Bug fixes for RHEL-9.5.0.

- Resolves: RHEL-39003 RHEL-41238

cryptsetup-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch

@@ -0,0 +1,39 @@
+From 63bb997b41b8e92fe09ce8cb6582e094e00e19a6 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Mon, 26 Aug 2024 10:46:52 +0200
+Subject: [PATCH 08/10] Abort online reencryption for misconfigured devices.
+
+Hard abort is justified here. The online reencryption on
+data devices that do not support O_DIRECT io flag is
+dangerous and leads to data corruption. This should be
+impossible to hit due to a patch that handles it
+in initialization phase. Better safe than sorry.
+---
+ lib/luks2/luks2_reencrypt.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
+index 6519c1e3..05f69d18 100644
+--- a/lib/luks2/luks2_reencrypt.c
++++ b/lib/luks2/luks2_reencrypt.c
+@@ -4230,9 +4230,14 @@ int crypt_reencrypt_run(
+ 
+ 	log_dbg(cd, "Resuming LUKS2 reencryption.");
+ 
+-	if (rh->online && reencrypt_init_device_stack(cd, rh)) {
+-		log_err(cd, _("Failed to initialize reencryption device stack."));
+-		return -EINVAL;
++	if (rh->online) {
++		/* This is last resort to avoid data corruption. Abort is justified here. */
++		assert(device_direct_io(crypt_data_device(cd)));
++
++		if (reencrypt_init_device_stack(cd, rh)) {
++			log_err(cd, _("Failed to initialize reencryption device stack."));
++			return -EINVAL;
++		}
+ 	}
+ 
+ 	log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size);
+-- 
+2.46.0
+

cryptsetup-2.7.5-Do-not-handle-device-as-suspended-on-error.patch

@@ -0,0 +1,35 @@
+From 53198bdea94e610e1e0378e3aff56e8d9f45ac09 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Thu, 22 Aug 2024 13:39:06 +0200
+Subject: [PATCH 01/10] Do not handle device as suspended on error.
+
+Consider device is suspended only if dm_status_suspended return code
+is true.
+
+This function returned -EEXIST for dm devices with target types unknown
+to libcryptsetup (for example dm-cache) and turned off O_DIRECT flag
+for devices unexpectedly.
+
+Turned out ignoring direct-io was a problem after all :).
+
+Fixes: 0f51b5bacbf7 (Do not run sector read check on suspended device.)
+---
+ lib/utils_device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/utils_device.c b/lib/utils_device.c
+index 3e2ac4f3..eccaf048 100644
+--- a/lib/utils_device.c
++++ b/lib/utils_device.c
+@@ -178,7 +178,7 @@ static int device_ready(struct crypt_device *cd, struct device *device)
+ 		if (devfd >= 0) {
+ 			/* skip check for suspended DM devices */
+ 			dm_name = device_dm_name(device);
+-			if (dm_name && dm_status_suspended(cd, dm_name)) {
++			if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
+ 				close(devfd);
+ 				devfd = -1;
+ 			} else if (device_read_test(devfd) == 0) {
+-- 
+2.46.0
+

cryptsetup-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch

@@ -0,0 +1,78 @@
+From 4cdd022ba42df17b027be7c35c7028d01b54cecc Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Tue, 27 Aug 2024 12:13:54 +0200
+Subject: [PATCH 06/10] Fix detection of direct-io with suspended devices.
+
+Currently, direct-io is disabled if underlying device is suspended.
+
+This was an unfortunate change, as it is part of data corruption
+problem in online reenryption.
+
+Let's relax the test to assume that suspended device
+(suspended =>  must be a device-mapper device) supports direct-io.
+
+The read test is still needed as some network based devices
+misbehaves if opened with direct-io flag.
+---
+ lib/utils_device.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/lib/utils_device.c b/lib/utils_device.c
+index eccaf048..6b7af6e1 100644
+--- a/lib/utils_device.c
++++ b/lib/utils_device.c
+@@ -127,11 +127,19 @@ static size_t device_alignment_fd(int devfd)
+ 	return (size_t)alignment;
+ }
+ 
+-static int device_read_test(int devfd)
++static int device_read_test(struct crypt_device *cd, int devfd, struct device *device)
+ {
+ 	char buffer[512];
+ 	int r = -EIO;
+ 	size_t minsize = 0, blocksize, alignment;
++	const char *dm_name;
++
++	/* skip check for suspended DM devices */
++	dm_name = device_dm_name(device);
++	if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
++		log_dbg(cd, "Device %s is suspended, assuming direct-io is supported.", dm_name);
++		return 0;
++	}
+ 
+ 	blocksize = device_block_size_fd(devfd, &minsize);
+ 	alignment = device_alignment_fd(devfd);
+@@ -148,6 +156,8 @@ static int device_read_test(int devfd)
+ 	if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize)
+ 		r = 0;
+ 
++	log_dbg(cd, "Direct-io is supported and works.");
++
+ 	crypt_safe_memzero(buffer, sizeof(buffer));
+ 	return r;
+ }
+@@ -165,7 +175,6 @@ static int device_ready(struct crypt_device *cd, struct device *device)
+ 	int devfd = -1, r = 0;
+ 	struct stat st;
+ 	size_t tmp_size;
+-	const char *dm_name;
+ 
+ 	if (!device)
+ 		return -EINVAL;
+@@ -176,12 +185,7 @@ static int device_ready(struct crypt_device *cd, struct device *device)
+ 		device->o_direct = 0;
+ 		devfd = open(device_path(device), O_RDONLY | O_DIRECT);
+ 		if (devfd >= 0) {
+-			/* skip check for suspended DM devices */
+-			dm_name = device_dm_name(device);
+-			if (dm_name && dm_status_suspended(cd, dm_name) > 0) {
+-				close(devfd);
+-				devfd = -1;
+-			} else if (device_read_test(devfd) == 0) {
++			if (device_read_test(cd, devfd, device) == 0) {
+ 				device->o_direct = 1;
+ 			} else {
+ 				close(devfd);
+-- 
+2.46.0
+

cryptsetup-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch

@@ -0,0 +1,35 @@
+From 9991cbc306963c8f03eb6dad82fa6c12f75d3b97 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Mon, 26 Aug 2024 10:44:50 +0200
+Subject: [PATCH 07/10] Harden online reencryption checks in initialization
+ phase.
+
+Verify the data device supports O_DIRECT io flag in
+the initialization phase. Online reencryption is not
+safe unless we can read and write the data in direct
+mode.
+---
+ lib/luks2/luks2_reencrypt.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
+index c77de3f6..6519c1e3 100644
+--- a/lib/luks2/luks2_reencrypt.c
++++ b/lib/luks2/luks2_reencrypt.c
+@@ -3788,6 +3788,13 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd,
+ 	if (flags & CRYPT_REENCRYPT_RECOVERY)
+ 		return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
+ 
++	if (name && !device_direct_io(crypt_data_device(cd))) {
++		log_dbg(cd, "Device %s does not support direct I/O.", device_path(crypt_data_device(cd)));
++		/* FIXME: Add more specific error mesage for translation later. */
++		log_err(cd, _("Failed to initialize reencryption device stack."));
++		return -EINVAL;
++	}
++
+ 	if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) {
+ 		r = crypt_keyslot_get_key_size(cd, keyslot_new);
+ 		if (r < 0)
+-- 
+2.46.0
+

cryptsetup-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch

@@ -0,0 +1,28 @@
+From aeada055d19cddeda68661dc929a78b2bee35e25 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Thu, 22 Aug 2024 13:41:03 +0200
+Subject: [PATCH 1/9] Return suspended status also for unknow target types.
+
+This patch allows dm_status_suspended() to report if device
+is suspended or not also for unknown target types from
+libcryptsetup perspective (e.g.: dm-cache).
+---
+ lib/libdevmapper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index b8592ffa..a562a2d7 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -1911,7 +1911,7 @@ int dm_status_suspended(struct crypt_device *cd, const char *name)
+ 	r = dm_status_dmi(name, &dmi, NULL, NULL);
+ 	dm_exit_context();
+ 
+-	if (r < 0)
++	if (r < 0 && r != -EEXIST)
+ 		return r;
+ 
+ 	return dmi.suspended ? 1 : 0;
+-- 
+2.46.0
+

cryptsetup-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch

@@ -0,0 +1,42 @@
+From cfd043f6f0527407c57fb5a2735ee8e22c070cd7 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Wed, 28 Aug 2024 17:06:12 +0200
+Subject: [PATCH 09/10] Enable to use Argon2 in FIPS with openssl backend.
+
+This patch is required to read existing LUKS2
+keyslots created with Argon2 KDF before the system
+got switched in FIPS mode. Creating new keyslots using
+Argon2 was already blocked elsewhere and before this patch.
+---
+ lib/crypto_backend/crypto_openssl.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c
+index 9f1be9e0..07c133b0 100644
+--- a/lib/crypto_backend/crypto_openssl.c
++++ b/lib/crypto_backend/crypto_openssl.c
+@@ -611,13 +611,20 @@ static int openssl_argon2(const char *type, const char *password, size_t passwor
+ 		OSSL_PARAM_uint(OSSL_KDF_PARAM_THREADS, &threads),
+ 		OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_LANES, &parallel),
+ 		OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST, &memory),
++		/* to allow fetching blake2 in FIPS mode in later KDF_derive routine */
++		OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_PROPERTIES, "-fips", 0),
+ 		OSSL_PARAM_END
+ 	};
+ 
+ 	if (OSSL_get_max_threads(ossl_ctx) == 0)
+ 		threads = 1;
+ 
+-	argon2 = EVP_KDF_fetch(ossl_ctx, type, NULL);
++	/*
++	 * '-fips' skips fips provider for Argon2 variants implementations.
++	 * We need it to be able to read existing keyslots in FIPS mode.
++	 * Writing new Argon2 enabled keyslots in FIPS mode is blocked elsewhere.
++	 */
++	argon2 = EVP_KDF_fetch(ossl_ctx, type, "-fips");
+ 	if (!argon2)
+ 		return -EINVAL;
+ 
+-- 
+2.46.0
+

cryptsetup-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch

@@ -0,0 +1,37 @@
+From f903ddcf447474fda1a036584b550d12dd620a73 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Thu, 29 Aug 2024 15:31:08 +0200
+Subject: [PATCH 10/10] Warn if Argon2 keyslot is unlocked in FIPS mode.
+
+---
+ lib/luks2/luks2_keyslot.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
+index bb9d4537..2f979d81 100644
+--- a/lib/luks2/luks2_keyslot.c
++++ b/lib/luks2/luks2_keyslot.c
+@@ -573,6 +573,7 @@ int LUKS2_keyslot_open(struct crypt_device *cd,
+ {
+ 	struct luks2_hdr *hdr;
+ 	int r_prio, r = -EINVAL;
++	struct crypt_pbkdf_type pbkdf;
+ 
+ 	hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+ 	if (!hdr)
+@@ -599,7 +600,11 @@ int LUKS2_keyslot_open(struct crypt_device *cd,
+ 			log_err(cd, _("Not enough available memory to open a keyslot."));
+ 		else if (r != -EPERM && r != -ENOENT)
+ 			log_err(cd, _("Keyslot open failed."));
+-	}
++	} else if (crypt_fips_mode() && !LUKS2_keyslot_pbkdf(hdr, r, &pbkdf) &&
++		   !strncmp(pbkdf.type, "argon2", 6))
++		log_err(cd, "The %s KDF used in keyslot %d is not FIPS compliant.\n"
++			    "Please refer to cryptsetup-luksConvertKey(8) man page to switch it to pbkdf2.",
++			    pbkdf.type, r);
+ 
+ 	return r;
+ }
+-- 
+2.46.0
+

cryptsetup.spec

@@ -1,7 +1,7 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
 Version: 2.7.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@@ -17,8 +17,15 @@ Provides: %{name}-reencrypt = %{version}
 %global upstream_version %{version}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
 
+Patch0001: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
+Patch0002: %{name}-2.7.5-Do-not-handle-device-as-suspended-on-error.patch
+Patch0003: %{name}-2.7.5-Return-suspended-status-also-for-unknow-target-types.patch
+Patch0004: %{name}-2.7.5-Fix-detection-of-direct-io-with-suspended-devices.patch
+Patch0005: %{name}-2.7.5-Harden-online-reencryption-checks-in-initialization-.patch
+Patch0006: %{name}-2.7.5-Abort-online-reencryption-for-misconfigured-devices.patch
+Patch0007: %{name}-Enable-to-use-Argon2-in-FIPS-with-openssl-backend.patch
+Patch0008: %{name}-Warn-if-Argon2-keyslot-is-unlocked-in-FIPS-mode.patch
 # Following patch has to applied last
-Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
 Patch9999: %{name}-add-system-library-paths.patch
 
 %description
@@ -103,6 +110,16 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Thu Aug 29 2024 Ondrej Kozina <okozina@redhat.com> - 2.7.2-2
+- patch: Warn if Argon2 keyslot is unlocked in FIPS mode.
+- patch: Enable Argon2 in FIPS with openssl backend.
+- patch: Abort online reencryption for misconfigured devices.
+- patch: Harden online reencryption checks in initialization phase.
+- patch: Fix detection of direct-io with suspended devices.
+- patch: Return suspended status also for unknow target types.
+- patch: Do not handle device as suspended on error.
+- Resolves: RHEL-39003 RHEL-41238
+
 * Thu May 02 2024 Daniel Zatovic <dzatovic@redhat.com> - 2.7.2-1
 - Update to cryptsetup 2.7.2
 - Use OpenSLL Argon implementation instead of the built-in one