diff --git a/.cryptsetup.metadata b/.cryptsetup.metadata index 0274ab2..4ef48e6 100644 --- a/.cryptsetup.metadata +++ b/.cryptsetup.metadata @@ -1 +1 @@ -7aae3037a6eba63df19fd89310e325ac9b75aebd SOURCES/cryptsetup-2.4.0.tar.xz +8f25d5d69a4724e08e75697c82ce80a292d69b30 SOURCES/cryptsetup-2.4.1.tar.xz diff --git a/.gitignore b/.gitignore index f4e3f7f..4c60d40 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cryptsetup-2.4.0.tar.xz +SOURCES/cryptsetup-2.4.1.tar.xz diff --git a/SOURCES/cryptsetup-2.4.1-Adapt-crypto-backend-to-openssl3-lib-context.patch b/SOURCES/cryptsetup-2.4.1-Adapt-crypto-backend-to-openssl3-lib-context.patch deleted file mode 100644 index 0178126..0000000 --- a/SOURCES/cryptsetup-2.4.1-Adapt-crypto-backend-to-openssl3-lib-context.patch +++ /dev/null @@ -1,386 +0,0 @@ -From 6c9d3863031d5809cee6e157a0e53e7c4ef56940 Mon Sep 17 00:00:00 2001 -From: Ondrej Kozina -Date: Thu, 2 Sep 2021 15:36:15 +0200 -Subject: [PATCH 01/11] Adapt crypto backend to openssl3 lib context. - -Fully leverage openssl custom library context for various -providers (default, legacy). It can be used to properly -free all openssl resources used by libcryptsetup when -libcryptsetup is unloaded (and destructor is triggered). ---- - lib/crypto_backend/crypto_openssl.c | 188 +++++++++++++++++++++++----- - 1 file changed, 155 insertions(+), 33 deletions(-) - -diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c -index 19960a07..a5ec4048 100644 ---- a/lib/crypto_backend/crypto_openssl.c -+++ b/lib/crypto_backend/crypto_openssl.c -@@ -41,8 +41,10 @@ - #include "crypto_backend_internal.h" - #if OPENSSL_VERSION_MAJOR >= 3 - #include -+#include - static OSSL_PROVIDER *ossl_legacy = NULL; - static OSSL_PROVIDER *ossl_default = NULL; -+static OSSL_LIB_CTX *ossl_ctx = NULL; - #endif - - #define CONST_CAST(x) (x)(uintptr_t) -@@ -68,6 +70,7 @@ struct crypt_cipher { - struct { - EVP_CIPHER_CTX *hd_enc; - EVP_CIPHER_CTX *hd_dec; -+ const EVP_CIPHER *cipher_type; - size_t iv_length; - } lib; - } u; -@@ -130,31 +133,41 @@ static void HMAC_CTX_free(HMAC_CTX *md) - free(md); - } - #else --static void openssl_backend_init(void) -+static int openssl_backend_init(void) - { - /* - * OpenSSL >= 3.0.0 provides some algorithms in legacy provider - */ - #if OPENSSL_VERSION_MAJOR >= 3 -- OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); -- ossl_legacy = OSSL_PROVIDER_try_load(NULL, "legacy", 0); -- ossl_default = OSSL_PROVIDER_try_load(NULL, "default", 0); -+ ossl_ctx = OSSL_LIB_CTX_new(); -+ if (!ossl_ctx) -+ return -EINVAL; -+ -+ ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0); -+ if (!ossl_default) { -+ OSSL_LIB_CTX_free(ossl_ctx); -+ return -EINVAL; -+ } -+ -+ /* Optional */ -+ ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0); - #endif -+ return 0; - } - - static void openssl_backend_exit(void) - { - #if OPENSSL_VERSION_MAJOR >= 3 -- /* -- * If Destructor was already called, we must not call it again -- */ -- if (OPENSSL_init_crypto(0, NULL) != 0) { -+ if (ossl_legacy) - OSSL_PROVIDER_unload(ossl_legacy); -+ if (ossl_default) - OSSL_PROVIDER_unload(ossl_default); -- OPENSSL_cleanup(); -- } -+ if (ossl_ctx) -+ OSSL_LIB_CTX_free(ossl_ctx); -+ - ossl_legacy = NULL; - ossl_default = NULL; -+ ossl_ctx = NULL; - #endif - } - -@@ -169,7 +182,8 @@ int crypt_backend_init(void) - if (crypto_backend_initialised) - return 0; - -- openssl_backend_init(); -+ if (openssl_backend_init()) -+ return -EINVAL; - - crypto_backend_initialised = 1; - return 0; -@@ -177,7 +191,14 @@ int crypt_backend_init(void) - - void crypt_backend_destroy(void) - { -+ /* -+ * If Destructor was already called, we must not call it again -+ */ -+ if (!crypto_backend_initialised) -+ return; -+ - crypto_backend_initialised = 0; -+ - openssl_backend_exit(); - } - -@@ -215,16 +236,51 @@ static const char *crypt_hash_compat_name(const char *name) - return hash_name; - } - -+static const EVP_MD *hash_id_get(const char *name) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ return EVP_MD_fetch(ossl_ctx, crypt_hash_compat_name(name), NULL); -+#else -+ return EVP_get_digestbyname(crypt_hash_compat_name(name)); -+#endif -+} -+ -+static void hash_id_free(const EVP_MD *hash_id) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ EVP_MD_free(CONST_CAST(EVP_MD*)hash_id); -+#endif -+} -+ -+static const EVP_CIPHER *cipher_type_get(const char *name) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ return EVP_CIPHER_fetch(ossl_ctx, name, NULL); -+#else -+ return EVP_get_cipherbyname(name); -+#endif -+} -+ -+static void cipher_type_free(const EVP_CIPHER *cipher_type) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type); -+#endif -+} -+ - /* HASH */ - int crypt_hash_size(const char *name) - { -+ int size; - const EVP_MD *hash_id; - -- hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name)); -+ hash_id = hash_id_get(name); - if (!hash_id) - return -EINVAL; - -- return EVP_MD_size(hash_id); -+ size = EVP_MD_size(hash_id); -+ hash_id_free(hash_id); -+ return size; - } - - int crypt_hash_init(struct crypt_hash **ctx, const char *name) -@@ -241,7 +297,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) - return -ENOMEM; - } - -- h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name)); -+ h->hash_id = hash_id_get(name); - if (!h->hash_id) { - EVP_MD_CTX_free(h->md); - free(h); -@@ -249,6 +305,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) - } - - if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) { -+ hash_id_free(h->hash_id); - EVP_MD_CTX_free(h->md); - free(h); - return -EINVAL; -@@ -300,6 +357,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) - - void crypt_hash_destroy(struct crypt_hash *ctx) - { -+ hash_id_free(ctx->hash_id); - EVP_MD_CTX_free(ctx->md); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); -@@ -326,7 +384,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - return -ENOMEM; - } - -- h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name)); -+ h->hash_id = hash_id_get(name); - if (!h->hash_id) { - HMAC_CTX_free(h->md); - free(h); -@@ -374,6 +432,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) - - void crypt_hmac_destroy(struct crypt_hmac *ctx) - { -+ hash_id_free(ctx->hash_id); - HMAC_CTX_free(ctx->md); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); -@@ -389,6 +448,67 @@ int crypt_backend_rng(char *buffer, size_t length, - return 0; - } - -+static int pbkdf2(const char *password, size_t password_length, -+ const char *salt, size_t salt_length, -+ uint32_t iterations, const char *hash, size_t key_length, -+ unsigned char *key) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ EVP_KDF_CTX *ctx; -+ EVP_KDF *pbkdf2; -+ int r; -+ OSSL_PARAM params[] = { -+ { .key = "pass", -+ .data_type = OSSL_PARAM_OCTET_STRING, -+ .data = CONST_CAST(void*)password, -+ .data_size = password_length -+ }, -+ { .key = "salt", -+ .data_type = OSSL_PARAM_OCTET_STRING, -+ .data = CONST_CAST(void*)salt, -+ .data_size = salt_length -+ }, -+ { .key = "iter", -+ .data_type = OSSL_PARAM_UNSIGNED_INTEGER, -+ .data = &iterations, -+ .data_size = sizeof(iterations) -+ }, -+ { .key = "digest", -+ .data_type = OSSL_PARAM_UTF8_STRING, -+ .data = CONST_CAST(void*)hash, -+ .data_size = strlen(hash) -+ }, -+ { NULL, 0, NULL, 0, 0 } -+ }; -+ -+ pbkdf2 = EVP_KDF_fetch(ossl_ctx, "pbkdf2", NULL); -+ if (!pbkdf2) -+ return 0; -+ -+ ctx = EVP_KDF_CTX_new(pbkdf2); -+ if (!ctx) { -+ EVP_KDF_free(pbkdf2); -+ return 0; -+ } -+ -+ r = EVP_KDF_derive(ctx, key, key_length, params); -+ -+ EVP_KDF_CTX_free(ctx); -+ EVP_KDF_free(pbkdf2); -+ -+ /* _derive() returns 0 or negative value on error, 1 on success */ -+ return r <= 0 ? 0 : 1; -+#else -+ const EVP_MD *hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash)); -+ if (!hash_id) -+ return 0; -+ -+ return PKCS5_PBKDF2_HMAC(password, (int)password_length, (const unsigned char *)salt, -+ (int)salt_length, iterations, hash_id, -+ (int)key_length, key); -+#endif -+} -+ - /* PBKDF */ - int crypt_pbkdf(const char *kdf, const char *hash, - const char *password, size_t password_length, -@@ -397,19 +517,12 @@ int crypt_pbkdf(const char *kdf, const char *hash, - uint32_t iterations, uint32_t memory, uint32_t parallel) - - { -- const EVP_MD *hash_id; -- - if (!kdf) - return -EINVAL; - - if (!strcmp(kdf, "pbkdf2")) { -- hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash)); -- if (!hash_id) -- return -EINVAL; -- -- if (!PKCS5_PBKDF2_HMAC(password, (int)password_length, -- (const unsigned char *)salt, (int)salt_length, -- (int)iterations, hash_id, (int)key_length, (unsigned char *)key)) -+ if (!pbkdf2(password, password_length, -+ salt, salt_length, iterations, hash, key_length, (unsigned char *)key)) - return -EINVAL; - return 0; - } else if (!strncmp(kdf, "argon2", 6)) { -@@ -421,16 +534,19 @@ int crypt_pbkdf(const char *kdf, const char *hash, - } - - /* Block ciphers */ --static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec) -+static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type) - { - EVP_CIPHER_CTX_free(*hd_enc); - *hd_enc = NULL; - - EVP_CIPHER_CTX_free(*hd_dec); - *hd_dec = NULL; -+ -+ cipher_type_free(*cipher_type); -+ *cipher_type = NULL; - } - --static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const char *name, -+static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type, const char *name, - const char *mode, const void *key, size_t key_length, size_t *iv_length) - { - char cipher_name[256]; -@@ -445,32 +561,38 @@ static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const - if (r < 0 || (size_t)r >= sizeof(cipher_name)) - return -EINVAL; - -- type = EVP_get_cipherbyname(cipher_name); -+ type = cipher_type_get(cipher_name); - if (!type) - return -ENOENT; - -- if (EVP_CIPHER_key_length(type) != (int)key_length) -+ if (EVP_CIPHER_key_length(type) != (int)key_length) { -+ cipher_type_free(type); - return -EINVAL; -+ } - - *hd_enc = EVP_CIPHER_CTX_new(); - *hd_dec = EVP_CIPHER_CTX_new(); - *iv_length = EVP_CIPHER_iv_length(type); - -- if (!*hd_enc || !*hd_dec) -+ if (!*hd_enc || !*hd_dec) { -+ cipher_type_free(type); - return -EINVAL; -+ } - - if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 || - EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) { -- _cipher_destroy(hd_enc, hd_dec); -+ _cipher_destroy(hd_enc, hd_dec, &type); - return -EINVAL; - } - - if (EVP_CIPHER_CTX_set_padding(*hd_enc, 0) != 1 || - EVP_CIPHER_CTX_set_padding(*hd_dec, 0) != 1) { -- _cipher_destroy(hd_enc, hd_dec); -+ _cipher_destroy(hd_enc, hd_dec, &type); - return -EINVAL; - } - -+ *cipher_type = type; -+ - return 0; - } - -@@ -484,7 +606,7 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - if (!h) - return -ENOMEM; - -- if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, name, mode, key, -+ if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, &h->u.lib.cipher_type, name, mode, key, - key_length, &h->u.lib.iv_length)) { - h->use_kernel = false; - *ctx = h; -@@ -507,7 +629,7 @@ void crypt_cipher_destroy(struct crypt_cipher *ctx) - if (ctx->use_kernel) - crypt_cipher_destroy_kernel(&ctx->u.kernel); - else -- _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec); -+ _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec, &ctx->u.lib.cipher_type); - free(ctx); - } - --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.4.1-Cache-FIPS-mode-check.patch b/SOURCES/cryptsetup-2.4.1-Cache-FIPS-mode-check.patch deleted file mode 100644 index d64cbee..0000000 --- a/SOURCES/cryptsetup-2.4.1-Cache-FIPS-mode-check.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 75e45462f097a9a75747b3f44d7672f2547e63e9 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Tue, 14 Sep 2021 09:56:05 +0200 -Subject: [PATCH 04/11] Cache FIPS mode check. - -We do not support switch while the crypto backend is already initialized, -so it does not make sense to check repeatedly for the FIPS mode status. ---- - lib/utils_fips.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/lib/utils_fips.c b/lib/utils_fips.c -index 0c2b6434..640ff0e3 100644 ---- a/lib/utils_fips.c -+++ b/lib/utils_fips.c -@@ -26,6 +26,9 @@ - #if !ENABLE_FIPS - bool crypt_fips_mode(void) { return false; } - #else -+static bool fips_checked = false; -+static bool fips_mode = false; -+ - static bool kernel_fips_mode(void) - { - int fd; -@@ -41,6 +44,12 @@ static bool kernel_fips_mode(void) - - bool crypt_fips_mode(void) - { -- return kernel_fips_mode() && !access("/etc/system-fips", F_OK); -+ if (fips_checked) -+ return fips_mode; -+ -+ fips_mode = kernel_fips_mode() && !access("/etc/system-fips", F_OK); -+ fips_checked = true; -+ -+ return fips_mode; - } - #endif /* ENABLE_FIPS */ --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.4.1-Do-not-load-own-OpenSSL-backend-context-in-FIPS-mode.patch b/SOURCES/cryptsetup-2.4.1-Do-not-load-own-OpenSSL-backend-context-in-FIPS-mode.patch deleted file mode 100644 index 928e65e..0000000 --- a/SOURCES/cryptsetup-2.4.1-Do-not-load-own-OpenSSL-backend-context-in-FIPS-mode.patch +++ /dev/null @@ -1,236 +0,0 @@ -From f8eb7b225affe8b6b9f02ab6a90fd2e73181a526 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 13 Sep 2021 19:45:05 +0200 -Subject: [PATCH 03/11] Do not load own OpenSSL backend context in FIPS mode. - -In the FIPS mode keep configuration up to the system wide config. ---- - lib/crypto_backend/crypto_backend.h | 2 +- - lib/crypto_backend/crypto_gcrypt.c | 2 +- - lib/crypto_backend/crypto_kernel.c | 2 +- - lib/crypto_backend/crypto_nettle.c | 2 +- - lib/crypto_backend/crypto_nss.c | 2 +- - lib/crypto_backend/crypto_openssl.c | 39 +++++++++++++++++------------ - lib/setup.c | 2 +- - lib/utils_fips.c | 8 +++--- - lib/utils_fips.h | 4 ++- - tests/crypto-vectors.c | 2 +- - 10 files changed, 37 insertions(+), 28 deletions(-) - -diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h -index 5278c345..88cc2d59 100644 ---- a/lib/crypto_backend/crypto_backend.h -+++ b/lib/crypto_backend/crypto_backend.h -@@ -31,7 +31,7 @@ struct crypt_hmac; - struct crypt_cipher; - struct crypt_storage; - --int crypt_backend_init(void); -+int crypt_backend_init(bool fips); - void crypt_backend_destroy(void); - - #define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ -diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c -index 2845382e..67f26067 100644 ---- a/lib/crypto_backend/crypto_gcrypt.c -+++ b/lib/crypto_backend/crypto_gcrypt.c -@@ -94,7 +94,7 @@ static void crypt_hash_test_whirlpool_bug(void) - crypto_backend_whirlpool_bug = 1; - } - --int crypt_backend_init(void) -+int crypt_backend_init(bool fips __attribute__((unused))) - { - int r; - -diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c -index 2e3d65b2..ce84cfac 100644 ---- a/lib/crypto_backend/crypto_kernel.c -+++ b/lib/crypto_backend/crypto_kernel.c -@@ -117,7 +117,7 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op - return 0; - } - --int crypt_backend_init(void) -+int crypt_backend_init(bool fips __attribute__((unused))) - { - struct utsname uts; - struct sockaddr_alg sa = { -diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c -index 0860a52d..c9b9f5f8 100644 ---- a/lib/crypto_backend/crypto_nettle.c -+++ b/lib/crypto_backend/crypto_nettle.c -@@ -213,7 +213,7 @@ static struct hash_alg *_get_alg(const char *name) - return NULL; - } - --int crypt_backend_init(void) -+int crypt_backend_init(bool fips __attribute__((unused))) - { - return 0; - } -diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c -index ebe9de0e..a84d3d65 100644 ---- a/lib/crypto_backend/crypto_nss.c -+++ b/lib/crypto_backend/crypto_nss.c -@@ -75,7 +75,7 @@ static struct hash_alg *_get_alg(const char *name) - return NULL; - } - --int crypt_backend_init(void) -+int crypt_backend_init(bool fips __attribute__((unused))) - { - int r; - -diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c -index 92eeb33c..2a490ce5 100644 ---- a/lib/crypto_backend/crypto_openssl.c -+++ b/lib/crypto_backend/crypto_openssl.c -@@ -88,7 +88,7 @@ struct hash_alg { - #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - --static void openssl_backend_init(void) -+static void openssl_backend_init(bool fips __attribute__((unused))) - { - OpenSSL_add_all_algorithms(); - } -@@ -150,7 +150,7 @@ static void openssl_backend_exit(void) - #endif - } - --static int openssl_backend_init(void) -+static int openssl_backend_init(bool fips) - { - /* - * OpenSSL >= 3.0.0 provides some algorithms in legacy provider -@@ -158,23 +158,30 @@ static int openssl_backend_init(void) - #if OPENSSL_VERSION_MAJOR >= 3 - int r; - -- ossl_ctx = OSSL_LIB_CTX_new(); -- if (!ossl_ctx) -- return -EINVAL; -+ /* -+ * In FIPS mode we keep default OpenSSL context & global config -+ */ -+ if (!fips) { -+ ossl_ctx = OSSL_LIB_CTX_new(); -+ if (!ossl_ctx) -+ return -EINVAL; - -- ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0); -- if (!ossl_default) { -- OSSL_LIB_CTX_free(ossl_ctx); -- return -EINVAL; -- } -+ ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0); -+ if (!ossl_default) { -+ OSSL_LIB_CTX_free(ossl_ctx); -+ return -EINVAL; -+ } - -- /* Optional */ -- ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0); -+ /* Optional */ -+ ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0); -+ } - -- r = snprintf(backend_version, sizeof(backend_version), "%s %s%s", -+ r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s", - OpenSSL_version(OPENSSL_VERSION), - ossl_default ? "[default]" : "", -- ossl_legacy ? "[legacy]" : ""); -+ ossl_legacy ? "[legacy]" : "", -+ fips ? "[fips]" : ""); -+ - if (r < 0 || (size_t)r >= sizeof(backend_version)) { - openssl_backend_exit(); - return -EINVAL; -@@ -193,12 +200,12 @@ static const char *openssl_backend_version(void) - } - #endif - --int crypt_backend_init(void) -+int crypt_backend_init(bool fips) - { - if (crypto_backend_initialised) - return 0; - -- if (openssl_backend_init()) -+ if (openssl_backend_init(fips)) - return -EINVAL; - - crypto_backend_initialised = 1; -diff --git a/lib/setup.c b/lib/setup.c -index dc5459f5..a5dfd843 100644 ---- a/lib/setup.c -+++ b/lib/setup.c -@@ -227,7 +227,7 @@ int init_crypto(struct crypt_device *ctx) - return r; - } - -- r = crypt_backend_init(); -+ r = crypt_backend_init(crypt_fips_mode()); - if (r < 0) - log_err(ctx, _("Cannot initialize crypto backend.")); - -diff --git a/lib/utils_fips.c b/lib/utils_fips.c -index 4fa22fb9..0c2b6434 100644 ---- a/lib/utils_fips.c -+++ b/lib/utils_fips.c -@@ -24,9 +24,9 @@ - #include "utils_fips.h" - - #if !ENABLE_FIPS --int crypt_fips_mode(void) { return 0; } -+bool crypt_fips_mode(void) { return false; } - #else --static int kernel_fips_mode(void) -+static bool kernel_fips_mode(void) - { - int fd; - char buf[1] = ""; -@@ -36,10 +36,10 @@ static int kernel_fips_mode(void) - close(fd); - } - -- return (buf[0] == '1') ? 1 : 0; -+ return (buf[0] == '1'); - } - --int crypt_fips_mode(void) -+bool crypt_fips_mode(void) - { - return kernel_fips_mode() && !access("/etc/system-fips", F_OK); - } -diff --git a/lib/utils_fips.h b/lib/utils_fips.h -index 51b110b5..13cfc9fb 100644 ---- a/lib/utils_fips.h -+++ b/lib/utils_fips.h -@@ -21,6 +21,8 @@ - #ifndef _UTILS_FIPS_H - #define _UTILS_FIPS_H - --int crypt_fips_mode(void); -+#include -+ -+bool crypt_fips_mode(void); - - #endif /* _UTILS_FIPS_H */ -diff --git a/tests/crypto-vectors.c b/tests/crypto-vectors.c -index 025585de..6484e97a 100644 ---- a/tests/crypto-vectors.c -+++ b/tests/crypto-vectors.c -@@ -1301,7 +1301,7 @@ int main(__attribute__ ((unused)) int argc, __attribute__ ((unused))char *argv[] - exit(77); - } - -- if (crypt_backend_init()) -+ if (crypt_backend_init(fips_mode())) - exit_test("Crypto backend init error.", EXIT_FAILURE); - - printf("Test vectors using %s crypto backend.\n", crypt_backend_version()); --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.4.1-OpenSSL-backend-make-legacy-for-OpenSSL3-optional-an.patch b/SOURCES/cryptsetup-2.4.1-OpenSSL-backend-make-legacy-for-OpenSSL3-optional-an.patch deleted file mode 100644 index 060b1ef..0000000 --- a/SOURCES/cryptsetup-2.4.1-OpenSSL-backend-make-legacy-for-OpenSSL3-optional-an.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 29ea07ef66be59c8ab62058b2ce3e92765e2be10 Mon Sep 17 00:00:00 2001 -From: Milan Broz -Date: Mon, 13 Sep 2021 14:48:15 +0200 -Subject: [PATCH 02/11] OpenSSL backend: make legacy for OpenSSL3 optional and - report loaded providers - ---- - lib/crypto_backend/crypto_openssl.c | 48 +++++++++++++++++++---------- - 1 file changed, 32 insertions(+), 16 deletions(-) - -diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c -index a5ec4048..92eeb33c 100644 ---- a/lib/crypto_backend/crypto_openssl.c -+++ b/lib/crypto_backend/crypto_openssl.c -@@ -45,6 +45,7 @@ - static OSSL_PROVIDER *ossl_legacy = NULL; - static OSSL_PROVIDER *ossl_default = NULL; - static OSSL_LIB_CTX *ossl_ctx = NULL; -+static char backend_version[256] = "OpenSSL"; - #endif - - #define CONST_CAST(x) (x)(uintptr_t) -@@ -133,12 +134,30 @@ static void HMAC_CTX_free(HMAC_CTX *md) - free(md); - } - #else -+static void openssl_backend_exit(void) -+{ -+#if OPENSSL_VERSION_MAJOR >= 3 -+ if (ossl_legacy) -+ OSSL_PROVIDER_unload(ossl_legacy); -+ if (ossl_default) -+ OSSL_PROVIDER_unload(ossl_default); -+ if (ossl_ctx) -+ OSSL_LIB_CTX_free(ossl_ctx); -+ -+ ossl_legacy = NULL; -+ ossl_default = NULL; -+ ossl_ctx = NULL; -+#endif -+} -+ - static int openssl_backend_init(void) - { - /* - * OpenSSL >= 3.0.0 provides some algorithms in legacy provider - */ - #if OPENSSL_VERSION_MAJOR >= 3 -+ int r; -+ - ossl_ctx = OSSL_LIB_CTX_new(); - if (!ossl_ctx) - return -EINVAL; -@@ -151,30 +170,27 @@ static int openssl_backend_init(void) - - /* Optional */ - ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0); -+ -+ r = snprintf(backend_version, sizeof(backend_version), "%s %s%s", -+ OpenSSL_version(OPENSSL_VERSION), -+ ossl_default ? "[default]" : "", -+ ossl_legacy ? "[legacy]" : ""); -+ if (r < 0 || (size_t)r >= sizeof(backend_version)) { -+ openssl_backend_exit(); -+ return -EINVAL; -+ } - #endif - return 0; - } - --static void openssl_backend_exit(void) -+static const char *openssl_backend_version(void) - { - #if OPENSSL_VERSION_MAJOR >= 3 -- if (ossl_legacy) -- OSSL_PROVIDER_unload(ossl_legacy); -- if (ossl_default) -- OSSL_PROVIDER_unload(ossl_default); -- if (ossl_ctx) -- OSSL_LIB_CTX_free(ossl_ctx); -- -- ossl_legacy = NULL; -- ossl_default = NULL; -- ossl_ctx = NULL; -+ return backend_version; -+#else -+ return OpenSSL_version(OPENSSL_VERSION); - #endif - } -- --static const char *openssl_backend_version(void) --{ -- return OpenSSL_version(OPENSSL_VERSION); --} - #endif - - int crypt_backend_init(void) --- -2.27.0 - diff --git a/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch b/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch new file mode 100644 index 0000000..67ae8df --- /dev/null +++ b/SOURCES/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch @@ -0,0 +1,48 @@ +From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Tue, 21 Sep 2021 15:54:07 +0200 +Subject: [PATCH 2/7] Check if DM create device failed in an early phase. + +This happens when concurrent creation of DM devices meets +in the very early state (no device node exists but creation fails). + +Return -ENODEV here instead of -EINVAL. + +(Should "fix" random verity concurrent test failure.) +--- + lib/libdevmapper.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index 09fd9588..1594f877 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -1346,12 +1346,6 @@ err: + return r; + } + +-static bool dm_device_exists(struct crypt_device *cd, const char *name) +-{ +- int r = dm_status_device(cd, name); +- return (r >= 0 || r == -EEXIST); +-} +- + static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type, + struct crypt_dm_active_device *dmd) + { +@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch + goto out; + + if (!dm_task_run(dmt)) { +- if (dm_device_exists(cd, name)) ++ r = dm_status_device(cd, name);; ++ if (r >= 0) + r = -EEXIST; ++ if (r != -EEXIST && r != -ENODEV) ++ r = -EINVAL; + goto out; + } + +-- +2.27.0 + diff --git a/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch b/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch new file mode 100644 index 0000000..7ec2b84 --- /dev/null +++ b/SOURCES/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch @@ -0,0 +1,53 @@ +From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 20 Sep 2021 17:42:20 +0200 +Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is + implemented in libc. + +If zeroing memory is implemented through libc call (like memset_bzero), +compiler should never remove such call. It is not needed to set O0 +optimization flag explicitly. + +Various checkers like annocheck causes problems with these flags, +just remove it where it makes no sense. + +(Moreover, we use the same pattern without compiler magic +in crypt_backend_memzero() already.) +--- + lib/crypto_backend/argon2/core.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c +index b204ba98..db9a7741 100644 +--- a/lib/crypto_backend/argon2/core.c ++++ b/lib/crypto_backend/argon2/core.c +@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory, + } + } + +-void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { + #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) ++void secure_wipe_memory(void *v, size_t n) { + SecureZeroMemory(v, n); ++} + #elif defined memset_s ++void secure_wipe_memory(void *v, size_t n) { + memset_s(v, n, 0, n); ++} + #elif defined(HAVE_EXPLICIT_BZERO) ++void secure_wipe_memory(void *v, size_t n) { + explicit_bzero(v, n); ++} + #else ++void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { + static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; + memset_sec(v, 0, n); +-#endif + } ++#endif + + /* Memory clear flag defaults to true. */ + int FLAG_clear_internal_memory = 1; +-- +2.27.0 + diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index 3d879b5..ba1d65b 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -1,7 +1,7 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup -Version: 2.4.0 -Release: 2%{?dist} +Version: 2.4.1 +Release: 1%{?dist} License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup BuildRequires: openssl-devel, popt-devel, device-mapper-devel @@ -14,10 +14,8 @@ Requires: libpwquality >= 1.2.0 %global upstream_version %{version} Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz # Following patch has to applied last -Patch0000: %{name}-2.4.1-Adapt-crypto-backend-to-openssl3-lib-context.patch -Patch0001: %{name}-2.4.1-OpenSSL-backend-make-legacy-for-OpenSSL3-optional-an.patch -Patch0002: %{name}-2.4.1-Do-not-load-own-OpenSSL-backend-context-in-FIPS-mode.patch -Patch0003: %{name}-2.4.1-Cache-FIPS-mode-check.patch +Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch +Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch Patch9999: %{name}-add-system-library-paths.patch %description @@ -115,9 +113,9 @@ rm -rf %{buildroot}%{_libdir}/*.la %ghost %attr(700, -, -) %dir /run/cryptsetup %changelog -* Thu Sep 09 2021 Ondrej Kozina - 2.4.0-2 -- Fix openssl crypto backend teardown in library destructor - Resolves: #1998921 +* Wed Sep 29 2021 Ondrej Kozina - 2.4.1-1 +- Update to cryptsetup 2.4.1. + Resolves: #2005035 #2005877 * Thu Aug 19 2021 Ondrej Kozina - 2.4.0-1 - Update to cryptsetup 2.4.0.