[arch-commits] Commit in cryptsetup/repos (6 files)

Christian Hesse eworm at archlinux.org
Thu Apr 30 13:02:04 UTC 2020


    Date: Thursday, April 30, 2020 @ 13:02:03
  Author: eworm
Revision: 381971

archrelease: copy trunk to testing-x86_64

Added:
  cryptsetup/repos/testing-x86_64/
  cryptsetup/repos/testing-x86_64/PKGBUILD
    (from rev 381970, cryptsetup/trunk/PKGBUILD)
  cryptsetup/repos/testing-x86_64/hooks-encrypt
    (from rev 381970, cryptsetup/trunk/hooks-encrypt)
  cryptsetup/repos/testing-x86_64/install-encrypt
    (from rev 381970, cryptsetup/trunk/install-encrypt)
  cryptsetup/repos/testing-x86_64/install-sd-encrypt
    (from rev 381970, cryptsetup/trunk/install-sd-encrypt)
  cryptsetup/repos/testing-x86_64/json-c-0.14.patch
    (from rev 381970, cryptsetup/trunk/json-c-0.14.patch)

--------------------+
 PKGBUILD           |   52 +++
 hooks-encrypt      |  144 ++++++++++
 install-encrypt    |   48 +++
 install-sd-encrypt |   49 +++
 json-c-0.14.patch  |  681 +++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 974 insertions(+)

Copied: cryptsetup/repos/testing-x86_64/PKGBUILD (from rev 381970, cryptsetup/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2020-04-30 13:02:03 UTC (rev 381971)
@@ -0,0 +1,52 @@
+# Maintainer:  Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Thomas Bächler <thomas at archlinux.org>
+
+pkgname=cryptsetup
+pkgver=2.3.1
+pkgrel=3
+pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt'
+arch=(x86_64)
+license=('GPL')
+url='https://gitlab.com/cryptsetup/cryptsetup/'
+depends=('device-mapper' 'openssl' 'popt' 'libutil-linux' 'json-c' 'argon2')
+makedepends=('util-linux')
+options=('!emptydirs')
+validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <gmazyland at gmail.com>
+source=("https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/${pkgname}-${pkgver}.tar."{xz,sign}
+        'hooks-encrypt'
+        'install-encrypt'
+        'install-sd-encrypt'
+        'json-c-0.14.patch')
+sha256sums=('92aba4d559a2cf7043faed92e0f22c5addea36bd63f8c039ba5a8f3a159fe7d2'
+            'SKIP'
+            '416aa179ce3c6a7a5eee0861f1f0a4fafac91b69e84a2aae82b6e5a6140e31e2'
+            'd325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57'
+            '31d816b3650a57512a5f9b52c1995fa65a161faa8b37975d07c9a1b8e1a119db'
+            'e166c55d0fd4361749d6c449d6d04837957661ab58ebd5ef9a735de61640cc3b')
+
+prepare() {
+  cd "${srcdir}"/$pkgname-${pkgver}
+  patch -Np1 -i ../json-c-0.14.patch
+}
+
+build() {
+  cd "${srcdir}"/$pkgname-${pkgver}
+
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --enable-libargon2 \
+    --disable-static
+  make
+}
+
+package() {
+  cd "${srcdir}"/$pkgname-${pkgver}
+
+  make DESTDIR="${pkgdir}" install
+
+  # install hook
+  install -D -m0644 "${srcdir}"/hooks-encrypt "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
+  install -D -m0644 "${srcdir}"/install-encrypt "${pkgdir}"/usr/lib/initcpio/install/encrypt
+  install -D -m0644 "${srcdir}"/install-sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt
+}

Copied: cryptsetup/repos/testing-x86_64/hooks-encrypt (from rev 381970, cryptsetup/trunk/hooks-encrypt)
===================================================================
--- testing-x86_64/hooks-encrypt	                        (rev 0)
+++ testing-x86_64/hooks-encrypt	2020-04-30 13:02:03 UTC (rev 381971)
@@ -0,0 +1,144 @@
+#!/usr/bin/ash
+
+run_hook() {
+    modprobe -a -q dm-crypt >/dev/null 2>&1
+    [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+    # Get keyfile if specified
+    ckeyfile="/crypto_keyfile.bin"
+    if [ -n "$cryptkey" ]; then
+        IFS=: read ckdev ckarg1 ckarg2 <<EOF
+$cryptkey
+EOF
+
+        if [ "$ckdev" = "rootfs" ]; then
+            ckeyfile=$ckarg1
+        elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+            case ${ckarg1} in
+                *[!0-9]*)
+                    # Use a file on the device
+                    # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+                    mkdir /ckey
+                    mount -r -t "$ckarg1" "$resolved" /ckey
+                    dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
+                    umount /ckey
+                    ;;
+                *)
+                    # Read raw data from the block device
+                    # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+                    dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+                    ;;
+            esac
+        fi
+        [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+    fi
+
+    if [ -n "${cryptdevice}" ]; then
+        DEPRECATED_CRYPT=0
+        IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+    else
+        DEPRECATED_CRYPT=1
+        cryptdev="${root}"
+        cryptname="root"
+    fi
+
+    # This may happen if third party hooks do the crypt setup
+    if [ -b "/dev/mapper/${cryptname}" ]; then
+        echo "Device ${cryptname} already exists, not doing any crypt setup."
+        return 0
+    fi
+
+    warn_deprecated() {
+        echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+        echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+    }
+
+    for cryptopt in ${cryptoptions//,/ }; do
+        case ${cryptopt} in
+            allow-discards)
+                cryptargs="${cryptargs} --allow-discards"
+                ;;
+            *)
+                echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+                ;;
+        esac
+    done
+
+    if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+        if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+            [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+            dopassphrase=1
+            # If keyfile exists, try to use that
+            if [ -f ${ckeyfile} ]; then
+                if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+                    dopassphrase=0
+                else
+                    echo "Invalid keyfile. Reverting to passphrase."
+                fi
+            fi
+            # Ask for a passphrase
+            if [ ${dopassphrase} -gt 0 ]; then
+                echo ""
+                echo "A password is required to access the ${cryptname} volume:"
+
+                #loop until we get a real password
+                while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+                    sleep 2;
+                done
+            fi
+            if [ -e "/dev/mapper/${cryptname}" ]; then
+                if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+                    export root="/dev/mapper/root"
+                fi
+            else
+                err "Password succeeded, but ${cryptname} creation failed, aborting..."
+                return 1
+            fi
+        elif [ -n "${crypto}" ]; then
+            [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+            msg "Non-LUKS encrypted device found..."
+            if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
+                err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+                err "Non-LUKS decryption not attempted..."
+                return 1
+            fi
+            exe="cryptsetup open --type plain $resolved $cryptname $cryptargs"
+            IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
+$crypto
+EOF
+            [ -n "$c_hash" ]    && exe="$exe --hash '$c_hash'"
+            [ -n "$c_cipher" ]  && exe="$exe --cipher '$c_cipher'"
+            [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
+            [ -n "$c_offset" ]  && exe="$exe --offset '$c_offset'"
+            [ -n "$c_skip" ]    && exe="$exe --skip '$c_skip'"
+            if [ -f "$ckeyfile" ]; then
+                exe="$exe --key-file $ckeyfile"
+            else
+                echo ""
+                echo "A password is required to access the ${cryptname} volume:"
+            fi
+            eval "$exe $CSQUIET"
+
+            if [ $? -ne 0 ]; then
+                err "Non-LUKS device decryption failed. verify format: "
+                err "      crypto=hash:cipher:keysize:offset:skip"
+                return 1
+            fi
+            if [ -e "/dev/mapper/${cryptname}" ]; then
+                if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+                    export root="/dev/mapper/root"
+                fi
+            else
+                err "Password succeeded, but ${cryptname} creation failed, aborting..."
+                return 1
+            fi
+        else
+            err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+        fi
+    fi
+    rm -f ${ckeyfile}
+}
+
+# vim: set ft=sh ts=4 sw=4 et:

Copied: cryptsetup/repos/testing-x86_64/install-encrypt (from rev 381970, cryptsetup/trunk/install-encrypt)
===================================================================
--- testing-x86_64/install-encrypt	                        (rev 0)
+++ testing-x86_64/install-encrypt	2020-04-30 13:02:03 UTC (rev 381971)
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+build() {
+    local mod
+
+    add_module "dm-crypt"
+    add_module "dm-integrity"
+    if [[ $CRYPTO_MODULES ]]; then
+        for mod in $CRYPTO_MODULES; do
+            add_module "$mod"
+        done
+    else
+        add_all_modules "/crypto/"
+    fi
+
+    add_binary "cryptsetup"
+    add_binary "dmsetup"
+    add_file "/usr/lib/udev/rules.d/10-dm.rules"
+    add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
+    add_binary "/usr/lib/libgcc_s.so.1"
+
+    add_runscript
+}
+
+help() {
+    cat <<HELPEOF
+This hook allows for an encrypted root device. Users should specify the device
+to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
+where 'device' is the path to the raw device, and 'dmname' is the name given to
+the device after unlocking, and will be available as /dev/mapper/dmname.
+
+For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
+the kernel cmdline, where 'device' represents the raw block device where the key
+exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
+the absolute path of the keyfile within the device.
+
+Without specifying a keyfile, you will be prompted for the password at runtime.
+This means you must have a keyboard available to input it, and you may need
+the keymap hook as well to ensure that the keyboard is using the layout you
+expect.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:

Copied: cryptsetup/repos/testing-x86_64/install-sd-encrypt (from rev 381970, cryptsetup/trunk/install-sd-encrypt)
===================================================================
--- testing-x86_64/install-sd-encrypt	                        (rev 0)
+++ testing-x86_64/install-sd-encrypt	2020-04-30 13:02:03 UTC (rev 381971)
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+build() {
+    local mod
+
+    add_module "dm-crypt"
+    add_module "dm-integrity"
+    if [[ $CRYPTO_MODULES ]]; then
+        for mod in $CRYPTO_MODULES; do
+            add_module "$mod"
+        done
+    else
+        add_all_modules "/crypto/"
+    fi
+
+    add_binary "dmsetup"
+    add_file "/usr/lib/udev/rules.d/10-dm.rules"
+    add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+    add_systemd_unit "cryptsetup.target"
+    add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator"
+    add_binary "/usr/lib/systemd/systemd-cryptsetup"
+
+    add_systemd_unit "systemd-ask-password-console.path"
+    add_systemd_unit "systemd-ask-password-console.service"
+
+    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
+    add_binary "/usr/lib/libgcc_s.so.1"
+
+    # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
+    add_binary "mkswap"
+
+    [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab"
+}
+
+help() {
+    cat <<HELPEOF
+This hook allows for an encrypted root device with systemd initramfs.
+
+See the manpage of systemd-cryptsetup-generator(8) for available kernel
+command line options. Alternatively, if the file /etc/crypttab.initramfs
+exists, it will be added to the initramfs as /etc/crypttab. See the
+crypttab(5) manpage for more information on crypttab syntax.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:

Copied: cryptsetup/repos/testing-x86_64/json-c-0.14.patch (from rev 381970, cryptsetup/trunk/json-c-0.14.patch)
===================================================================
--- testing-x86_64/json-c-0.14.patch	                        (rev 0)
+++ testing-x86_64/json-c-0.14.patch	2020-04-30 13:02:03 UTC (rev 381971)
@@ -0,0 +1,681 @@
+From 604abec333a0efb44fd8bc610aa0b1151dd0f612 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82 at fedoraproject.org>
+Date: Mon, 13 Apr 2020 11:48:17 +0200
+Subject: [PATCH] Add support for upcoming json-c 0.14.0.
+
+  * TRUE/FALSE are not defined anymore.  1 and 0 are used instead.
+  * json_object_get_uint64() and json_object_new_uint64() are part
+    of the upstream API now.
+---
+ lib/luks2/luks2_internal.h      |  4 +++-
+ lib/luks2/luks2_json_metadata.c | 38 +++++++++++++++++----------------
+ 2 files changed, 23 insertions(+), 19 deletions(-)
+
+diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
+index b9fec6b5..939101d6 100644
+--- a/lib/luks2/luks2_internal.h
++++ b/lib/luks2/luks2_internal.h
+@@ -58,9 +58,11 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
+ void hexprint_base64(struct crypt_device *cd, json_object *jobj,
+ 		     const char *sep, const char *line_sep);
+ 
++#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+ uint64_t json_object_get_uint64(json_object *jobj);
+-uint32_t json_object_get_uint32(json_object *jobj);
+ json_object *json_object_new_uint64(uint64_t value);
++#endif
++uint32_t json_object_get_uint32(json_object *jobj);
+ 
+ int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
+ void json_object_object_del_by_uint(json_object *jobj, unsigned key);
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 781280c2..712c2bbd 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -234,13 +234,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
+ 	tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
+ 	if (*endptr || errno) {
+ 		*value = 0;
+-		return FALSE;
++		return 0;
+ 	}
+ 
+ 	*value = tmp;
+-	return TRUE;
++	return 1;
+ }
+ 
++#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+ uint64_t json_object_get_uint64(json_object *jobj)
+ {
+ 	uint64_t r;
+@@ -262,6 +263,7 @@ json_object *json_object_new_uint64(uint64_t value)
+ 	jobj = json_object_new_string(num);
+ 	return jobj;
+ }
++#endif
+ 
+ /*
+  * Validate helpers
+@@ -273,9 +275,9 @@ static json_bool numbered(struct crypt_device *cd, const char *name, const char
+ 	for (i = 0; key[i]; i++)
+ 		if (!isdigit(key[i])) {
+ 			log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
+-			return FALSE;
++			return 0;
+ 		}
+-	return TRUE;
++	return 1;
+ }
+ 
+ json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
+@@ -300,7 +302,7 @@ json_bool validate_json_uint32(json_object *jobj)
+ 	errno = 0;
+ 	tmp = json_object_get_int64(jobj);
+ 
+-	return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
++	return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
+ }
+ 
+ static json_bool validate_keyslots_array(struct crypt_device *cd,
+@@ -313,17 +315,17 @@ static json_bool validate_keyslots_array(struct crypt_device *cd,
+ 		jobj = json_object_array_get_idx(jarr, i);
+ 		if (!json_object_is_type(jobj, json_type_string)) {
+ 			log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
+-			return FALSE;
++			return 0;
+ 		}
+ 
+ 		if (!json_contains(cd, jobj_keys, "", "Keyslots section",
+ 				   json_object_get_string(jobj), json_type_object))
+-			return FALSE;
++			return 0;
+ 
+ 		i++;
+ 	}
+ 
+-	return TRUE;
++	return 1;
+ }
+ 
+ static json_bool validate_segments_array(struct crypt_device *cd,
+@@ -336,17 +338,17 @@ static json_bool validate_segments_array(struct crypt_device *cd,
+ 		jobj = json_object_array_get_idx(jarr, i);
+ 		if (!json_object_is_type(jobj, json_type_string)) {
+ 			log_dbg(cd, "Illegal value type in segments array at index %d.", i);
+-			return FALSE;
++			return 0;
+ 		}
+ 
+ 		if (!json_contains(cd, jobj_segments, "", "Segments section",
+ 				   json_object_get_string(jobj), json_type_object))
+-			return FALSE;
++			return 0;
+ 
+ 		i++;
+ 	}
+ 
+-	return TRUE;
++	return 1;
+ }
+ 
+ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
+@@ -357,10 +359,10 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
+ 		UNUSED(key);
+ 		json_object_object_get_ex(val, "segments", &jobj_segments);
+ 		if (LUKS2_array_jobj(jobj_segments, segment_name))
+-			return TRUE;
++			return 1;
+ 	}
+ 
+-	return FALSE;
++	return 0;
+ }
+ 
+ static json_bool validate_intervals(struct crypt_device *cd,
+@@ -372,18 +374,18 @@ static json_bool validate_intervals(struct crypt_device *cd,
+ 	while (i < length) {
+ 		if (ix[i].offset < 2 * metadata_size) {
+ 			log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
+-			return FALSE;
++			return 0;
+ 		}
+ 
+ 		if (!ix[i].length) {
+ 			log_dbg(cd, "Area length must be greater than zero.");
+-			return FALSE;
++			return 0;
+ 		}
+ 
+ 		if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
+ 			log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
+ 				ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
+-			return FALSE;
++			return 0;
+ 		}
+ 
+ 		for (j = 0; j < length; j++) {
+@@ -393,14 +395,14 @@ static json_bool validate_intervals(struct crypt_device *cd,
+ 				log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
+ 					ix[i].offset, ix[i].offset + ix[i].length,
+ 					ix[j].offset, ix[j].offset + ix[j].length);
+-				return FALSE;
++				return 0;
+ 			}
+ 		}
+ 
+ 		i++;
+ 	}
+ 
+-	return TRUE;
++	return 1;
+ }
+ 
+ static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
+From e6a356974330e3ae21579a5737976e9a2aad1b51 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina at redhat.com>
+Date: Tue, 14 Apr 2020 17:24:54 +0200
+Subject: [PATCH] Avoid name clash with newer json-c library.
+
+This is partial revert of previous commit and also
+fixes wrong decision to name our internal helpers with
+json_object prefix.
+---
+ lib/luks2/luks2_internal.h      |  8 +++-----
+ lib/luks2/luks2_json_format.c   |  6 +++---
+ lib/luks2/luks2_json_metadata.c | 18 ++++++++----------
+ lib/luks2/luks2_keyslot.c       |  8 ++++----
+ lib/luks2/luks2_keyslot_luks2.c | 16 ++++++++--------
+ lib/luks2/luks2_keyslot_reenc.c | 20 ++++++++++----------
+ lib/luks2/luks2_luks1_convert.c | 22 +++++++++++-----------
+ lib/luks2/luks2_reencrypt.c     | 16 ++++++++--------
+ lib/luks2/luks2_segment.c       | 12 ++++++------
+ 9 files changed, 61 insertions(+), 65 deletions(-)
+
+diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
+index 939101d6..a5bcb1f2 100644
+--- a/lib/luks2/luks2_internal.h
++++ b/lib/luks2/luks2_internal.h
+@@ -58,11 +58,9 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
+ void hexprint_base64(struct crypt_device *cd, json_object *jobj,
+ 		     const char *sep, const char *line_sep);
+ 
+-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+-uint64_t json_object_get_uint64(json_object *jobj);
+-json_object *json_object_new_uint64(uint64_t value);
+-#endif
+-uint32_t json_object_get_uint32(json_object *jobj);
++uint64_t crypt_jobj_get_uint64(json_object *jobj);
++uint32_t crypt_jobj_get_uint32(json_object *jobj);
++json_object *crypt_jobj_new_uint64(uint64_t value);
+ 
+ int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
+ void json_object_object_del_by_uint(json_object *jobj, unsigned key);
+diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
+index 0fde2ffd..1416766e 100644
+--- a/lib/luks2/luks2_json_format.c
++++ b/lib/luks2/luks2_json_format.c
+@@ -325,8 +325,8 @@ int LUKS2_generate_hdr(
+ 
+ 	json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
+ 
+-	json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
+-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
++	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 
+ 	JSON_DBG(cd, hdr->jobj, "Header JSON:");
+ 	return 0;
+@@ -400,6 +400,6 @@ int LUKS2_set_keyslots_size(struct crypt_device *cd,
+ 	if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
+ 		return 1;
+ 
+-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 	return 0;
+ }
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 712c2bbd..68da9c2d 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -219,7 +219,7 @@ int LUKS2_get_default_segment(struct luks2_hdr *hdr)
+  * json_type_int needs to be validated first.
+  * See validate_json_uint32()
+  */
+-uint32_t json_object_get_uint32(json_object *jobj)
++uint32_t crypt_jobj_get_uint32(json_object *jobj)
+ {
+ 	return json_object_get_int64(jobj);
+ }
+@@ -241,15 +241,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
+ 	return 1;
+ }
+ 
+-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+-uint64_t json_object_get_uint64(json_object *jobj)
++uint64_t crypt_jobj_get_uint64(json_object *jobj)
+ {
+ 	uint64_t r;
+ 	json_str_to_uint64(jobj, &r);
+ 	return r;
+ }
+ 
+-json_object *json_object_new_uint64(uint64_t value)
++json_object *crypt_jobj_new_uint64(uint64_t value)
+ {
+ 	/* 18446744073709551615 */
+ 	char num[21];
+@@ -263,7 +262,6 @@ json_object *json_object_new_uint64(uint64_t value)
+ 	jobj = json_object_new_string(num);
+ 	return jobj;
+ }
+-#endif
+ 
+ /*
+  * Validate helpers
+@@ -457,7 +455,7 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
+ 
+ 	json = json_object_to_json_string_ext(hdr_jobj,
+ 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
+-	json_area_size = json_object_get_uint64(jobj1);
++	json_area_size = crypt_jobj_get_uint64(jobj1);
+ 	json_size = (uint64_t)strlen(json);
+ 
+ 	if (hdr_json_size != json_area_size) {
+@@ -545,7 +543,7 @@ static int hdr_validate_crypt_segment(struct crypt_device *cd,
+ 		return 1;
+ 	}
+ 
+-	sector_size = json_object_get_uint32(jobj_sector_size);
++	sector_size = crypt_jobj_get_uint32(jobj_sector_size);
+ 	if (!sector_size || MISALIGNED_512(sector_size)) {
+ 		log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
+ 		return 1;
+@@ -1568,7 +1566,7 @@ static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
+ 		log_std(cd, "  %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : "");
+ 
+ 		if (json_object_object_get_ex(val, "key_size", &jobj2))
+-			log_std(cd, "\tKey:        %u bits\n", json_object_get_uint32(jobj2) * 8);
++			log_std(cd, "\tKey:        %u bits\n", crypt_jobj_get_uint32(jobj2) * 8);
+ 
+ 		log_std(cd, "\tPriority:   %s\n", get_priority_desc(val));
+ 
+@@ -1651,7 +1649,7 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 			log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
+ 
+ 		if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
+-			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", json_object_get_uint32(jobj1));
++			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
+ 
+ 		if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) &&
+ 		    json_object_object_get_ex(jobj1, "type", &jobj2))
+@@ -1748,7 +1746,7 @@ int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
+ 			return 0;
+ 		}
+ 
+-		tmp += json_object_get_uint64(jobj_size);
++		tmp += crypt_jobj_get_uint64(jobj_size);
+ 	}
+ 
+ 	/* impossible, real device size must not be zero */
+diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
+index 97031ade..3b8c889d 100644
+--- a/lib/luks2/luks2_keyslot.c
++++ b/lib/luks2/luks2_keyslot.c
+@@ -300,11 +300,11 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
+ 		return -EINVAL;
+-	*offset = json_object_get_uint64(jobj);
++	*offset = crypt_jobj_get_uint64(jobj);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "size", &jobj))
+ 		return -EINVAL;
+-	*length = json_object_get_uint64(jobj);
++	*length = crypt_jobj_get_uint64(jobj);
+ 
+ 	return 0;
+ }
+@@ -835,8 +835,8 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
+ 
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 	json_object_object_add(jobj_keyslot, "area", jobj_area);
+ 
+ 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
+diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
+index cf0e53e8..156f0c1d 100644
+--- a/lib/luks2/luks2_keyslot_luks2.c
++++ b/lib/luks2/luks2_keyslot_luks2.c
+@@ -220,7 +220,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
+ 		return -EINVAL;
+-	area_offset = json_object_get_uint64(jobj2);
++	area_offset = crypt_jobj_get_uint64(jobj2);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
+ 		return -EINVAL;
+@@ -313,7 +313,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
+ 		return -EINVAL;
+-	area_offset = json_object_get_uint64(jobj2);
++	area_offset = crypt_jobj_get_uint64(jobj2);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
+ 		return -EINVAL;
+@@ -494,8 +494,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
+ 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 	json_object_object_add(jobj_keyslot, "area", jobj_area);
+ 
+ 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
+@@ -607,7 +607,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 	log_std(cd, "\tCipher:     %s\n", json_object_get_string(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "key_size", &jobj1);
+-	log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
++	log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
+ 
+ 	json_object_object_get_ex(jobj_kdf, "type", &jobj1);
+ 	log_std(cd, "\tPBKDF:      %s\n", json_object_get_string(jobj1));
+@@ -617,7 +617,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 		log_std(cd, "\tHash:       %s\n", json_object_get_string(jobj1));
+ 
+ 		json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
+-		log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_uint64(jobj1));
++		log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
+ 	} else {
+ 		json_object_object_get_ex(jobj_kdf, "time", &jobj1);
+ 		log_std(cd, "\tTime cost:  %" PRIu64 "\n", json_object_get_int64(jobj1));
+@@ -640,10 +640,10 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 	log_std(cd, "\tAF hash:    %s\n", json_object_get_string(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
+-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "size", &jobj1);
+-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	return 0;
+ }
+diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c
+index a09056b9..b939467f 100644
+--- a/lib/luks2/luks2_keyslot_reenc.c
++++ b/lib/luks2/luks2_keyslot_reenc.c
+@@ -67,13 +67,13 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
+ 
+ 	if (params->data_shift) {
+ 		json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
+-		json_object_object_add(jobj_area, "shift_size", json_object_new_uint64(params->data_shift << SECTOR_SHIFT));
++		json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
+ 	} else
+ 		/* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
+ 		json_object_object_add(jobj_area, "type", json_object_new_string("none"));
+ 
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 
+ 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
+ 	json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
+@@ -113,8 +113,8 @@ static int reenc_keyslot_store_data(struct crypt_device *cd,
+ 	    !json_object_object_get_ex(jobj_area, "size", &jobj_length))
+ 		return -EINVAL;
+ 
+-	area_offset = json_object_get_uint64(jobj_offset);
+-	area_length = json_object_get_uint64(jobj_length);
++	area_offset = crypt_jobj_get_uint64(jobj_offset);
++	area_length = crypt_jobj_get_uint64(jobj_length);
+ 
+ 	if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length))
+ 		return -EINVAL;
+@@ -242,14 +242,14 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 		log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1));
+ 	} else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) {
+ 		json_object_object_get_ex(jobj_area, "shift_size", &jobj1);
+-		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", json_object_get_uint64(jobj1));
++		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1));
+ 	}
+ 
+ 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
+-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "size", &jobj1);
+-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	return 0;
+ }
+@@ -304,7 +304,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
+ 			return -EINVAL;
+ 		if (!validate_json_uint32(jobj_sector_size))
+ 			return -EINVAL;
+-		sector_size = json_object_get_uint32(jobj_sector_size);
++		sector_size = crypt_jobj_get_uint32(jobj_sector_size);
+ 		if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
+ 			log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
+ 			return -EINVAL;
+@@ -313,7 +313,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
+ 		if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
+ 			return -EINVAL;
+ 
+-		shift_size = json_object_get_uint64(jobj_shift_size);
++		shift_size = crypt_jobj_get_uint64(jobj_shift_size);
+ 		if (!shift_size)
+ 			return -EINVAL;
+ 
+diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
+index ca47e5d2..603c44d2 100644
+--- a/lib/luks2/luks2_luks1_convert.c
++++ b/lib/luks2/luks2_luks1_convert.c
+@@ -91,8 +91,8 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 	}
+ 	area_size = offs_b - offs_a;
+ 	json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_size));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
+ 	json_object_object_add(keyslot_obj, "area", jobj_area);
+ 
+ 	*keyslot_object = keyslot_obj;
+@@ -145,7 +145,7 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object
+ 	/* offset field */
+ 	number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
+ 
+-	field = json_object_new_uint64(number);
++	field = crypt_jobj_new_uint64(number);
+ 	if (!field) {
+ 		json_object_put(segment_obj);
+ 		return -ENOMEM;
+@@ -401,9 +401,9 @@ static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks
+ 	json_object_object_add(luks1_obj, "config", field);
+ 
+ 	json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
+-	json_object_object_add(field, "json_size", json_object_new_uint64(json_size));
++	json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
+ 	keyslots_size -= (keyslots_size % 4096);
+-	json_object_object_add(field, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 
+ 	*luks1_object = luks1_obj;
+ 	return 0;
+@@ -419,8 +419,8 @@ static void move_keyslot_offset(json_object *jobj, int offset_add)
+ 		UNUSED(key);
+ 		json_object_object_get_ex(val, "area", &jobj_area);
+ 		json_object_object_get_ex(jobj_area, "offset", &jobj2);
+-		offset = json_object_get_uint64(jobj2) + offset_add;
+-		json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
++		offset = crypt_jobj_get_uint64(jobj2) + offset_add;
++		json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
+ 	}
+ }
+ 
+@@ -764,7 +764,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 				return -EINVAL;
+ 			if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
+ 				return -EINVAL;
+-			offset = json_object_get_uint64(jobj1);
++			offset = crypt_jobj_get_uint64(jobj1);
+ 		} else {
+ 			if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
+ 				return -EINVAL;
+@@ -796,7 +796,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 		if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
+ 			continue;
+-		hdr1->keyblock[i].passwordIterations = json_object_get_uint32(jobj1);
++		hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
+ 
+ 		if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
+ 			continue;
+@@ -837,7 +837,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 	if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
+ 		return -EINVAL;
+-	hdr1->mkDigestIterations = json_object_get_uint32(jobj1);
++	hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
+ 
+ 	if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
+ 		return -EINVAL;
+@@ -862,7 +862,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 	if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
+ 		return -EINVAL;
+-	offset = json_object_get_uint64(jobj1) / SECTOR_SIZE;
++	offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
+ 	if (offset > UINT32_MAX)
+ 		return -EINVAL;
+ 	/* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
+diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
+index 60a007b5..68d31942 100644
+--- a/lib/luks2/luks2_reencrypt.c
++++ b/lib/luks2/luks2_reencrypt.c
+@@ -165,7 +165,7 @@ static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
+ 	if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
+ 		return 0;
+ 
+-	return json_object_get_uint32(jobj_sector_size);
++	return crypt_jobj_get_uint32(jobj_sector_size);
+ }
+ 
+ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
+@@ -200,13 +200,13 @@ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
+ 		json_segment_remove_flag(jobj_seg_new, "in-reencryption");
+ 		tmp = rh->length;
+ 	} else {
+-		json_object_object_add(jobj_seg_new, "offset", json_object_new_uint64(rh->offset + data_offset));
+-		json_object_object_add(jobj_seg_new, "iv_tweak", json_object_new_uint64(rh->offset >> SECTOR_SHIFT));
++		json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
++		json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
+ 		tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
+ 	}
+ 
+ 	/* alter size of new segment, reenc_seg == 0 we're finished */
+-	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? json_object_new_uint64(tmp) : json_object_new_string("dynamic"));
++	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
+ 	json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
+ 
+ 	return jobj_segs_post;
+@@ -256,7 +256,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_devic
+ 		jobj_seg_shrunk = NULL;
+ 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
+ 			goto err;
+-		json_object_object_add(jobj_seg_shrunk, "size", json_object_new_uint64(segment_size - rh->length));
++		json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
+ 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
+ 	}
+ 
+@@ -336,7 +336,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd
+ 				goto err;
+ 			jobj_old_seg = jobj_old_seg_copy;
+ 			fixed_length = rh->device_size - fixed_length;
+-			json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(fixed_length));
++			json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
+ 		} else
+ 			json_object_get(jobj_old_seg);
+ 		json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
+@@ -491,7 +491,7 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd
+ 	if (rh->offset) {
+ 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
+ 			goto err;
+-		json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(rh->offset));
++		json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
+ 
+ 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
+ 	}
+@@ -575,7 +575,7 @@ static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
+ 	if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
+ 		return 0;
+ 
+-	return json_object_get_uint64(jobj_data_shift);
++	return crypt_jobj_get_uint64(jobj_data_shift);
+ }
+ 
+ static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)
+diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c
+index d71a607f..8708ba52 100644
+--- a/lib/luks2/luks2_segment.c
++++ b/lib/luks2/luks2_segment.c
+@@ -55,7 +55,7 @@ uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
+ 	    !json_object_object_get_ex(jobj_segment, "offset", &jobj))
+ 		return 0;
+ 
+-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
++	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
+ }
+ 
+ const char *json_segment_type(json_object *jobj_segment)
+@@ -77,7 +77,7 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
+ 	    !json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
+ 		return 0;
+ 
+-	return json_object_get_uint64(jobj);
++	return crypt_jobj_get_uint64(jobj);
+ }
+ 
+ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
+@@ -88,7 +88,7 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
+ 	    !json_object_object_get_ex(jobj_segment, "size", &jobj))
+ 		return 0;
+ 
+-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
++	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
+ }
+ 
+ const char *json_segment_get_cipher(json_object *jobj_segment)
+@@ -229,8 +229,8 @@ static json_object *_segment_create_generic(const char *type, uint64_t offset, c
+ 		return NULL;
+ 
+ 	json_object_object_add(jobj, "type",		json_object_new_string(type));
+-	json_object_object_add(jobj, "offset",		json_object_new_uint64(offset));
+-	json_object_object_add(jobj, "size",		length ? json_object_new_uint64(*length) : json_object_new_string("dynamic"));
++	json_object_object_add(jobj, "offset",		crypt_jobj_new_uint64(offset));
++	json_object_object_add(jobj, "size",		length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
+ 
+ 	return jobj;
+ }
+@@ -252,7 +252,7 @@ json_object *json_segment_create_crypt(uint64_t offset,
+ 	if (!jobj)
+ 		return NULL;
+ 
+-	json_object_object_add(jobj, "iv_tweak",	json_object_new_uint64(iv_offset));
++	json_object_object_add(jobj, "iv_tweak",	crypt_jobj_new_uint64(iv_offset));
+ 	json_object_object_add(jobj, "encryption",	json_object_new_string(cipher));
+ 	json_object_object_add(jobj, "sector_size",	json_object_new_int(sector_size));
+ 	if (reencryption)


More information about the arch-commits mailing list