Bug 660368 - dm-crypt: backport changes to support xts crypto mode
Summary: dm-crypt: backport changes to support xts crypto mode
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Milan Broz
QA Contact: Gris Ge
URL:
Whiteboard:
Depends On: 553411
Blocks: 636208
TreeView+ depends on / blocked
 
Reported: 2010-12-06 17:09 UTC by Milan Broz
Modified: 2013-07-21 15:49 UTC (History)
17 users (show)

Fixed In Version: kernel-2.6.18-259.el5
Doc Type: Bug Fix
Doc Text:
Clone Of: 553411
Environment:
Last Closed: 2011-07-21 10:21:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1065 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update 2011-07-21 09:21:37 UTC

Description Milan Broz 2010-12-06 17:09:19 UTC 
+++ This bug was initially created as a clone of Bug #553411 +++
Clone of #636208 - dm-crypt part.

- dm-crypt code need to understand aes-xts-plain and aes-xts-plain64 (xts mode and plain/plain64 IV)

How reproducible:

--- Additional comment from dlehman on 2010-01-11 12:19:01 EST ---

We started using a different cipher in Fedora 11 or 12 (aes-xts-plain). RHEL5 installer runtime environment does not include the kernel modules needed to use this cipher.
Comment 1 RHEL Program Management 2011-02-01 17:06:10 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 Jarod Wilson 2011-03-28 18:37:42 UTC 
Patch(es) available in kernel-2.6.18-252.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 13 Jarod Wilson 2011-04-08 16:26:04 UTC 
Patch(es) available in kernel-2.6.18-256.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 14 Jarod Wilson 2011-04-08 18:23:39 UTC 
(In reply to comment #13)
> Patch(es) available in kernel-2.6.18-256.el5
> You can download this test kernel (or newer) from
> http://people.redhat.com/jwilson/el5
> Detailed testing feedback is always welcomed.

Nb: this patch was at least temporarily reverted, due to a userspace change being required to properly support unlocking encrypted volumes at boot time. Moving bug back to POST.
Comment 16 Jarod Wilson 2011-04-29 17:50:50 UTC 
Patch(es) available in kernel-2.6.18-259.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 18 Gris Ge 2011-06-28 05:17:49 UTC 
cryptsetup-luks-1.0.3-8.el5
kernel-2.6.18-269.el5

1. The LUKS partitioned created by RHEL6 (cryptsetup -c aes-xts-plain64 -s 512 luksFormat /dev/sda) successfully opened by RHEL5. md5sum make sure data integrity.

2. LUKS partition created by RHEL5 (aes-xts-plain64) successfully opened by RHEL6. md5sum make sure data integrity.


VERIFIY
Comment 19 errata-xmlrpc 2011-07-21 10:21:31 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1065.html
Note You need to log in before you can comment on or make changes to this bug.