From 865e8ecce0f2bc116f90c0034b9e582069fd7400 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 17 Feb 2022 16:59:38 +0100
Subject: [PATCH] Various FIPS related fixes.

- Resolves: #2051630
---
 .gitignore                                    |   1 +
 ....0-Do-not-use-too-small-key-in-tests.patch |  45 ++
 ...BKDF-benchmark-in-OpenSSL3-FIPS-mode.patch |  47 ++
 ...setup-2.5.0-Get-rid-of-SHA1-in-tests.patch | 441 ++++++++++++++++++
 cryptsetup.spec                               |  14 +-
 sources                                       |   1 +
 6 files changed, 547 insertions(+), 2 deletions(-)
 create mode 100644 cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
 create mode 100644 cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
 create mode 100644 cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch

diff --git a/.gitignore b/.gitignore
index d6912bc..e50ced6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /cryptsetup-2.4.3.tar.xz
+/tests.tar.xz
diff --git a/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch b/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
new file mode 100644
index 0000000..40f7269
--- /dev/null
+++ b/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
@@ -0,0 +1,45 @@
+From 34f033b2549d95833270d657cf099ee4f6faff37 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Fri, 21 Jan 2022 09:55:34 +0100
+Subject: [PATCH 3/3] Do not use too small key in tests.
+
+Apparently FIPS mode enforces somewhere minimal key size.
+As 64bit key is no longer useful anyway, just remove it.
+
+Apparently cipher_null is now more safer with the longer key,
+isn't? :-)
+---
+ tests/align-test | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/tests/align-test b/tests/align-test
+index 9ae606ca..a00103c2 100755
+--- a/tests/align-test
++++ b/tests/align-test
+@@ -262,11 +262,6 @@ cleanup
+ echo "# Offset check: 512B sector drive"
+ add_device dev_size_mb=16 sector_size=512 num_tgts=1
+ #           |k| expO reqO expected slot offsets
+-format_null  64 2048    0 8:72:136:200:264:328:392:456
+-format_null  64  520    1
+-format_null  64  520    8
+-format_null  64  640  128
+-format_null  64 2048 2048
+ format_null 128 2048    0 8:136:264:392:520:648:776:904
+ format_null 128 1032    1
+ format_null 128 1032    8
+@@ -286,11 +281,6 @@ cleanup
+ 
+ echo "# Offset check: 4096B sector drive"
+ add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
+-format_null  64 2048    0 8:72:136:200:264:328:392:456
+-format_null  64  520    1
+-format_null  64  520    8
+-format_null  64  640  128
+-format_null  64 2048 2048
+ format_null 128 2048    0 8:136:264:392:520:648:776:904
+ format_null 128 1032    1
+ format_null 128 1032    8
+-- 
+2.27.0
+
diff --git a/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch b/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
new file mode 100644
index 0000000..aebf06e
--- /dev/null
+++ b/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
@@ -0,0 +1,47 @@
+From 05a237be2a6c7a342fb5aba4433aec487a08317f Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Fri, 21 Jan 2022 09:47:13 +0100
+Subject: [PATCH 1/3] Fix PBKDF benchmark in OpenSSL3 FIPS mode.
+
+OpenSSL now enforces minimal parameters for PBKDF2 according to SP 800-132
+key length (112 bits), minimal salt length (128 bits) and minimal number
+of iterations (1000).
+
+Our benchmark violates this, causeing cryptsetup misbehave for luksFormat.
+
+Just inrease tet salt to 16 bytes here, it will little bit influence benchmark,
+but there is no way back.
+---
+ lib/utils_benchmark.c | 2 +-
+ src/cryptsetup.c      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c
+index 7a9736d8..24e7bccc 100644
+--- a/lib/utils_benchmark.c
++++ b/lib/utils_benchmark.c
+@@ -184,7 +184,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
+ 		pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */
+ 		pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */
+ 
+-		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "bar", 3,
++		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "01234567890abcdef", 16,
+ 					volume_key_size, &benchmark_callback, &u);
+ 		pbkdf->time_ms = ms_tmp;
+ 		if (r < 0) {
+diff --git a/src/cryptsetup.c b/src/cryptsetup.c
+index e529b7ac..37d35c92 100644
+--- a/src/cryptsetup.c
++++ b/src/cryptsetup.c
+@@ -860,7 +860,7 @@ static int action_benchmark_kdf(const char *kdf, const char *hash, size_t key_si
+ 			.time_ms = 1000,
+ 		};
+ 
+-		r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "bar", 3, key_size,
++		r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "0123456789abcdef", 16, key_size,
+ 					&benchmark_callback, &pbkdf);
+ 		if (r < 0)
+ 			log_std(_("PBKDF2-%-9s     N/A\n"), hash);
+-- 
+2.27.0
+
diff --git a/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch b/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch
new file mode 100644
index 0000000..4708329
--- /dev/null
+++ b/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch
@@ -0,0 +1,441 @@
+diff -rupN cryptsetup-2.4.3.old/tests/api-test.c cryptsetup-2.4.3/tests/api-test.c
+--- cryptsetup-2.4.3.old/tests/api-test.c	2022-02-17 16:37:09.535345938 +0100
++++ cryptsetup-2.4.3/tests/api-test.c	2022-02-17 16:37:29.156459763 +0100
+@@ -312,7 +312,7 @@ static int _setup(void)
+ static void AddDevicePlain(void)
+ {
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -322,7 +322,7 @@ static void AddDevicePlain(void)
+ 
+ 	const char *passphrase = PASSPHRASE;
+ 	// hashed hex version of PASSPHRASE
+-	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
++	const char *mk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ 	size_t key_size = strlen(mk_hex) / 2;
+ 	const char *cipher = "aes";
+ 	const char *cipher_mode = "cbc-essiv:sha256";
+@@ -438,7 +438,7 @@ static void AddDevicePlain(void)
+ 	OK_(crypt_deactivate(cd,CDEVICE_1));
+ 
+ 	CRYPT_FREE(cd);
+-	params.hash = "sha1";
++	params.hash = "sha256";
+ 	params.offset = 0;
+ 	params.size = 0;
+ 	params.skip = 0;
+@@ -620,7 +620,7 @@ static void new_log(int level, const cha
+ static void CallbacksTest(void)
+ {
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 	};
+@@ -1116,7 +1116,7 @@ static void LuksHeaderRestore(void)
+ 		.data_alignment = 2048, // 4M, data offset will be 4096
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -1203,7 +1203,7 @@ static void LuksHeaderLoad(void)
+ 		.data_alignment = 2048,
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+diff -rupN cryptsetup-2.4.3.old/tests/api-test-2.c cryptsetup-2.4.3/tests/api-test-2.c
+--- cryptsetup-2.4.3.old/tests/api-test-2.c	2022-02-17 16:37:09.535345938 +0100
++++ cryptsetup-2.4.3/tests/api-test-2.c	2022-02-17 16:37:29.155459758 +0100
+@@ -1232,7 +1232,7 @@ static void Luks2HeaderRestore(void)
+ 		.sector_size = 512
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -1242,7 +1242,7 @@ static void Luks2HeaderRestore(void)
+ 	};
+ 	uint32_t flags = 0;
+ 
+-	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
++	const char *mk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ 	size_t key_size = strlen(mk_hex) / 2;
+ 	const char *cipher = "aes";
+ 	const char *cipher_mode = "cbc-essiv:sha256";
+@@ -1337,7 +1337,7 @@ static void Luks2HeaderLoad(void)
+ 		.sector_size = 512
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -2142,7 +2142,7 @@ static void LuksConvert(void)
+ 		.parallel_threads = 1
+ 	}, pbkdf2 = {
+ 		.type = CRYPT_KDF_PBKDF2,
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.time_ms = 1
+ 	};
+ 
+@@ -2675,7 +2675,7 @@ static void Pbkdf(void)
+ 		.hash = default_luks1_hash
+ 	};
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -2874,11 +2874,11 @@ static void Pbkdf(void)
+ 	pbkdf2.time_ms = 9;
+ 	pbkdf2.hash = NULL;
+ 	FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
+-	pbkdf2.hash = "sha1";
++	pbkdf2.hash = "sha256";
+ 	OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ 
+ 	argon2.time_ms = 9;
+-	argon2.hash = "sha1"; // will be ignored
++	argon2.hash = "sha256"; // will be ignored
+ 	OK_(crypt_set_pbkdf_type(cd, &argon2));
+ 	argon2.hash = NULL;
+ 	OK_(crypt_set_pbkdf_type(cd, &argon2));
+@@ -3839,7 +3839,7 @@ static void Luks2Reencryption(void)
+ 	struct crypt_params_reencrypt retparams = {}, rparams = {
+ 		.direction = CRYPT_REENCRYPT_FORWARD,
+ 		.resilience = "checksum",
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.luks2 = &params2,
+ 	};
+ 	dev_t devno;
+@@ -3983,7 +3983,7 @@ static void Luks2Reencryption(void)
+ 	rparams.hash = "hamSter";
+ 	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
+ 
+-	rparams.hash = "sha1";
++	rparams.hash = "sha256";
+ 	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ 	OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test cryptsetup-2.4.3/tests/compat-test
+--- cryptsetup-2.4.3.old/tests/compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/compat-test	2022-02-17 16:37:29.157459769 +0100
+@@ -302,8 +302,8 @@ $CRYPTSETUP -q luksUUID $IMG | grep -q $
+ prepare	"[1] open - compat image - acceptance check" new
+ echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+ check_exists
+-ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+-[ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
++ORG_SHA256=$(sha256sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
++[ "$ORG_SHA256" = 7428e8f2436882a07eb32765086f5c899474c08b5576f556b573d2aabdf923e8 ] || fail
+ $CRYPTSETUP -q luksClose  $DEV_NAME || fail
+ 
+ # Check it can be opened from header backup as well
+@@ -315,6 +315,7 @@ $CRYPTSETUP -q luksClose  $DEV_NAME || f
+ $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
+ 
+ # Repeat for V1.0 header - not aligned first keyslot
++if [ ! fips_mode ] ; then
+ echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
+ check_exists
+ ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+@@ -326,6 +327,7 @@ $CRYPTSETUP luksHeaderBackup $IMG10 --he
+ echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
+ check_exists
+ $CRYPTSETUP -q luksClose  $DEV_NAME || fail
++fi
+ 
+ prepare "[2] open - compat image - denial check" new
+ echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+@@ -526,7 +528,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q
+ 
+ prepare "[19] create & status & resize" wipe
+ echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
+@@ -546,15 +548,15 @@ $CRYPTSETUP -q resize  $DEV_NAME || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ $CRYPTSETUP -q status  $DEV_NAME >/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 --size 100 $LOOPDEV || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ # 4k sector resize (if kernel supports it)
+-echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8  >/dev/null 2>&1
++echo $PWD1 | $CRYPTSETUP -q open --type plain --hash sha256 $LOOPDEV $DEV_NAME --sector-size 4096 --size 8  >/dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ 	$CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail
+ 	$CRYPTSETUP -q resize  $DEV_NAME --size 16 || fail
+@@ -567,7 +569,7 @@ if [ $? -eq 0 ] ; then
+ fi
+ # Resize not aligned to logical block size
+ add_scsi_device dev_size_mb=32 sector_size=4096
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV || fail
+ OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
+ $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
+ dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
+@@ -575,10 +577,10 @@ NEW_SIZE=$($CRYPTSETUP status $DEV_NAME
+ test $OLD_SIZE -eq $NEW_SIZE || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ # Add check for unaligned plain crypt activation
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV -b 7 2>/dev/null && fail
+ $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
+ # verify is ignored on non-tty input
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --verify-passphrase 2>/dev/null || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
+ $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
+@@ -695,15 +697,15 @@ $CRYPTSETUP luksChangeKey $LOOPDEV $FAST
+ dmsetup remove --retry $DEV_NAME2
+ 
+ prepare "[25] Create shared segments" wipe
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha1 --offset   0 --size 256 || fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha256 --offset   0 --size 256 || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 2>/dev/null && fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 --shared || fail
+ $CRYPTSETUP -q remove  $DEV_NAME2 || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ 
+ prepare "[26] Suspend/Resume" wipe
+ # only LUKS is supported
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test2 cryptsetup-2.4.3/tests/compat-test2
+--- cryptsetup-2.4.3.old/tests/compat-test2	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/compat-test2	2022-02-17 16:37:29.158459775 +0100
+@@ -774,7 +774,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
+ $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
+ # hash test
+-$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha1 || fail
++$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha512 || fail
+ $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail
+ $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
+ $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
+diff -rupN cryptsetup-2.4.3.old/tests/discards-test cryptsetup-2.4.3/tests/discards-test
+--- cryptsetup-2.4.3.old/tests/discards-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/discards-test	2022-02-17 16:37:29.158459775 +0100
+@@ -80,7 +80,7 @@ dmsetup table $DEV_NAME | grep allow_dis
+ $CRYPTSETUP luksClose $DEV_NAME || fail
+ 
+ echo "[2] Allowing discards for plain device"
+-echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail
++echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha256 --allow-discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
+ $CRYPTSETUP resize $DEV_NAME --size 100 || fail
+ $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
+diff -rupN cryptsetup-2.4.3.old/tests/integrity-compat-test cryptsetup-2.4.3/tests/integrity-compat-test
+--- cryptsetup-2.4.3.old/tests/integrity-compat-test	2022-02-17 16:37:09.542345979 +0100
++++ cryptsetup-2.4.3/tests/integrity-compat-test	2022-02-17 16:37:29.159459781 +0100
+@@ -168,7 +168,7 @@ intformat() # alg alg_out tagsize outtag
+ 	echo -n "[FORMAT]"
+ 	$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1
+ 	if [ $? -ne 0 ] ; then
+-		if [[ $1 =~ "sha" || $1 =~ "crc" ]] ; then
++		if [[ $1 =~ "sha2" || $1 =~ "crc" ]] ; then
+ 			fail "Cannot format device."
+ 		fi
+ 		echo "[N/A]"
+@@ -214,7 +214,14 @@ int_error_detection() # mode alg tagsize
+ 
+ 	echo -n "[INTEGRITY:$1:$2:$4:$5]"
+ 	echo -n "[FORMAT]"
+-	$INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null || fail "Cannot format device."
++	$INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null 2>&1
++	if [ $? -ne 0 ] ; then
++		if [[ $2 =~ "sha2" || $2 =~ "crc" ]] ; then
++			fail "Cannot format device."
++		fi
++		echo "[N/A]"
++		return
++	fi
+ 	echo -n "[ACTIVATE]"
+ 	$INTSETUP open $DEV $DEV_NAME --integrity $2 --integrity-no-journal $KEY_PARAMS $INT_MODE || fail "Cannot activate device."
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/keyring-compat-test cryptsetup-2.4.3/tests/keyring-compat-test
+--- cryptsetup-2.4.3.old/tests/keyring-compat-test	2022-02-17 16:37:09.542345979 +0100
++++ cryptsetup-2.4.3/tests/keyring-compat-test	2022-02-17 16:39:07.132028140 +0100
+@@ -119,7 +119,7 @@ add_device() {
+ which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
+ which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
+ which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped"
+-which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped"
++which sha256sum >/dev/null 2>&1 || skip "Cannot find sha256sum, test skipped"
+ modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
+ dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
+ 
+@@ -132,23 +132,23 @@ dd if=/dev/urandom of=$DEV bs=1M count=$
+ #test aes cipher with xts mode, plain IV
+ echo -n "Testing $CIPHER_XTS_PLAIN..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_32" logon  $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -156,23 +156,23 @@ echo "OK"
+ #test aes cipher, xts mode, essiv IV
+ echo -n "Testing $CIPHER_CBC_ESSIV..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_16" logon  $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -181,23 +181,23 @@ echo "OK"
+ fips_mode || {
+ echo -n "Testing $CIPHER_CBC_TCW..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_64" logon  $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -207,10 +207,10 @@ echo -n "Test LUKS2 key refresh..."
+ echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
+ echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
+ $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
+-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
++dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_KEYRING || fail
+ echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
+ $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
+-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
++dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_DMCRYPT || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
+ echo "OK"
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/password-hash-test cryptsetup-2.4.3/tests/password-hash-test
+--- cryptsetup-2.4.3.old/tests/password-hash-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/password-hash-test	2022-02-17 16:37:29.160459787 +0100
+@@ -75,7 +75,7 @@ crypt_key() # hash keysize pwd/file name
+ 	esac
+ 
+ 	# ignore these cases, not all libs/kernel supports it
+-	if [ "$1" != "sha1" -a "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
++	if [ "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
+ 		if [ $ret -ne 0 ] ; then
+ 			echo " [N/A] ($ret, SKIPPED)"
+ 			return
+diff -rupN cryptsetup-2.4.3.old/tests/reencryption-compat-test cryptsetup-2.4.3/tests/reencryption-compat-test
+--- cryptsetup-2.4.3.old/tests/reencryption-compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/reencryption-compat-test	2022-02-17 16:37:29.160459787 +0100
+@@ -338,7 +338,7 @@ simple_scsi_reenc "[4096/512 sector]"
+ echo "[OK]"
+ 
+ echo "[8] Header only reencryption (hash and iteration time)"
+-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha1 $FAST_PBKDF $LOOPDEV1 || fail
++echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha512 $FAST_PBKDF $LOOPDEV1 || fail
+ wipe $PWD1
+ check_hash $PWD1 $HASH1
+ echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key || fail
+diff -rupN cryptsetup-2.4.3.old/tests/verity-compat-test cryptsetup-2.4.3/tests/verity-compat-test
+--- cryptsetup-2.4.3.old/tests/verity-compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/verity-compat-test	2022-02-17 16:37:29.161459793 +0100
+@@ -148,7 +148,13 @@ function check_root_hash() # $1 size, $2
+ 	for fail in data hash; do
+ 	wipe
+ 	echo -n "V$4(sb=$sb root_hash_as_file=$root_hash_as_file) $5 block size $1: "
+-	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
++	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT
++	if [ $? -ne 0 ] ; then
++		if [[ $1 =~ "sha2" ]] ; then
++			fail "Cannot format device."
++		fi
++		return
++	fi
+ 
+ 	echo -n "[root hash]"
+ 	compare_out "root hash" $2
diff --git a/cryptsetup.spec b/cryptsetup.spec
index faa2c44..d008660 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,7 +1,7 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
 Version: 2.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@@ -13,8 +13,14 @@ Requires: libpwquality >= 1.2.0
 
 %global upstream_version %{version}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
+# binary archive with updated compatimage.img.xz for testing (can not be patched via rpmbuild)
+Source1: tests.tar.xz
+
 # Following patch has to applied last
 Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
+Patch0001: %{name}-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
+Patch0002: %{name}-2.5.0-Get-rid-of-SHA1-in-tests.patch
+Patch0003: %{name}-2.5.0-Do-not-use-too-small-key-in-tests.patch
 Patch9999: %{name}-add-system-library-paths.patch
 
 %description
@@ -61,7 +67,7 @@ This package contains cryptsetup-reencrypt utility which
 can be used for offline reencryption of disk in situ.
 
 %prep
-%autosetup -n cryptsetup-%{upstream_version} -p 1
+%autosetup -n cryptsetup-%{upstream_version} -p 1 -a 1
 chmod -x misc/dracut_90reencrypt/*
 
 %build
@@ -112,6 +118,10 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Thu Feb 17 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-2
+- Various FIPS related fixes.
+- Resolves: #2051630
+
 * Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1
 - Update to cryptsetup 2.4.3.
 - patch: Fix typo in repair command prompt.
diff --git a/sources b/sources
index f831562..a409632 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
+SHA512 (tests.tar.xz) = 593049cc42ff2bcf164b955f36e26f9fba07f4501eeb800907806567ee49beb31c9ee1923344b98d5d81a2da35f5846c8a53e2b40f669ffa395903348a476121
 SHA512 (cryptsetup-2.4.3.tar.xz) = 2d52498497be37a837126d9cdc9b6331236eccf857c3482fe3347eb88fccc3cd0fd3d8b4490569603e18cfaa462431ae194bce0328f3eafa8bfe3e02e135a26e