Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Descriptionguazhang@redhat.com
2023-04-22 01:13:45 UTC
Description of problem:
libblockdev regression failed after enable fips
Version-Release number of selected component (if applicable):
5.14.0-299.el9.x86_64
udisks2-2.9.4-7.el9.x86_64
libblockdev-2.28-5.el9.x86_64
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
root@storageqe-65 tests]# python3 run_tests.py crypto_test
/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py:14: PyGIWarning: BlockDev was imported without specifying a version first. Use gi.require_version('BlockDev', '2.0') before import to ensure that the right version gets loaded.
from gi.repository import BlockDev, GLib
test_luks2_add_key (crypto_test.CryptoTestAddKey) ... ok
test_luks_add_key (crypto_test.CryptoTestAddKey) ... ok
test_bitlk_open_close (crypto_test.CryptoTestBitlk)
Verify that opening/closing a BitLocker device works ... ok
test_luks2_change_key (crypto_test.CryptoTestChangeKey) ... ok
test_luks_change_key (crypto_test.CryptoTestChangeKey) ... ok
test_error_locale_key (crypto_test.CryptoTestErrorLocale) ... ok
test_backup_passphrase (crypto_test.CryptoTestEscrow)
Verify that a backup passphrase can be created for a device ...
Generating key. This may take a few moments...
ERROR
test_escrow_packet (crypto_test.CryptoTestEscrow)
Verify that an escrow packet can be created for a device ...
Generating key. This may take a few moments...
ERROR
test_luks2_format (crypto_test.CryptoTestFormat)
Verify that formating device as LUKS 2 works ... ERROR
test_luks_format (crypto_test.CryptoTestFormat)
Verify that formating device as LUKS works ... ok
test_luks_format_key_size (crypto_test.CryptoTestFormat)
Verify that formating device as LUKS works ... ok
test_generate_backup_passhprase (crypto_test.CryptoTestGenerateBackupPassphrase)
Verify that backup passphrase generation works as expected ... ok
test_luks2_get_metadata_size (crypto_test.CryptoTestGetMetadataSize)
Verify that getting LUKS 2 device metadata size works ... ok
test_luks_get_metadata_size (crypto_test.CryptoTestGetMetadataSize)
Verify that getting LUKS device metadata size works ... ok
test_luks2_get_uuid (crypto_test.CryptoTestGetUUID) ... ok
test_luks_get_uuid (crypto_test.CryptoTestGetUUID) ... ok
test_luks2_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore)
Verify that header backup/restore with LUKS2 works ... ok
test_luks_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore)
Verify that header backup/restore with LUKS works ... ok
test_luks2_format (crypto_test.CryptoTestInfo)
Verify that we can get information about a LUKS 2 device ... ok
test_luks_format (crypto_test.CryptoTestInfo)
Verify that we can get information about a LUKS device ... ok
test_integrity (crypto_test.CryptoTestIntegrity) ... ok
test_integrity_wipe (crypto_test.CryptoTestIntegrity) ... ok
test_is_luks (crypto_test.CryptoTestIsLuks) ... ok
test_is_luks2 (crypto_test.CryptoTestIsLuks) ... ok
test_luks2_kill_slot (crypto_test.CryptoTestKillSlot)
Verify that killing a key slot on LUKS 2 device works ... ok
test_luks_kill_slot (crypto_test.CryptoTestKillSlot)
Verify that killing a key slot on LUKS device works ... ok
test_luks2_integrity (crypto_test.CryptoTestLUKS2Integrity)
Verify that we can get create a LUKS 2 device with integrity ... ok
test_luks2_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok
test_luks_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok
test_luks2_sector_size_autodetect (crypto_test.CryptoTestLuksSectorSize)
Verify that we can autodetect 4k drives and set 4k sector size for them ... ok
test_luks2_status (crypto_test.CryptoTestLuksStatus) ... ok
test_luks_status (crypto_test.CryptoTestLuksStatus) ... ok
test_luks2_open_close (crypto_test.CryptoTestOpenClose) ... ok
test_luks_open_close (crypto_test.CryptoTestOpenClose) ... ok
test_luks2_remove_key (crypto_test.CryptoTestRemoveKey) ... ok
test_luks_remove_key (crypto_test.CryptoTestRemoveKey) ... ok
test_luks2_resize (crypto_test.CryptoTestResize)
Verify that resizing LUKS 2 device works ... ok
test_luks_resize (crypto_test.CryptoTestResize)
Verify that resizing LUKS device works ... ok
test_luks2_suspend_resume (crypto_test.CryptoTestSuspendResume)
Verify that suspending/resuming LUKS 2 device works ... ok
test_luks_suspend_resume (crypto_test.CryptoTestSuspendResume)
Verify that suspending/resuming LUKS device works ... ok
test_truecrypt_open_close (crypto_test.CryptoTestTrueCrypt)
Verify that opening/closing TrueCrypt device works ... ok
test_veracrypt_open_close (crypto_test.CryptoTestTrueCrypt)
Verify that opening/closing VeraCrypt device works ... ok
======================================================================
ERROR: test_backup_passphrase (crypto_test.CryptoTestEscrow)
Verify that a backup passphrase can be created for a device
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 725, in test_backup_passphrase
succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(),
File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device
return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase)
gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12)
======================================================================
ERROR: test_escrow_packet (crypto_test.CryptoTestEscrow)
Verify that an escrow packet can be created for a device
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 682, in test_escrow_packet
succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(),
File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device
return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase)
gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12)
======================================================================
ERROR: test_luks2_format (crypto_test.CryptoTestFormat)
Verify that formating device as LUKS 2 works
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 181, in test_luks2_format
succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, None, self.keyfile, 0,
File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 224, in crypto_luks_format
return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra)
gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3)
----------------------------------------------------------------------
Ran 42 tests in 531.140s
FAILED (errors=3)
[root@storageqe-65 tests]#
The two crypto_test.CryptoTestEscrow test cases are failing because of https://bugzilla.redhat.com/show_bug.cgi?id=2143223
The crypto_test.CryptoTestFormat test case is failing because we are trying to create a LUKS2 with argon2id which is not supported in FIPS. The tests were not written with FIPS support in mind and in general, I don't plan to support FIPS in the tests.
Comment 3guazhang@redhat.com
2023-07-06 01:42:32 UTC
have added 'tested' to verified ,please move to next.
Comment 4guazhang@redhat.com
2023-07-10 01:55:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (libblockdev bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2023:6342
Description of problem: libblockdev regression failed after enable fips Version-Release number of selected component (if applicable): 5.14.0-299.el9.x86_64 udisks2-2.9.4-7.el9.x86_64 libblockdev-2.28-5.el9.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: root@storageqe-65 tests]# python3 run_tests.py crypto_test /root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py:14: PyGIWarning: BlockDev was imported without specifying a version first. Use gi.require_version('BlockDev', '2.0') before import to ensure that the right version gets loaded. from gi.repository import BlockDev, GLib test_luks2_add_key (crypto_test.CryptoTestAddKey) ... ok test_luks_add_key (crypto_test.CryptoTestAddKey) ... ok test_bitlk_open_close (crypto_test.CryptoTestBitlk) Verify that opening/closing a BitLocker device works ... ok test_luks2_change_key (crypto_test.CryptoTestChangeKey) ... ok test_luks_change_key (crypto_test.CryptoTestChangeKey) ... ok test_error_locale_key (crypto_test.CryptoTestErrorLocale) ... ok test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ... Generating key. This may take a few moments... ERROR test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ... Generating key. This may take a few moments... ERROR test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ... ERROR test_luks_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_luks_format_key_size (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_generate_backup_passhprase (crypto_test.CryptoTestGenerateBackupPassphrase) Verify that backup passphrase generation works as expected ... ok test_luks2_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS 2 device metadata size works ... ok test_luks_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS device metadata size works ... ok test_luks2_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks2_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS2 works ... ok test_luks_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS works ... ok test_luks2_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS 2 device ... ok test_luks_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS device ... ok test_integrity (crypto_test.CryptoTestIntegrity) ... ok test_integrity_wipe (crypto_test.CryptoTestIntegrity) ... ok test_is_luks (crypto_test.CryptoTestIsLuks) ... ok test_is_luks2 (crypto_test.CryptoTestIsLuks) ... ok test_luks2_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS 2 device works ... ok test_luks_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS device works ... ok test_luks2_integrity (crypto_test.CryptoTestLUKS2Integrity) Verify that we can get create a LUKS 2 device with integrity ... ok test_luks2_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks2_sector_size_autodetect (crypto_test.CryptoTestLuksSectorSize) Verify that we can autodetect 4k drives and set 4k sector size for them ... ok test_luks2_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks2_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks2_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks2_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS 2 device works ... ok test_luks_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS device works ... ok test_luks2_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS 2 device works ... ok test_luks_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS device works ... ok test_truecrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing TrueCrypt device works ... ok test_veracrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing VeraCrypt device works ... ok ====================================================================== ERROR: test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 725, in test_backup_passphrase succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 682, in test_escrow_packet succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 181, in test_luks2_format succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, None, self.keyfile, 0, File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 224, in crypto_luks_format return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3) ---------------------------------------------------------------------- Ran 42 tests in 531.140s FAILED (errors=3) [root@storageqe-65 tests]#