group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1715010] Re: Fix XTS encryption with FIPS enabled kernels

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1715010@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Sep 2017 16:59:30 -0000
Reply-to: Bug 1715010 <1715010@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package cryptsetup - 2:1.6.6-5ubuntu2.1

---------------
cryptsetup (2:1.6.6-5ubuntu2.1) xenial; urgency=medium

  * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat with recent
    FIPS enabled kernels. (LP: #1715010)

 -- Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx>  Thu, 10 Aug
2017 10:49:02 -0300

** Changed in: cryptsetup (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1715010

Title:
  Fix XTS encryption with FIPS enabled kernels

Status in cryptsetup package in Ubuntu:
  Fix Released
Status in cryptsetup source package in Xenial:
  Fix Released
Status in cryptsetup source package in Zesty:
  Triaged

Bug description:
  SRU Justification:

  Impact:  The kernel crypto API rejects weak XTS keys in FIPS mode and
  the current version of cryptsetup in xenial do some tests with a
  zeroed key to check cipher availability in the kernel. These two
  behaviors combined make impossible to use disk encryption with XTS
  while using a kernel in FIPS mode.

  Fix: apply the following fix to cryptsetup:

  https://gitlab.com/cryptsetup/cryptsetup/commit/3c2135b36bbc52d052e4ced7c94dc4981eb07a53

  Testcase: Try to setup disk encryption with XTS while the kernel is in
  FIPS mode.

  N.B.: This is not yet fixed in artful so cannot be released.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1715010/+subscriptions