[Bug 1993944] Re: sha256 hash not supported after upgrading to 22.10
Adrien Nader
1993944 at bugs.launchpad.net
Tue Oct 25 14:25:14 UTC 2022
Thank you for digging in your issue.
I have troubles reproducing this and there seems to be no obvious path
for that file to have been modified that way.
Do you remember changing anything in the openssl configuration
(including other lines)? Do you have etckeeper installed maybe? Can you
provide the output of 'stat /etc/ssl/openssl.cnf'? Can you provide your
full openssl.cnf file?
The two blocks of configuration that you mention do not exist in 22.04
and they are commented out in 22.10.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1993944
Title:
sha256 hash not supported after upgrading to 22.10
Status in cryptsetup package in Ubuntu:
Triaged
Status in cryptsetup source package in Kinetic:
Triaged
Bug description:
I just upgraded from 22.04 to 22.10, and I cannot open my LUKS volume.
here is as much information that I could find
```
$ sudo cryptsetup luksDump --debug /dev/nvme0n1p7
# cryptsetup 2.5.0 processing "cryptsetup luksDump --debug /dev/nvme0n1p7"
# Verifying parameters for command luksDump.
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p7.
# Trying to open and read device /dev/nvme0n1p7 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p7.
# Crypto backend (OpenSSL 3.0.5 5 Jul 2022 [default][legacy]) initialized in cryptsetup library version 2.5.0.
# Detected kernel Linux 5.19.0-23-generic x86_64.
Requested hash sha256 is not supported.
Device /dev/nvme0n1p7 is not a valid LUKS device.
# Releasing crypt device /dev/nvme0n1p7 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).
```
so the actual errors appears to be `Requested hash sha256 is not
supported.`
I opened an issue on cryptsetup itself, but he is telling me its
likely an OpenSSL miss-configuration, or a missing package. sha256 i
mandatory
https://gitlab.com/cryptsetup/cryptsetup/-/issues/782
I am seeing reference to sha256 in `/etc/ssl/openssl.cnf`
but when I type just `openssl -v` I get ...
```
FATAL: Startup failure (dev note: apps_startup()) for openssl
4057E8D4727F0000:error:80000002:system library:process_include:No such file or directory:../crypto/conf/conf_def.c:805:calling stat(fipsmodule.cnf)
4057E8D4727F0000:error:07800069:common libcrypto routines:provider_conf_load:provider section error:../crypto/provider_conf.c:156:section=fips_sect not found
4057E8D4727F0000:error:0700006D:configuration file routines:module_run:module initialization error:../crypto/conf/conf_mod.c:270:module=providers, value=provider_sect retcode=-1
```
could it be related?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1993944/+subscriptions
More information about the foundations-bugs
mailing list