diff --git a/cryptsetup-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch b/cryptsetup-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch new file mode 100644 index 0000000..d6a80d4 --- /dev/null +++ b/cryptsetup-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch @@ -0,0 +1,39 @@ +From 63bb997b41b8e92fe09ce8cb6582e094e00e19a6 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Mon, 26 Aug 2024 10:46:52 +0200 +Subject: [PATCH 08/10] Abort online reencryption for misconfigured devices. + +Hard abort is justified here. The online reencryption on +data devices that do not support O_DIRECT io flag is +dangerous and leads to data corruption. This should be +impossible to hit due to a patch that handles it +in initialization phase. Better safe than sorry. +--- + lib/luks2/luks2_reencrypt.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c +index 6519c1e3..05f69d18 100644 +--- a/lib/luks2/luks2_reencrypt.c ++++ b/lib/luks2/luks2_reencrypt.c +@@ -4230,9 +4230,14 @@ int crypt_reencrypt_run( + + log_dbg(cd, "Resuming LUKS2 reencryption."); + +- if (rh->online && reencrypt_init_device_stack(cd, rh)) { +- log_err(cd, _("Failed to initialize reencryption device stack.")); +- return -EINVAL; ++ if (rh->online) { ++ /* This is last resort to avoid data corruption. Abort is justified here. */ ++ assert(device_direct_io(crypt_data_device(cd))); ++ ++ if (reencrypt_init_device_stack(cd, rh)) { ++ log_err(cd, _("Failed to initialize reencryption device stack.")); ++ return -EINVAL; ++ } + } + + log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size); +-- +2.46.0 + diff --git a/cryptsetup-2.7.5-Do-not-handle-device-as-suspended-on-error.patch b/cryptsetup-2.7.5-Do-not-handle-device-as-suspended-on-error.patch new file mode 100644 index 0000000..2f92d2c --- /dev/null +++ b/cryptsetup-2.7.5-Do-not-handle-device-as-suspended-on-error.patch @@ -0,0 +1,35 @@ +From 53198bdea94e610e1e0378e3aff56e8d9f45ac09 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 22 Aug 2024 13:39:06 +0200 +Subject: [PATCH 01/10] Do not handle device as suspended on error. + +Consider device is suspended only if dm_status_suspended return code +is true. + +This function returned -EEXIST for dm devices with target types unknown +to libcryptsetup (for example dm-cache) and turned off O_DIRECT flag +for devices unexpectedly. + +Turned out ignoring direct-io was a problem after all :). + +Fixes: 0f51b5bacbf7 (Do not run sector read check on suspended device.) +--- + lib/utils_device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/utils_device.c b/lib/utils_device.c +index 3e2ac4f3..eccaf048 100644 +--- a/lib/utils_device.c ++++ b/lib/utils_device.c +@@ -178,7 +178,7 @@ static int device_ready(struct crypt_device *cd, struct device *device) + if (devfd >= 0) { + /* skip check for suspended DM devices */ + dm_name = device_dm_name(device); +- if (dm_name && dm_status_suspended(cd, dm_name)) { ++ if (dm_name && dm_status_suspended(cd, dm_name) > 0) { + close(devfd); + devfd = -1; + } else if (device_read_test(devfd) == 0) { +-- +2.46.0 + diff --git a/cryptsetup-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch b/cryptsetup-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch new file mode 100644 index 0000000..3d1ce12 --- /dev/null +++ b/cryptsetup-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch @@ -0,0 +1,78 @@ +From 4cdd022ba42df17b027be7c35c7028d01b54cecc Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Tue, 27 Aug 2024 12:13:54 +0200 +Subject: [PATCH 06/10] Fix detection of direct-io with suspended devices. + +Currently, direct-io is disabled if underlying device is suspended. + +This was an unfortunate change, as it is part of data corruption +problem in online reenryption. + +Let's relax the test to assume that suspended device +(suspended => must be a device-mapper device) supports direct-io. + +The read test is still needed as some network based devices +misbehaves if opened with direct-io flag. +--- + lib/utils_device.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/lib/utils_device.c b/lib/utils_device.c +index eccaf048..6b7af6e1 100644 +--- a/lib/utils_device.c ++++ b/lib/utils_device.c +@@ -127,11 +127,19 @@ static size_t device_alignment_fd(int devfd) + return (size_t)alignment; + } + +-static int device_read_test(int devfd) ++static int device_read_test(struct crypt_device *cd, int devfd, struct device *device) + { + char buffer[512]; + int r = -EIO; + size_t minsize = 0, blocksize, alignment; ++ const char *dm_name; ++ ++ /* skip check for suspended DM devices */ ++ dm_name = device_dm_name(device); ++ if (dm_name && dm_status_suspended(cd, dm_name) > 0) { ++ log_dbg(cd, "Device %s is suspended, assuming direct-io is supported.", dm_name); ++ return 0; ++ } + + blocksize = device_block_size_fd(devfd, &minsize); + alignment = device_alignment_fd(devfd); +@@ -148,6 +156,8 @@ static int device_read_test(int devfd) + if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize) + r = 0; + ++ log_dbg(cd, "Direct-io is supported and works."); ++ + crypt_safe_memzero(buffer, sizeof(buffer)); + return r; + } +@@ -165,7 +175,6 @@ static int device_ready(struct crypt_device *cd, struct device *device) + int devfd = -1, r = 0; + struct stat st; + size_t tmp_size; +- const char *dm_name; + + if (!device) + return -EINVAL; +@@ -176,12 +185,7 @@ static int device_ready(struct crypt_device *cd, struct device *device) + device->o_direct = 0; + devfd = open(device_path(device), O_RDONLY | O_DIRECT); + if (devfd >= 0) { +- /* skip check for suspended DM devices */ +- dm_name = device_dm_name(device); +- if (dm_name && dm_status_suspended(cd, dm_name) > 0) { +- close(devfd); +- devfd = -1; +- } else if (device_read_test(devfd) == 0) { ++ if (device_read_test(cd, devfd, device) == 0) { + device->o_direct = 1; + } else { + close(devfd); +-- +2.46.0 + diff --git a/cryptsetup-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch b/cryptsetup-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch new file mode 100644 index 0000000..b59bb11 --- /dev/null +++ b/cryptsetup-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch @@ -0,0 +1,35 @@ +From 9991cbc306963c8f03eb6dad82fa6c12f75d3b97 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Mon, 26 Aug 2024 10:44:50 +0200 +Subject: [PATCH 07/10] Harden online reencryption checks in initialization + phase. + +Verify the data device supports O_DIRECT io flag in +the initialization phase. Online reencryption is not +safe unless we can read and write the data in direct +mode. +--- + lib/luks2/luks2_reencrypt.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c +index c77de3f6..6519c1e3 100644 +--- a/lib/luks2/luks2_reencrypt.c ++++ b/lib/luks2/luks2_reencrypt.c +@@ -3788,6 +3788,13 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd, + if (flags & CRYPT_REENCRYPT_RECOVERY) + return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size); + ++ if (name && !device_direct_io(crypt_data_device(cd))) { ++ log_dbg(cd, "Device %s does not support direct I/O.", device_path(crypt_data_device(cd))); ++ /* FIXME: Add more specific error mesage for translation later. */ ++ log_err(cd, _("Failed to initialize reencryption device stack.")); ++ return -EINVAL; ++ } ++ + if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) { + r = crypt_keyslot_get_key_size(cd, keyslot_new); + if (r < 0) +-- +2.46.0 + diff --git a/cryptsetup-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch b/cryptsetup-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch new file mode 100644 index 0000000..f9d7fdc --- /dev/null +++ b/cryptsetup-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch @@ -0,0 +1,28 @@ +From aeada055d19cddeda68661dc929a78b2bee35e25 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 22 Aug 2024 13:41:03 +0200 +Subject: [PATCH 1/9] Return suspended status also for unknow target types. + +This patch allows dm_status_suspended() to report if device +is suspended or not also for unknown target types from +libcryptsetup perspective (e.g.: dm-cache). +--- + lib/libdevmapper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index b8592ffa..a562a2d7 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -1911,7 +1911,7 @@ int dm_status_suspended(struct crypt_device *cd, const char *name) + r = dm_status_dmi(name, &dmi, NULL, NULL); + dm_exit_context(); + +- if (r < 0) ++ if (r < 0 && r != -EEXIST) + return r; + + return dmi.suspended ? 1 : 0; +-- +2.46.0 + diff --git a/cryptsetup-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch b/cryptsetup-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch new file mode 100644 index 0000000..d4ff3f5 --- /dev/null +++ b/cryptsetup-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch @@ -0,0 +1,42 @@ +From cfd043f6f0527407c57fb5a2735ee8e22c070cd7 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Wed, 28 Aug 2024 17:06:12 +0200 +Subject: [PATCH 09/10] Enable to use Argon2 in FIPS with openssl backend. + +This patch is required to read existing LUKS2 +keyslots created with Argon2 KDF before the system +got switched in FIPS mode. Creating new keyslots using +Argon2 was already blocked elsewhere and before this patch. +--- + lib/crypto_backend/crypto_openssl.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c +index 9f1be9e0..07c133b0 100644 +--- a/lib/crypto_backend/crypto_openssl.c ++++ b/lib/crypto_backend/crypto_openssl.c +@@ -611,13 +611,20 @@ static int openssl_argon2(const char *type, const char *password, size_t passwor + OSSL_PARAM_uint(OSSL_KDF_PARAM_THREADS, &threads), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_LANES, ¶llel), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST, &memory), ++ /* to allow fetching blake2 in FIPS mode in later KDF_derive routine */ ++ OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_PROPERTIES, "-fips", 0), + OSSL_PARAM_END + }; + + if (OSSL_get_max_threads(ossl_ctx) == 0) + threads = 1; + +- argon2 = EVP_KDF_fetch(ossl_ctx, type, NULL); ++ /* ++ * '-fips' skips fips provider for Argon2 variants implementations. ++ * We need it to be able to read existing keyslots in FIPS mode. ++ * Writing new Argon2 enabled keyslots in FIPS mode is blocked elsewhere. ++ */ ++ argon2 = EVP_KDF_fetch(ossl_ctx, type, "-fips"); + if (!argon2) + return -EINVAL; + +-- +2.46.0 + diff --git a/cryptsetup-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch b/cryptsetup-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch new file mode 100644 index 0000000..c5cd8a1 --- /dev/null +++ b/cryptsetup-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch @@ -0,0 +1,37 @@ +From f903ddcf447474fda1a036584b550d12dd620a73 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 29 Aug 2024 15:31:08 +0200 +Subject: [PATCH 10/10] Warn if Argon2 keyslot is unlocked in FIPS mode. + +--- + lib/luks2/luks2_keyslot.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c +index bb9d4537..2f979d81 100644 +--- a/lib/luks2/luks2_keyslot.c ++++ b/lib/luks2/luks2_keyslot.c +@@ -573,6 +573,7 @@ int LUKS2_keyslot_open(struct crypt_device *cd, + { + struct luks2_hdr *hdr; + int r_prio, r = -EINVAL; ++ struct crypt_pbkdf_type pbkdf; + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + if (!hdr) +@@ -599,7 +600,11 @@ int LUKS2_keyslot_open(struct crypt_device *cd, + log_err(cd, _("Not enough available memory to open a keyslot.")); + else if (r != -EPERM && r != -ENOENT) + log_err(cd, _("Keyslot open failed.")); +- } ++ } else if (crypt_fips_mode() && !LUKS2_keyslot_pbkdf(hdr, r, &pbkdf) && ++ !strncmp(pbkdf.type, "argon2", 6)) ++ log_err(cd, "The %s KDF used in keyslot %d is not FIPS compliant.\n" ++ "Please refer to cryptsetup-luksConvertKey(8) man page to switch it to pbkdf2.", ++ pbkdf.type, r); + + return r; + } +-- +2.46.0 + diff --git a/cryptsetup.spec b/cryptsetup.spec index fc13454..7e83721 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup Version: 2.7.2 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup BuildRequires: openssl-devel, popt-devel, device-mapper-devel @@ -17,8 +17,15 @@ Provides: %{name}-reencrypt = %{version} %global upstream_version %{version} Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz +Patch0001: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch +Patch0002: %{name}-2.7.5-Do-not-handle-device-as-suspended-on-error.patch +Patch0003: %{name}-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch +Patch0004: %{name}-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch +Patch0005: %{name}-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch +Patch0006: %{name}-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch +Patch0007: %{name}-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch +Patch0008: %{name}-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch # Following patch has to applied last -Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch Patch9999: %{name}-add-system-library-paths.patch %description @@ -103,6 +110,16 @@ rm -rf %{buildroot}%{_libdir}/*.la %ghost %attr(700, -, -) %dir /run/cryptsetup %changelog +* Thu Aug 29 2024 Ondrej Kozina - 2.7.2-2 +- patch: Warn if Argon2 keyslot is unlocked in FIPS mode. +- patch: Enable Argon2 in FIPS with openssl backend. +- patch: Abort online reencryption for misconfigured devices. +- patch: Harden online reencryption checks in initialization phase. +- patch: Fix detection of direct-io with suspended devices. +- patch: Return suspended status also for unknow target types. +- patch: Do not handle device as suspended on error. +- Resolves: RHEL-39003 RHEL-41238 + * Thu May 02 2024 Daniel Zatovic - 2.7.2-1 - Update to cryptsetup 2.7.2 - Use OpenSLL Argon implementation instead of the built-in one