From f3b9fc0d7ae9fab0179c8a3133aff20ad24bc37e Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 1 Aug 2024 21:04:48 +0100 Subject: [PATCH] cryptsetup: update to version 2.7.4 Cryptsetup 2.7.4 Release Notes ============================== Stable bug-fix release. All users of cryptsetup 2.7 should upgrade to this version. Changes since version 2.7.3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Detect device busy failure for device-mapper table-referenced devices. Some device-mapper ioctl failures can disappear in libdevmapper, causing the libcryptsetup wrapper to return an invalid error (EINVAL) instead of EEXIST or EBUSY. One such case is when there is a device creation race, and the device-mapper device name is created, but the following mapping table load fails. This can happen because some block devices used in table mapping have already been claimed by another process (the kernel needs exclusive access). The kernel ioctl properly returns EBUSY; this errno is lost in libdevmapper (dm_task_get_errno returns 0). It should be fixed by libdevmapper in the future. Such behavior was seen in the systemd way of handling dm-verity devices. With these changes, the code should react for EEXIST and EBUSY, as another process has already activated the device. Code calling libcryptsetup also must not check the underlying device with an exclusive open flag (O_EXCL). Otherwise, it could cause a race in the kernel device-mapper, resulting in no process succeeding device activation (see also CRYPT_ACTIVATE_SHARED flag below). * Fix shared activation for dm-verity devices. The CRYPT_ACTIVATE_SHARED flag was silently ignored when activating dm-verity devices. Dm-verity shared activation is generally safe since all verity devices are read-only. The shared flag is a way to skip the exclusive access check for the device, allowing it to create multiple mappings with the same device or properly handle a racy concurrent activation of devices with the same name from different processes. * Add --shared option for veritysetup open action. The option allows the data device to be used in multiple device-mapper table mappings (skip exclusive access check) or to allow concurrent dm-verity device activation of the same device (only one process succeeds in this case; the other will return EEXIST or EBUSY). * Do not use exclusive flag for the allocated backing loop files. Using this flag is an undefined operation for opening an existing file. The flag should be used only for allocated loop (block) devices. * Fixes for problems found by static analyzers and Valgrind. These include fixes for non-default libgcrypt, NSS, and Nettle cryptographic backends, buffer operations to avoid partial read/write, and several other workarounds for mostly false positive warnings. * Fixes to tests and CI scripts. Cryptsetup 2.7.3 Release Notes ============================== Stable bug-fix release with security fixes. All users of cryptsetup 2.7 must upgrade to this version. Changes since version 2.7.2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Do not allow formatting LUKS2 with Opal SED (hardware encryption) if the reported logical sector size for the block device and Opal encryption logical block differs. Such a configuration can lead to a partially encrypted Opal locking range or data destruction following the expected locking range. Some NVMe drives support multiple LBAF profiles (typically supporting 512-byte and 4096-byte sector size). Some broken Opal NVMe firmware can report bogus encryption size that disagrees with real used sector size. This usually happens after low-level NVMe reformatting (LBAF profile change with nvme utility) to different sector size. Moreover, some firmware versions do not properly reset this even after explicit PSID revert. Cryptsetup calculates the Opal locking range using the reported block size in Opal geometry ioctl. Unfortunately, the broken firmware drive internally uses the logical block size of the block device, which can differ. This can lead to two possible situations: - Opal reports a smaller block size (512-byte) while the drive uses a 4096-byte sector. The configured locking range is then much larger, destroying data following the expected locking range setting. - Opal reports a larger block size (4096-byte) while the drive uses a 512-byte sector. The configured locking range is then much smaller, leaving the remaining space in the locking range unencrypted (violating the confidentiality of data). Cryptsetup now detects this discrepancy and disallows LUKS2 format with Opal hardware encryption in such a case. For already formatted devices, you will see this warning: "Bogus OPAL logical block size differs from device block size." If you also used software encryption (dm-crypt over Opal), data will still be fully encrypted with software dm-crypt. With hw-only encryption, your configuration is probably already broken (insecure or accessing data beyond the assigned area). Note that this is caused by bad firmware (seen with multiple vendors), and the problem was reported, at least for drives we have access to. * Fixes to wiping LUKS2 headers after Opal locking area erase. As the hardware locking range is destroyed (cryptsetup erase command), the LUKS2 header is no longer usable and was partially wiped. Now the code fully wipes also the secondary header, as the previous code wiped only the primary LUKS area. Note that this is an exception, as the normal erase command wipes only the keyslots, keeping the LUKS2 header in place. With Opal encryption, the data segment is no longer valid, so the whole LUKS2 header is no longer usable. * Mention the need for possible PSID revert before Opal format for some drives (man page). * Fix Bitlocker-compatible code to ignore newly seen metadata entries. Recent Windows OS versions started to include new (undocumented) metadata entries in Bitlocker. These entries are now quietly ignored, allowing Bitlocker images to open with cryptsetup again. * Fix interactive query retry if LUKS2 unbound keyslot is present. If an unbound keyslot is present, the password query retry count is now properly applied. * Detect unsupported zoned devices for LUKS header devices. Zoned devices cannot be written with direct-io and used for LUKS header logic in general. Code now rejects placing the LUKS header on a zoned device, while you can still create a detached header and use a zoned device for encrypted data. * Allow "capi" cipher format for benchmark command and fix parsing of plain IV in "capi" format. Some ciphers can be specified only in Linux kernel crypto notation (in short, "capi"). Code now allows this format also for benchmark, for example, "benchmark -c capi:xts\(aes\)-plain64" (that is equivalent to -c aes-xts-plain64). * Add support for HCTR2 encryption mode. The HCTR2 encryption mode was added to the Linux kernel for fscrypt, but as it is a length-preserving mode (with sector tweak), it can be easily used for disk encryption, too. The mode has the same property as wide modes (any change is propagated to the whole sector instead of only one block as in XTS mode). As it needs a larger initialization vector (32 bytes), we need to add an exception in the userspace format code. You can now use --cipher aes-hctr2-plain64 for the format operation. * Source code now uses SPDX license identifiers instead of full license preambles. * Fix missing includes for cryptographic backend that could cause compilation errors for some systems. * Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2. * Fix various (mostly false positive) issues detected by Coverity. Cryptsetup 2.7.2 Release Notes ============================== Stable bug-fix release. All users of cryptsetup 2.7 should upgrade to this version. Changes since version 2.7.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Fix activation of OPAL-only encrypted LUKS device with tokens. The issue was caused by an invalid volume key check (assert) that is impossible without software encryption. * Fix formatting of OPAL devices with 4096-byte sector size. * Fix incorrect OPAL locking range alignment calculation if used over an unaligned device partition. * Add --hw-opal-factory-reset option description to the manual page. * Do not check the passphrase quality for OPAL Admin PIN, as this passphrase already exists. * Update license for FAQ document to CC BY-SA 4.0. NOTE: Please note that with OPAL-only (--hw-opal-only) encryption, the configured OPAL administrator PIN (passphrase) allows unlocking all configured locking ranges without LUKS keyslot decryption (without knowledge of LUKS passphrase). Because of many observed problems with compatibility, cryptsetup currently DOES NOT use OPAL single-user mode, which would allow such decoupling of OPAL admin PIN access. Signed-off-by: Daniel Golle --- utils/cryptsetup/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/cryptsetup/Makefile b/utils/cryptsetup/Makefile index 1af3edfc16..3b2eab61bd 100644 --- a/utils/cryptsetup/Makefile +++ b/utils/cryptsetup/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cryptsetup -PKG_VERSION:=2.7.1 +PKG_VERSION:=2.7.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/cryptsetup/v$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VERSION)))) -PKG_HASH:=da5d1419e2a86e01aa32fd79582cd54d208857cb541bca2fd426a5ff1aaabbc3 +PKG_HASH:=dce29903a58f7b774fe61191e7e6de955de0f40d9e27b0028ffcf3438c0e9480 PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0-or-later LGPL-2.1-or-later -- 2.30.2