Bug 1311286 - kernel 4.1.18 has broken crypto API
kernel 4.1.18 has broken crypto API
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
armhfp Linux
unspecified Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2016-02-23 15:14 EST by Karl Sponser
Modified: 2016-02-24 08:19 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-24 08:19:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karl Sponser 2016-02-23 15:14:25 EST
Description of problem:
A patch in Kernel 4.1.18 broke luks. You can't open luks devices any more nor format them. ArchLinux patched cryptsetup to be compatible again (see below)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install/boot Kernel 4.1.18
2. Try to open/format a luks device (fails)

Actual results:
# cryptsetup luksFormat /dev/loop2

This will overwrite data on /dev/loop2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
Failed to setup dm-crypt key mapping for device /dev/loop2.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

The error is the same if you try to luksOpen an existing luks formated device, that worked with all previous kernel versions.

Expected results:
It should be possible to open/format devices with luks with Kernel 4.1.18, like it worked with all previous Kernels.

Additional info:
There is an upstream bug report:

ArchLinux fixed cryptsetup, to work around this problem:
Comment 1 Ondrej Kozina 2016-02-24 04:04:44 EST
In fact it's broken kernel crypto API for older userspace. For reference see: http://www.spinics.net/lists/linux-crypto/msg18521.html
Comment 2 Ondrej Kozina 2016-02-24 04:30:47 EST
Oh, didn't realise f23 doesn't ship 4.1.18 kernel at all so probably safe to close anyway...

Even though I understand it's annoying bug we don't plan to fix it by updating cryptsetup (in userspace) in stable fedora realease. This is clearly mistake in 4.1.18 backport of crypto API patches.
Comment 3 Josh Boyer 2016-02-24 08:19:59 EST
Thanks for the report.  None of the Fedora releases are on the 4.1.y kernel any longer.  All are 4.3.y or newer.  This isn't an issue for Fedora afaik, so I'm closing this as UPSTREAM.

Note You need to log in before you can comment on or make changes to this bug.