SHA256
1
0
forked from pool/cryptsetup

Accepting request 1142596 from home:pmonrealgonzalez:branches:security

- Update to 2.7.0:
  * Full changelog in:
    mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
  * Introduce support for hardware OPAL disk encryption.
  * plain mode: Set default cipher to aes-xts-plain64 and password hashing
    to sha256.
  * Allow activation (open), luksResume, and luksAddKey to use the volume
    key stored in a keyring.
  * Allow to store volume key to a user-specified keyring in open and
    luksResume commands.
  * Do not flush IO operations if resize grows the device.
    This can help performance in specific cases where the encrypted device
    is extended automatically while running many IO operations.
  * Use only half of detected free memory for Argon2 PBKDF on systems
    without swap (for LUKS2 new keyslot or format operations).
  * Add the possibility to specify a directory for external LUKS2 token
    handlers (plugins).
  * Do not allow reencryption/decryption on LUKS2 devices with
    authenticated encryption or hardware (OPAL) encryption.
  * Do not fail LUKS format if the operation was interrupted on subsequent
    device wipe.
  * Fix the LUKS2 keyslot option to be used while activating the device
    by a token.
  * Properly report if the dm-verity device cannot be activated due to
    the inability to verify the signed root hash (ENOKEY).
  * Fix to check passphrase for selected keyslot only when adding
    new keyslot.
  * Fix to not wipe the keyslot area before in-place overwrite.
  * bitlk: Fix segfaults when attempting to verify the volume key.
  * Add --disable-blkid command line option to avoid blkid device check.

OBS-URL: https://build.opensuse.org/request/show/1142596
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192
This commit is contained in:
Pedro Monreal Gonzalez 2024-01-29 17:02:57 +00:00 committed by Git OBS Bridge
parent 82af2dfa2d
commit 9a7370c09b
9 changed files with 89 additions and 300 deletions

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmPlHwIACgkQ2bBXe9k+
mPwtxg/+PohA6Ygk3e61i0IZmLdvHO2PJG3JefLxf1QDqImkKcALgUdNrt/qv1SZ
CBtM4pmYXfhIpYzavSPZdAC0nLvKkx66PpQRCk/ZmUSNZJ8IzmoM5MPZhWLspYtK
Z4mVXJz+UVdCAf7ayK7li9A+a947jpVKFlc5hSiQ8SnmkT8X0MhqGPLsO9Z6ndNK
+VpBPozZ1YQ6THYp2so5lF3BW9G6YAkm5XhN6IQreDCdZwF0Y4lff6G9PNHFSLpC
k9yLmvUgDsDNTcEjXeKbtvIlOzjjHfhJkEmyo9jNDWNUSU6wt5RqnCZmd1VbCQyB
HVCKb9Y0Yoz9rvzFBWnU6d1ZCe3aKLrVF89yK6mJ7CYh4CVURMJmIJ+1rEeg2z5n
NhXSLrMMF+Q9P/VNupOMec1DOg2OMRKExps5r7kvDeVOz9FmJoguMxAu1+dt0Ze8
4b86ii2F+Py2tOy5OzQu7PvQkKbl8dvi8qJM8cEovKIsWiHTp/2Heo0gjXaLJ/kK
v/821T9v3ZO7dmtlhgps9q4xEjWV/u3kWwXXFgEtKby48UVzTGNXsDDdkrVEdy2J
jKBnqO31mGa8ButNRQvZ6rEOPFaCmdpy95/u5v22LhlACdkEwt5Cky0t6NMKSpvp
sSgVzYmU6Pk5RdOzZCt1pyIPwEfJa1y5N1k/kuBasdqPw95RRsM=
=m/Re
-----END PGP SIGNATURE-----

BIN
cryptsetup-2.6.1.tar.xz (Stored with Git LFS)

Binary file not shown.

16
cryptsetup-2.7.0.tar.sign Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmWw5zoACgkQ2bBXe9k+
mPztwhAAh8ieUWCcw7WwW4lc00ZH77sLc7Ro5J2/0ZAg/HpowOqGqhzJQZ+KJdeF
b6mebw7mKq4PHyzUS7Rba4wQiVEUD2kAQuoyXZJljsxegFOc1LxL/DSOCt7IFJyc
WB+525kPoRrpBWJhGXMn4OcVaelmIJAgDFHcYAccJJTKNgPjDrivpkTAxUsfdTTf
a1F/4I2o7eP5zkWkPqqQIvXzlwQnfD5ulZvnJ30t8E/07CZJ5Hf9iLRa6vruo7Rg
8cJHcOu4MhjuMu+oDvuefj8hM4FyfLU+tt0L7Z3iOZXAGffe+iQUQUyChvN/waEI
R8mpdc89amTHkMTCjYOo2X4sAH9a7mo5L2v+rm5NTZTZn53Gy1Ytbzy2agXY+ebf
DeKTVL3KTMe6KvQUfIqMSrM9oub6o8JDfO+0La9GSkNU/1VvHU5LK3FIomuP8Top
BPfdL8IxSgIityBbby1ZQD97aIgzPZkGsC7/5bVY7mj/LUZxJK61p49U0dlolwss
uzJarjAtDY0iNCfOv/AKZGnVzHAc2cEmVKJ6X243h2NRB5z1snFP8lDtB2AIdcUf
0vEZz1HcwW1de1C0jjQsf9elkeVJfrsFhRhRrEEiHyplR3/uaVwUtrDGOxPsRE+J
SE2sSfURqQPuBKeTO/ymVDt7G0iPd8Ts/BOhQYTn94rsjhONiz8=
=6sya
-----END PGP SIGNATURE-----

3
cryptsetup-2.7.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:94003a00cd5a81944f45e8dc529e0cfd2a6ff629bd2cd21cf5e574e465daf795
size 11632432

View File

@ -1,72 +0,0 @@
From 7893c33d71cde09e240234c484c6c468f22c2fe7 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 3 Apr 2023 13:31:16 +0200
Subject: [PATCH] Check for physical memory available also in PBKDF benchmark.
---
lib/internal.h | 1 +
lib/utils_benchmark.c | 9 +++++++++
lib/utils_pbkdf.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
Index: cryptsetup-2.6.1/lib/internal.h
===================================================================
--- cryptsetup-2.6.1.orig/lib/internal.h
+++ cryptsetup-2.6.1/lib/internal.h
@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struc
struct crypt_pbkdf_type *pbkdf,
size_t volume_key_size);
const char *crypt_get_cipher_spec(struct crypt_device *cd);
+uint32_t pbkdf_adjusted_phys_memory_kb(void);
/* Device backend */
struct device;
Index: cryptsetup-2.6.1/lib/utils_benchmark.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils_benchmark.c
+++ cryptsetup-2.6.1/lib/utils_benchmark.c
@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_d
{
int r, priority;
const char *kdf_opt;
+ uint32_t memory_kb;
if (!pbkdf || (!password && password_size))
return -EINVAL;
@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_d
log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
+ if (memory_kb < pbkdf->max_memory_kb) {
+ log_dbg(cd, "Not enough physical memory detected, "
+ "PBKDF max memory decreased from %dkB to %dkB.",
+ pbkdf->max_memory_kb, memory_kb);
+ pbkdf->max_memory_kb = memory_kb;
+ }
+
crypt_process_priority(cd, &priority, true);
r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
salt, salt_size, volume_key_size, pbkdf->time_ms,
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get
return NULL;
}
-static uint32_t adjusted_phys_memory(void)
+uint32_t pbkdf_adjusted_phys_memory_kb(void)
{
uint64_t memory_kb = crypt_getphysmemory_kb();
@@ -249,7 +249,7 @@ int init_pbkdf_type(struct crypt_device
}
if (cd_pbkdf->max_memory_kb) {
- memory_kb = adjusted_phys_memory();
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
if (cd_pbkdf->max_memory_kb > memory_kb) {
log_dbg(cd, "Not enough physical memory detected, "
"PBKDF max memory decreased from %dkB to %dkB.",

View File

@ -1,160 +0,0 @@
From 899bad8c06957a94a198d1eaa293ed8db205f1de Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 20 Feb 2023 16:45:36 +0100
Subject: [PATCH] Try to avoid OOM killer on low-memory systems without swap.
Benchmark for memory-hard KDF is tricky, seems that relying
on maximum half of physical memory is not enough.
Let's allow only free physical available space if there is no swap.
This should not cause changes on normal systems, at least.
---
lib/internal.h | 2 ++
lib/utils.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
lib/utils_pbkdf.c | 11 ++++++++++-
tests/api-test-2.c | 12 ++++++++----
4 files changed, 67 insertions(+), 5 deletions(-)
Index: cryptsetup-2.6.1/lib/internal.h
===================================================================
--- cryptsetup-2.6.1.orig/lib/internal.h
+++ cryptsetup-2.6.1/lib/internal.h
@@ -169,6 +169,8 @@ int crypt_uuid_cmp(const char *dm_uuid,
size_t crypt_getpagesize(void);
unsigned crypt_cpusonline(void);
uint64_t crypt_getphysmemory_kb(void);
+uint64_t crypt_getphysmemoryfree_kb(void);
+bool crypt_swapavailable(void);
int init_crypto(struct crypt_device *ctx);
Index: cryptsetup-2.6.1/lib/utils.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils.c
+++ cryptsetup-2.6.1/lib/utils.c
@@ -59,6 +59,53 @@ uint64_t crypt_getphysmemory_kb(void)
return phys_memory_kb;
}
+uint64_t crypt_getphysmemoryfree_kb(void)
+{
+ long pagesize, phys_pages;
+ uint64_t phys_memoryfree_kb;
+
+ pagesize = sysconf(_SC_PAGESIZE);
+ phys_pages = sysconf(_SC_AVPHYS_PAGES);
+
+ if (pagesize < 0 || phys_pages < 0)
+ return 0;
+
+ phys_memoryfree_kb = pagesize / 1024;
+ phys_memoryfree_kb *= phys_pages;
+
+ return phys_memoryfree_kb;
+}
+
+bool crypt_swapavailable(void)
+{
+ int fd;
+ ssize_t size;
+ char buf[4096], *p;
+ uint64_t total;
+
+ if ((fd = open("/proc/meminfo", O_RDONLY)) < 0)
+ return true;
+
+ size = read(fd, buf, sizeof(buf));
+ close(fd);
+ if (size < 1)
+ return true;
+
+ if (size < (ssize_t)sizeof(buf))
+ buf[size] = 0;
+ else
+ buf[sizeof(buf) - 1] = 0;
+
+ p = strstr(buf, "SwapTotal:");
+ if (!p)
+ return true;
+
+ if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1)
+ return true;
+
+ return total > 0;
+}
+
void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
{
int _priority, new_priority;
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
@@ -63,7 +63,7 @@ const struct crypt_pbkdf_type *crypt_get
uint32_t pbkdf_adjusted_phys_memory_kb(void)
{
- uint64_t memory_kb = crypt_getphysmemory_kb();
+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb();
/* Ignore bogus value */
if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX)
@@ -75,6 +75,15 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
*/
memory_kb /= 2;
+ /*
+ * Never use more that available free space on system without swap.
+ */
+ if (!crypt_swapavailable()) {
+ free_kb = crypt_getphysmemoryfree_kb();
+ if (free_kb > (64 * 1024) && free_kb < memory_kb)
+ return free_kb;
+ }
+
return memory_kb;
}
Index: cryptsetup-2.6.1/tests/api-test-2.c
===================================================================
--- cryptsetup-2.6.1.orig/tests/api-test-2.c
+++ cryptsetup-2.6.1/tests/api-test-2.c
@@ -2802,7 +2802,8 @@ static void Pbkdf(void)
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, default_luks2_iter_time);
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
// set and verify argon2 type
OK_(crypt_set_pbkdf_type(cd, &argon2));
@@ -2827,7 +2828,8 @@ static void Pbkdf(void)
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, default_luks2_iter_time);
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
// try to pass illegal values
argon2.parallel_threads = 0;
@@ -2858,14 +2860,16 @@ static void Pbkdf(void)
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, default_luks2_iter_time);
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
crypt_set_iteration_time(cd, 1);
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, 1);
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
CRYPT_FREE(cd);

View File

@ -1,41 +0,0 @@
From 6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 17 Apr 2023 13:41:17 +0200
Subject: [PATCH] Use only half of detected free memory on systems without
swap.
As tests shows, limiting used Argon2 memory to free memory on
systems without swap is still not enough.
Use just half of it, this should bring needed margin while
still use Argon2.
Note, for very-low memory constrained systems user should
avoid memory-hard PBKDF (IOW manually select PBKDF2), we
do not do this automatically.
---
lib/utils_pbkdf.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
memory_kb /= 2;
/*
- * Never use more that available free space on system without swap.
+ * Never use more that half of available free memory on system without swap.
*/
if (!crypt_swapavailable()) {
free_kb = crypt_getphysmemoryfree_kb();
+
+ /*
+ * Using exactly free memory causes OOM too, use only half of the value.
+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment.
+ */
+ free_kb /= 2;
+
if (free_kb > (64 * 1024) && free_kb < memory_kb)
return free_kb;
}

View File

@ -1,3 +1,69 @@
-------------------------------------------------------------------
Mon Jan 29 16:40:40 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.7.0:
* Full changelog in:
mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
* Introduce support for hardware OPAL disk encryption.
* plain mode: Set default cipher to aes-xts-plain64 and password hashing
to sha256.
* Allow activation (open), luksResume, and luksAddKey to use the volume
key stored in a keyring.
* Allow to store volume key to a user-specified keyring in open and
luksResume commands.
* Do not flush IO operations if resize grows the device.
This can help performance in specific cases where the encrypted device
is extended automatically while running many IO operations.
* Use only half of detected free memory for Argon2 PBKDF on systems
without swap (for LUKS2 new keyslot or format operations).
* Add the possibility to specify a directory for external LUKS2 token
handlers (plugins).
* Do not allow reencryption/decryption on LUKS2 devices with
authenticated encryption or hardware (OPAL) encryption.
* Do not fail LUKS format if the operation was interrupted on subsequent
device wipe.
* Fix the LUKS2 keyslot option to be used while activating the device
by a token.
* Properly report if the dm-verity device cannot be activated due to
the inability to verify the signed root hash (ENOKEY).
* Fix to check passphrase for selected keyslot only when adding
new keyslot.
* Fix to not wipe the keyslot area before in-place overwrite.
* bitlk: Fix segfaults when attempting to verify the volume key.
* Add --disable-blkid command line option to avoid blkid device check.
* Add support for the meson build system.
* Fix wipe operation that overwrites the whole device if used for LUKS2
header with no keyslot area.
* Fix luksErase to work with detached LUKS header.
* Disallow the use of internal kernel crypto driver names in "capi"
specification.
* Fix reencryption to fail early for unknown cipher.
* tcrypt: Support new Blake2 hash for VeraCrypt.
* tcrypt: use hash values as substring for limiting KDF check.
* Add Aria cipher support and block size info.
* Do not decrease PBKDF parameters if the user forces them.
* Support OpenSSL 3.2 Argon2 implementation.
* Add support for Argon2 from libgcrypt
(requires yet unreleased gcrypt 1.11).
* Used Argon2 PBKDF implementation is now reported in debug mode
in the cryptographic backend version. For native support in
OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
If libargon2 is used, "cryptsetup libargon2" (for embedded
library) or "external libargon2" is displayed.
* Link only libcrypto from OpenSSL.
* Disable reencryption for Direct-Access (DAX) devices.
* Print a warning message if the device is not aligned to sector size.
* Fix sector size and integrity fields display for non-LUKS2 crypt
devices for the status command.
* Fix suspend for LUKS2 with authenticated encryption (also suspend
dm-integrity device underneath).
* Update keyring and locking documentation and LUKS2 specification
for OPAL2 support.
* Remove patches fixed upstream:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 13 09:46:24 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Thu Jul 13 09:46:24 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package cryptsetup # spec file for package cryptsetup
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,21 +18,17 @@
%define so_ver 12 %define so_ver 12
Name: cryptsetup Name: cryptsetup
Version: 2.6.1 Version: 2.7.0
Release: 0 Release: 0
Summary: Setup program for dm-crypt Based Encrypted Block Devices Summary: Setup program for dm-crypt Based Encrypted Block Devices
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
Group: System/Base Group: System/Base
URL: https://gitlab.com/cryptsetup/cryptsetup/ URL: https://gitlab.com/cryptsetup/cryptsetup/
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball. # GPG signature of the uncompressed tarball.
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign
Source2: baselibs.conf Source2: baselibs.conf
Source3: cryptsetup.keyring Source3: cryptsetup.keyring
#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and no swap space
Patch0: cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
Patch1: cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
Patch2: cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
BuildRequires: device-mapper-devel BuildRequires: device-mapper-devel
BuildRequires: libjson-c-devel BuildRequires: libjson-c-devel
BuildRequires: libpwquality-devel BuildRequires: libpwquality-devel