one loop */
-+ res = show_loop(argv[optind]);
-+ } else {
-+ /* set up new loop */
-+ if ((argc < optind+1) || ((argc == optind+1) && !option_F) || (argc > optind+2))
-+ usage();
-+ if (argc > optind+1)
-+ partitionName = argv[optind+1];
-+ if (option_F && (read_options_from_fstab(argv[optind], &partitionName) != 1))
-+ exit(1);
-+ res = set_loop(argv[optind],partitionName,&ro, 1);
-+ }
-+ return res;
-+}
-diff -urN util-linux-2.34/sys-utils/mount.8 util-linux-2.34-AES/sys-utils/mount.8
---- util-linux-2.34/sys-utils/mount.8 2019-05-15 14:49:04.536813022 +0300
-+++ util-linux-2.34-AES/sys-utils/mount.8 2019-07-11 09:31:03.215081140 +0300
-@@ -729,6 +729,11 @@
- sections.
- .RE
-
-+.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
-+In case of a loop mount with encryption, read the passphrase from
-+file descriptor
-+.I num
-+instead of from the terminal.
- .TP
- .BR "\-\-options\-mode " \fImode
- Controls how to combine options from fstab/mtab with options from command line.
-@@ -2387,13 +2392,19 @@
- .B "mount \-t ext4 /tmp/disk.img /mnt"
- .sp
- .RE
--This type of mount knows about three options, namely
--.BR loop ", " offset " and " sizelimit ,
-+This type of mount knows about 11 options, namely
-+.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome ", " cleartextkey " and " itercountk
- that are really options to
- .BR \%losetup (8).
- (These options can be used in addition to those specific
- to the filesystem type.)
-
-+If the mount requires a passphrase, you will be prompted for one unless you
-+specify a file descriptor to read from instead with the
-+.BR \-p
-+command line option, or specify a file name with
-+.BR cleartextkey
-+mount option.
- Since Linux 2.6.25 auto-destruction of loop devices is supported,
- meaning that any loop device allocated by
- .B mount
-diff -urN util-linux-2.34/sys-utils/mount.c util-linux-2.34-AES/sys-utils/mount.c
---- util-linux-2.34/sys-utils/mount.c 2019-04-24 12:02:03.124448789 +0300
-+++ util-linux-2.34-AES/sys-utils/mount.c 2019-07-11 09:31:03.215081140 +0300
-@@ -36,6 +36,7 @@
- #include "c.h"
- #include "env.h"
- #include "strutils.h"
-+#include "xgetpass.h"
- #include "closestream.h"
- #include "canonicalize.h"
-
-@@ -52,6 +53,7 @@
- * --options-source-force MNT_OMODE_FORCE
- */
-
-+static int passfd = -1;
- static int mk_exit_code(struct libmnt_context *cxt, int rc);
-
- static void __attribute__((__noreturn__)) exit_non_root(const char *option)
-@@ -102,6 +104,32 @@
- return 1;
- }
-
-+static char *encrypt_pass_get(struct libmnt_context *cxt)
-+{
-+ if (!cxt)
-+ return 0;
-+
-+#ifdef MCL_FUTURE
-+ if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
-+ warn(_("couldn't lock into memory"));
-+ return NULL;
-+ }
-+#endif
-+ return xgetpass(passfd, _("Password: "));
-+}
-+
-+static void encrypt_pass_release(struct libmnt_context *cxt
-+ __attribute__((__unused__)), char *pwd)
-+{
-+ char *p = pwd;
-+
-+ while (p && *p)
-+ *p++ = '\0';
-+
-+ free(pwd);
-+ munlockall();
-+}
-+
- /*
- * Replace control chars with '?' to be compatible with coreutils. For more
- * robust solution use findmnt(1) where we use \x?? hex encoding.
-@@ -473,6 +501,7 @@
- fprintf(out, _(
- " -o, --options <list> comma-separated list of mount options\n"
- " -O, --test-opts <list> limit the set of filesystems (use with -a)\n"
-+ " -p, --pass-fd <num> read the passphrase from file descriptor\n"
- " -r, --read-only mount the filesystem read-only (same as -o ro)\n"
- " -t, --types <list> limit the set of filesystem types\n"));
- fprintf(out, _(
-@@ -666,7 +695,7 @@
-
- mnt_context_set_tables_errcb(cxt, table_parser_errcb);
-
-- while ((c = getopt_long(argc, argv, "aBcfFhilL:Mno:O:rRsU:vVwt:T:N:",
-+ while ((c = getopt_long(argc, argv, "aBcfFhilL:Mno:O:p:rRsU:vVwt:T:N:",
- longopts, NULL)) != -1) {
-
- /* only few options are allowed for non-root users */
-@@ -715,6 +744,10 @@
- if (mnt_context_set_options_pattern(cxt, optarg))
- err(MNT_EX_SYSERR, _("failed to set options pattern"));
- break;
-+ case 'p':
-+ passfd = strtou32_or_err(optarg,
-+ _("invalid passphrase file descriptor"));
-+ break;
- case 'L':
- xasprintf(&srcbuf, "LABEL=\"%s\"", optarg);
- mnt_context_disable_swapmatch(cxt, 1);
-@@ -884,6 +917,8 @@
- else if (types)
- mnt_context_set_fstype(cxt, types);
-
-+ mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
-+
- if (all) {
- /*
- * A) Mount all
-diff -urN util-linux-2.34/sys-utils/swapoff.c util-linux-2.34-AES/sys-utils/swapoff.c
---- util-linux-2.34/sys-utils/swapoff.c 2019-04-24 12:02:03.126448778 +0300
-+++ util-linux-2.34-AES/sys-utils/swapoff.c 2019-07-11 09:31:03.215081140 +0300
-@@ -1,4 +1,9 @@
- #include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <sys/ioctl.h>
- #include <errno.h>
- #include <getopt.h>
-
-@@ -7,6 +12,7 @@
- #endif
-
- #include "nls.h"
-+#include "loop.h"
- #include "c.h"
- #include "xalloc.h"
- #include "closestream.h"
-@@ -143,6 +149,45 @@
- exit(EXIT_SUCCESS);
- }
-
-+static void
-+shutdown_encrypted_swap(char *loop)
-+{
-+ int fd;
-+ struct stat statbuf;
-+ struct loop_info64 loopinfo;
-+ unsigned char b[32];
-+ FILE *f;
-+ size_t ignoreThis = 0;
-+
-+ if(stat(loop, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) {
-+ if((fd = open(loop, O_RDWR)) >= 0) {
-+ if(!loop_get_status64_ioctl(fd, &loopinfo)) {
-+ /*
-+ * Read 32 bytes of random data from kernel's random
-+ * number generator and write that to loop device.
-+ * This preserves some of kernel's random entropy
-+ * to next activation of encrypted swap on this
-+ * partition.
-+ */
-+ if((f = fopen("/dev/urandom", "r")) != NULL) {
-+ ignoreThis += fread(&b[0], 32, 1, f);
-+ fclose(f);
-+ ignoreThis += write(fd, &b[0], 32);
-+ fsync(fd);
-+ }
-+ }
-+ close(fd);
-+ }
-+ sync();
-+ if((fd = open(loop, O_RDONLY)) >= 0) {
-+ if(!loop_get_status64_ioctl(fd, &loopinfo)) {
-+ ioctl(fd, LOOP_CLR_FD, 0);
-+ }
-+ close(fd);
-+ }
-+ }
-+}
-+
- static int swapoff_all(void)
- {
- int status = 0;
-@@ -173,8 +218,30 @@
- mnt_reset_iter(itr, MNT_ITER_FORWARD);
-
- while (tb && mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) {
-- if (!is_active_swap(mnt_fs_get_source(fs)))
-- do_swapoff(mnt_fs_get_source(fs), QUIET, !CANONIC);
-+ char *special;
-+ char *loop = NULL, *encryption = NULL;
-+ char *val = NULL;
-+ size_t len = 0;
-+
-+ special = (char *) mnt_fs_get_source(fs);
-+ if(!special) continue;
-+ if(mnt_fs_get_option(fs, "loop", &val, &len) == 0 && val && len)
-+ loop = strndup(val, len);
-+ if(mnt_fs_get_option(fs, "encryption", &val, &len) == 0 && val && len)
-+ encryption = strndup(val, len);
-+ if (loop && encryption) {
-+ if (!is_active_swap(loop)) { /* do this only if it was not in /proc/swaps */
-+ do_swapoff(loop, QUIET, !CANONIC);
-+ }
-+ shutdown_encrypted_swap(loop);
-+ goto do_free;
-+ }
-+ if (!is_active_swap(special)) { /* do this only if it was not in /proc/swaps */
-+ do_swapoff(special, QUIET, !CANONIC);
-+ }
-+ do_free:
-+ if(loop) free(loop);
-+ if(encryption) free(encryption);
- }
-
- mnt_free_iter(itr);
-diff -urN util-linux-2.34/sys-utils/swapon.8 util-linux-2.34-AES/sys-utils/swapon.8
---- util-linux-2.34/sys-utils/swapon.8 2019-04-10 14:28:20.660836586 +0300
-+++ util-linux-2.34-AES/sys-utils/swapon.8 2019-07-11 09:31:03.215081140 +0300
-@@ -69,6 +69,22 @@
- .I /proc/swaps
- or
- .IR /etc/fstab ).
-+.PP
-+If
-+.I loop=/dev/loop?
-+and
-+.I encryption=AES128
-+options are present in
-+.I /etc/fstab
-+then
-+.BR "swapon -a"
-+will set up loop devices using random keys, run
-+.BR "mkswap"
-+on them, and enable encrypted swap on specified loop devices. Encrypted loop
-+devices are set up with page size offset so that unencrypted swap signatures
-+on first page of swap devices are not touched.
-+.BR "swapoff -a"
-+will tear down such loop devices.
-
- .SH OPTIONS
- .TP
-diff -urN util-linux-2.34/sys-utils/swapon.c util-linux-2.34-AES/sys-utils/swapon.c
---- util-linux-2.34/sys-utils/swapon.c 2019-04-24 12:02:03.127448771 +0300
-+++ util-linux-2.34-AES/sys-utils/swapon.c 2019-07-11 09:31:03.215081140 +0300
-@@ -8,6 +8,8 @@
- #include <unistd.h>
- #include <sys/types.h>
- #include <sys/wait.h>
-+#include <sys/time.h>
-+#include <sys/ioctl.h>
- #include <fcntl.h>
- #include <stdint.h>
- #include <ctype.h>
-@@ -16,6 +18,8 @@
-
- #include "c.h"
- #include "nls.h"
-+#include "loop.h"
-+#include "../libmount/src/sha512.h"
- #include "bitops.h"
- #include "blkdev.h"
- #include "pathnames.h"
-@@ -722,6 +726,227 @@
- }
-
-
-+static int
-+prepare_encrypted_swap(char *partition, char *loop, char *encryption)
-+{
-+ int x, y, fd, ffd;
-+ int page_size;
-+ sha512_context s;
-+ unsigned char b[4096], multiKeyBits[65][32];
-+ char *a[10], *apiName;
-+ struct loop_info64 loopinfo;
-+ FILE *f;
-+ size_t ignoreThis = 0;
-+
-+ /*
-+ * Some sanity checks
-+ */
-+ if(strlen(partition) < 1) {
-+ fprintf(stderr, _("swapon: invalid swap device name\n"));
-+ return 0;
-+ }
-+ if(strlen(loop) < 1) {
-+ fprintf(stderr, _("swapon: invalid loop device name\n"));
-+ return 0;
-+ }
-+ if(strlen(encryption) < 1) {
-+ fprintf(stderr, _("swapon: invalid encryption type\n"));
-+ return 0;
-+ }
-+
-+ /*
-+ * Abort if loop device does not exist or is already in use
-+ */
-+ sync();
-+ if((fd = open(loop, O_RDWR)) == -1) {
-+ fprintf(stderr, _("swapon: unable to open loop device %s\n"), loop);
-+ return 0;
-+ }
-+ if(is_unused_loop_device(fd) == 0) {
-+ fprintf(stderr, _("swapon: loop device %s already in use\n"), loop);
-+ goto errout0;
-+ }
-+
-+ /*
-+ * Compute SHA-512 over first 40 KB of old swap data. This data
-+ * is mostly unknown data encrypted using unknown key. SHA-512 hash
-+ * output is then used as entropy for new swap encryption key.
-+ */
-+ if(!(f = fopen(partition, "r+"))) {
-+ fprintf(stderr, _("swapon: unable to open swap device %s\n"), partition);
-+ goto errout0;
-+ }
-+ page_size = getpagesize();
-+ fseek(f, (long)page_size, SEEK_SET);
-+ __loDev_sha512_init(&s);
-+ for(x = 0; x < 10; x++) {
-+ if(fread(&b[0], sizeof(b), 1, f) != 1) break;
-+ __loDev_sha512_write(&s, &b[0], sizeof(b));
-+ }
-+ __loDev_sha512_final(&s);
-+
-+ /*
-+ * Overwrite 40 KB of old swap data 20 times so that recovering
-+ * SHA-512 output beyond this point is difficult and expensive.
-+ */
-+ for(y = 0; y < 20; y++) {
-+ int z;
-+ struct {
-+ struct timeval tv;
-+ unsigned char h[64];
-+ int x,y,z;
-+ } j;
-+ if(fseek(f, (long)page_size, SEEK_SET)) break;
-+ memcpy(&j.h[0], &s.sha_out[0], 64);
-+ gettimeofday(&j.tv, NULL);
-+ j.y = y;
-+ for(x = 0; x < 10; x++) {
-+ j.x = x;
-+ for(z = 0; z < (int) sizeof(b); z += 64) {
-+ j.z = z;
-+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64);
-+ }
-+ if(fwrite(&b[0], sizeof(b), 1, f) != 1) break;
-+ }
-+ memset(&j, 0, sizeof(j));
-+ if(fflush(f)) break;
-+ if(fsync(fileno(f))) break;
-+ }
-+ fclose(f);
-+
-+ /*
-+ * Use all 512 bits of hash output
-+ */
-+ memcpy(&b[0], &s.sha_out[0], 64);
-+ memset(&s, 0, sizeof(s));
-+
-+ /*
-+ * Read 32 bytes of random entropy from kernel's random
-+ * number generator. This code may be executed early on startup
-+ * scripts and amount of random entropy may be non-existent.
-+ * SHA-512 of old swap data is used as workaround for missing
-+ * entropy in kernel's random number generator.
-+ */
-+ if(!(f = fopen("/dev/urandom", "r"))) {
-+ fprintf(stderr, _("swapon: unable to open /dev/urandom\n"));
-+ goto errout0;
-+ }
-+ ignoreThis += fread(&b[64], 32, 1, f);
-+
-+ /*
-+ * Set up struct loop_info64
-+ */
-+ if((ffd = open(partition, O_RDWR)) < 0) {
-+ fprintf(stderr, _("swapon: unable to open swap device %s\n"), partition);
-+ goto errout1;
-+ }
-+ memset(&loopinfo, 0, sizeof(loopinfo));
-+ strncpy((char *)loopinfo.lo_file_name, partition, LO_NAME_SIZE - 1);
-+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0;
-+ loopinfo.lo_encrypt_type = loop_crypt_type(encryption, &loopinfo.lo_encrypt_key_size, &apiName);
-+ if(loopinfo.lo_encrypt_type <= 1) {
-+ fprintf(stderr, _("swapon: unsupported swap encryption type %s\n"), encryption);
-+errout2:
-+ close(ffd);
-+errout1:
-+ fclose(f);
-+errout0:
-+ close(fd);
-+ memset(&loopinfo.lo_encrypt_key[0], 0, sizeof(loopinfo.lo_encrypt_key));
-+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
-+ return 0;
-+ }
-+ loopinfo.lo_offset = page_size;
-+ /* single-key hash */
-+ __loDev_sha512_hash_buffer(&b[0], 64+32, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key));
-+ /* multi-key hash */
-+ x = 0;
-+ while(x < 65) {
-+ ignoreThis += fread(&b[64+32], 16, 1, f);
-+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, &multiKeyBits[x][0], 32);
-+ x++;
-+ }
-+
-+ /*
-+ * Try to set up single-key loop
-+ */
-+ if(ioctl(fd, LOOP_SET_FD, ffd) < 0) {
-+ fprintf(stderr, _("swapon: LOOP_SET_FD failed\n"));
-+ goto errout2;
-+ }
-+ if ((loopinfo.lo_encrypt_type == 18) || (loop_set_status64_ioctl(fd, &loopinfo) < 0)) {
-+ if(try_cryptoapi_loop_interface(fd, &loopinfo, apiName) < 0) {
-+ fprintf(stderr, _("swapon: LOOP_SET_STATUS failed\n"));
-+ ioctl(fd, LOOP_CLR_FD, 0);
-+ goto errout2;
-+ }
-+ }
-+
-+ /*
-+ * Try to put loop to multi-key v3 or v2 mode.
-+ * If this fails, then let it operate in single-key mode.
-+ */
-+ if(ioctl(fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) {
-+ ioctl(fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]);
-+ }
-+
-+ /*
-+ * Loop is now set up. Clean up the keys.
-+ */
-+ memset(&loopinfo.lo_encrypt_key[0], 0, sizeof(loopinfo.lo_encrypt_key));
-+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits));
-+ close(ffd);
-+ fclose(f);
-+ close(fd);
-+
-+ /*
-+ * Write 40 KB of zeroes to loop device. That same data is written
-+ * to underlying partition in encrypted form. This is done to guarantee
-+ * that next time encrypted swap is initialized, the SHA-512 hash will
-+ * be different. And, if encrypted swap data writes over this data, that's
-+ * even better.
-+ */
-+ if(!(f = fopen(loop, "r+"))) {
-+ fprintf(stderr, _("swapon: unable to open loop device %s\n"), loop);
-+ return 0;
-+ }
-+ memset(&b[0], 0, sizeof(b));
-+ for(x = 0; x < 10; x++) {
-+ if(fwrite(&b[0], sizeof(b), 1, f) != 1) break;
-+ }
-+ fflush(f);
-+ fsync(fileno(f));
-+ fclose(f);
-+ sync();
-+
-+ /*
-+ * Run mkswap on loop device so that kernel understands it as swap.
-+ * Redirect stderr to /dev/null and ignore exit value.
-+ */
-+ if(!(x = fork())) {
-+ if((x = open("/dev/null", O_WRONLY)) >= 0) {
-+ dup2(x, 2);
-+ close(x);
-+ }
-+ a[0] = "mkswap";
-+ a[1] = loop;
-+ a[2] = 0;
-+ execvp(a[0], &a[0]);
-+ execv("/sbin/mkswap", &a[0]);
-+ /* error to stdout, stderr is directed to /dev/null */
-+ printf(_("swapon: unable to execute mkswap\n"));
-+ exit(1);
-+ }
-+ if(x == -1) {
-+ fprintf(stderr, _("swapon: fork failed\n"));
-+ return 0;
-+ }
-+ waitpid(x, &y, 0);
-+ sync();
-+
-+ return 1;
-+}
-+
- static int swapon_all(struct swapon_ctl *ctl)
- {
- struct libmnt_table *tb = get_fstab();
-@@ -739,6 +964,9 @@
- while (mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) {
- /* defaults */
- const char *opts;
-+ char *loop = NULL, *encryption = NULL;
-+ char *val = NULL;
-+ size_t len = 0;
- const char *device;
- struct swap_prop prop; /* per device setting */
-
-@@ -747,6 +975,10 @@
- warnx(_("%s: noauto option -- ignored"), mnt_fs_get_source(fs));
- continue;
- }
-+ if(mnt_fs_get_option(fs, "loop", &val, &len) == 0 && val && len)
-+ loop = strndup(val, len);
-+ if(mnt_fs_get_option(fs, "encryption", &val, &len) == 0 && val && len)
-+ encryption = strndup(val, len);
-
- /* default setting */
- prop = ctl->props;
-@@ -761,23 +993,38 @@
- if (!device) {
- if (!prop.no_fail)
- status |= cannot_find(mnt_fs_get_source(fs));
-- continue;
-+ goto do_free;
-+ }
-+
-+ if (loop && encryption) {
-+ if (!is_active_swap(loop) && (!prop.no_fail || !access(device, R_OK))) {
-+ if(!prepare_encrypted_swap((char*)device, loop, encryption)) {
-+ status |= -1;
-+ goto do_free;
-+ }
-+ status |= do_swapon(ctl, &prop, loop, TRUE);
-+ }
-+ goto do_free;
- }
-
- if (is_active_swap(device)) {
- if (ctl->verbose)
- warnx(_("%s: already active -- ignored"), device);
-- continue;
-+ goto do_free;
- }
-
- if (prop.no_fail && access(device, R_OK) != 0) {
- if (ctl->verbose)
- warnx(_("%s: inaccessible -- ignored"), device);
-- continue;
-+ goto do_free;
- }
-
- /* swapon */
- status |= do_swapon(ctl, &prop, device, TRUE);
-+
-+ do_free:
-+ if(loop) free(loop);
-+ if(encryption) free(encryption);
- }
-
- mnt_free_iter(itr);