[Bug 1715010] [NEW] Fix XTS encryption with FIPS enabled kernels
Marcelo Cerri
1715010 at bugs.launchpad.net
Mon Sep 4 17:53:37 UTC 2017
Public bug reported:
SRU Justification:
Impact: The kernel crypto API rejects weak XTS keys in FIPS mode and
the current version of cryptsetup in xenial do some tests with a zeroed
key to check cipher availability in the kernel. These two behaviors
combined make impossible to use disk encryption with XTS while using a
kernel in FIPS mode.
Fix: apply the following fix to cryptsetup:
https://gitlab.com/cryptsetup/cryptsetup/commit/3c2135b36bbc52d052e4ced7c94dc4981eb07a53
Testcase: Try to setup disk encryption with XTS while the kernel is in
FIPS mode.
** Affects: cryptsetup (Ubuntu)
Importance: Medium
Assignee: Marcelo Cerri (mhcerri)
Status: In Progress
** Changed in: cryptsetup (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1715010
Title:
Fix XTS encryption with FIPS enabled kernels
Status in cryptsetup package in Ubuntu:
In Progress
Bug description:
SRU Justification:
Impact: The kernel crypto API rejects weak XTS keys in FIPS mode and
the current version of cryptsetup in xenial do some tests with a
zeroed key to check cipher availability in the kernel. These two
behaviors combined make impossible to use disk encryption with XTS
while using a kernel in FIPS mode.
Fix: apply the following fix to cryptsetup:
https://gitlab.com/cryptsetup/cryptsetup/commit/3c2135b36bbc52d052e4ced7c94dc4981eb07a53
Testcase: Try to setup disk encryption with XTS while the kernel is in
FIPS mode.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1715010/+subscriptions
More information about the foundations-bugs
mailing list