Bug 1311286 - kernel 4.1.18 has broken crypto API
Summary: kernel 4.1.18 has broken crypto API
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 23
Hardware: armhfp
OS: Linux
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2016-02-23 20:14 UTC by Karl Sponser
Modified: 2016-02-24 13:19 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-02-24 13:19:59 UTC
Type: Bug

Attachments (Terms of Use)

Description Karl Sponser 2016-02-23 20:14:25 UTC
Description of problem:
A patch in Kernel 4.1.18 broke luks. You can't open luks devices any more nor format them. ArchLinux patched cryptsetup to be compatible again (see below)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install/boot Kernel 4.1.18
2. Try to open/format a luks device (fails)

Actual results:
# cryptsetup luksFormat /dev/loop2

This will overwrite data on /dev/loop2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
Failed to setup dm-crypt key mapping for device /dev/loop2.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

The error is the same if you try to luksOpen an existing luks formated device, that worked with all previous kernel versions.

Expected results:
It should be possible to open/format devices with luks with Kernel 4.1.18, like it worked with all previous Kernels.

Additional info:
There is an upstream bug report:

ArchLinux fixed cryptsetup, to work around this problem:

Comment 1 Ondrej Kozina 2016-02-24 09:04:44 UTC
In fact it's broken kernel crypto API for older userspace. For reference see: http://www.spinics.net/lists/linux-crypto/msg18521.html

Comment 2 Ondrej Kozina 2016-02-24 09:30:47 UTC
Oh, didn't realise f23 doesn't ship 4.1.18 kernel at all so probably safe to close anyway...

Even though I understand it's annoying bug we don't plan to fix it by updating cryptsetup (in userspace) in stable fedora realease. This is clearly mistake in 4.1.18 backport of crypto API patches.

Comment 3 Josh Boyer 2016-02-24 13:19:59 UTC
Thanks for the report.  None of the Fedora releases are on the 4.1.y kernel any longer.  All are 4.3.y or newer.  This isn't an issue for Fedora afaik, so I'm closing this as UPSTREAM.

Note You need to log in before you can comment on or make changes to this bug.