2 files changed, 25 insertions, 14 deletions

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 8ac5ab730a..e2dc4327fe 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -264,28 +264,25 @@ static crypto_device *get_crypto_device(const char *uuid) {
                 d->keyfile = d->options = d->name = NULL;
 
                 d->uuid = strdup(uuid);
-                if (!d->uuid) {
-                        free(d);
-                        return NULL;
-                }
+                if (!d->uuid)
+                        return mfree(d);
 
                 r = hashmap_put(arg_disks, d->uuid, d);
                 if (r < 0) {
                         free(d->uuid);
-                        free(d);
-                        return NULL;
+                        return mfree(d);
                 }
         }
 
         return d;
 }
 
-static int parse_proc_cmdline_item(const char *key, const char *value) {
+static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
         int r;
         crypto_device *d;
         _cleanup_free_ char *uuid = NULL, *uuid_value = NULL;
 
-        if (STR_IN_SET(key, "luks", "rd.luks") && value) {
+        if (streq(key, "luks") && value) {
 
                 r = parse_boolean(value);
                 if (r < 0)
@@ -293,7 +290,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
                 else
                         arg_enabled = r;
 
-        } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
+        } else if (streq(key, "luks.crypttab") && value) {
 
                 r = parse_boolean(value);
                 if (r < 0)
@@ -301,7 +298,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
                 else
                         arg_read_crypttab = r;
 
-        } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
+        } else if (streq(key, "luks.uuid") && value) {
 
                 d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
                 if (!d)
@@ -309,7 +306,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
 
                 d->create = arg_whitelist = true;
 
-        } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
+        } else if (streq(key, "luks.options") && value) {
 
                 r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                 if (r == 2) {
@@ -323,7 +320,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
                 } else if (free_and_strdup(&arg_default_options, value) < 0)
                         return log_oom();
 
-        } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
+        } else if (streq(key, "luks.key") && value) {
 
                 r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                 if (r == 2) {
@@ -337,7 +334,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
                 } else if (free_and_strdup(&arg_default_keyfile, value) < 0)
                         return log_oom();
 
-        } else if (STR_IN_SET(key, "luks.name", "rd.luks.name") && value) {
+        } else if (streq(key, "luks.name") && value) {
 
                 r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                 if (r == 2) {
@@ -481,7 +478,7 @@ int main(int argc, char *argv[]) {
         if (!arg_disks)
                 goto cleanup;
 
-        r = parse_proc_cmdline(parse_proc_cmdline_item);
+        r = parse_proc_cmdline(parse_proc_cmdline_item, NULL, true);
         if (r < 0) {
                 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
                 r = EXIT_FAILURE;
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 9927621ea0..ff5a3f36fb 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -52,6 +52,7 @@ static bool arg_verify = false;
 static bool arg_discards = false;
 static bool arg_tcrypt_hidden = false;
 static bool arg_tcrypt_system = false;
+static bool arg_tcrypt_veracrypt = false;
 static char **arg_tcrypt_keyfiles = NULL;
 static uint64_t arg_offset = 0;
 static uint64_t arg_skip = 0;
@@ -179,6 +180,14 @@ static int parse_one_option(const char *option) {
         } else if (streq(option, "tcrypt-system")) {
                 arg_type = CRYPT_TCRYPT;
                 arg_tcrypt_system = true;
+        } else if (streq(option, "tcrypt-veracrypt")) {
+#ifdef CRYPT_TCRYPT_VERA_MODES
+                arg_type = CRYPT_TCRYPT;
+                arg_tcrypt_veracrypt = true;
+#else
+                log_error("This version of cryptsetup does not support tcrypt-veracrypt; refusing.");
+                return -EINVAL;
+#endif
         } else if (STR_IN_SET(option, "plain", "swap", "tmp"))
                 arg_type = CRYPT_PLAIN;
         else if (startswith(option, "timeout=")) {
@@ -441,6 +450,11 @@ static int attach_tcrypt(
         if (arg_tcrypt_system)
                 params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
 
+#ifdef CRYPT_TCRYPT_VERA_MODES
+        if (arg_tcrypt_veracrypt)
+                params.flags |= CRYPT_TCRYPT_VERA_MODES;
+#endif
+
         if (key_file) {
                 r = read_one_line_file(key_file, &passphrase);
                 if (r < 0) {