Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Dear release team,
Another regression was found in cryptsetup :-/ Its scope is quite narrow as
it only affects mapped device size ≥2TiB (2³² 512-bits sectors) on 32-bits
platforms. And AFAICT ‘crypt’ targets are not affected, only ‘integrity’ ones
are; both standalone dm-integrity volumes set up with integritysetup(8), as
well as volumes used for *experimental* authenticated disk encryption and set
up with cryptsetup(8).
In these scenarios the size overflows (due to size_t being incorrectly used in
place of uint64_t) and the device is mapped with a truncated size. There is a
risk of data loss if the user writes inside the container, for instance while
trying to recover it, so that should IMHO be fixed via s-p-u.
This is an upstream regression from 2.1.0, so Stretch is not affected.
2:2.2.0-3 from Sid contains the cherry-picked upstream fix, but Buster's
2:2.1.0-5 (and 2:2.1.0-5+deb10u1) is affected. Changelog since 2:2.1.0-5 is
as follows, and debdiff against 2:2.1.0-5 and 2:2.1.0-5+deb10u1 attached.
--8<--------------------------------------------------------------------->8--
cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium
* Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
32bit architectures. Regression since 2:2.1.0-1. (Closes: #935702)
-- Guilhem Moulin <guil...@debian.org> Mon, 26 Aug 2019 14:54:10 +0200
cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high
* Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support
for LUKS2 headers without any bound keyslot. Adding a new key slot using
the volume key was failing, both via the crypt_keyslot_add_by_volume_key()
API call and with `luksAddKey --master-key`. The former in particular
might yield data loss if, in order to change a passphrase, an application
destroys the keyslot before adding a new one (using the volume key), cf.
#928893. Note that doing so is *unsafe*: applications should instead use
crypt_keyslot_change_by_passphrase() from libcryptsetup >=1.6.0.
Trying to open LUKS2 volume by supplying the volume key on the command
line was also failing if there were no bound keyslot on the header.
(Closes: #934715)
-- Guilhem Moulin <guil...@debian.org> Fri, 16 Aug 2019 19:18:10 +0200
--8<--------------------------------------------------------------------->8--
A s-p-u was previously filed (#934956) — and accepted — for 2:2.1.0-5+deb10u1.
The new commit cherry-picked from upstream also includes a unit test; like
most of the test suite it'll be ignored by the build daemons as it requires
root access, but I did verify that the entire test suite still passes on amd64
and i386 (and that indeed large devices no longer overflow).
Given that Buster currently has 2:2.1.0-5, should the .changes include all
changes since that version, or only since 2:2.1.0-5+deb10u1?
Thanks for considering its inclusion in Buster! CC'ing KiBi for the d-i ack.
Cheers,
--
Guilhem.
diffstat for cryptsetup-2.1.0 cryptsetup-2.1.0
changelog | 23 +
gbp.conf | 1
patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch | 56 +++
patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch | 151
++++++++++
patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch | 86 +++++
patches/Mention-limitation-of-crypt_get_volume_key_size.patch | 20 +
patches/series | 4
7 files changed, 341 insertions(+)
diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
--- cryptsetup-2.1.0/debian/changelog 2019-06-10 14:51:15.000000000 +0200
+++ cryptsetup-2.1.0/debian/changelog 2019-08-26 14:54:10.000000000 +0200
@@ -1,3 +1,26 @@
+cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium
+
+ * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
+ 32bit architectures. Regression since 2:2.1.0-1. (Closes: #935702)
+
+ -- Guilhem Moulin <guil...@debian.org> Mon, 26 Aug 2019 14:54:10 +0200
+
+cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high
+
+ * Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support
+ for LUKS2 headers without any bound keyslot. Adding a new key slot using
+ the volume key was failing, both via the crypt_keyslot_add_by_volume_key()
+ API call and with `luksAddKey --master-key`. The former in particular
+ might yield data loss if, in order to change a passphrase, an application
+ destroys the keyslot before adding a new one (using the volume key), cf.
+ #928893. Note that doing so is *unsafe*: applications should instead use
+ crypt_keyslot_change_by_passphrase() from libcryptsetup >=1.6.0.
+ Trying to open LUKS2 volume by supplying the volume key on the command
+ line was also failing if there were no bound keyslot on the header.
+ (Closes: #934715)
+
+ -- Guilhem Moulin <guil...@debian.org> Fri, 16 Aug 2019 19:18:10 +0200
+
cryptsetup (2:2.1.0-5) unstable; urgency=medium
[ Jonas Meurer ]
diff -Nru cryptsetup-2.1.0/debian/gbp.conf cryptsetup-2.1.0/debian/gbp.conf
--- cryptsetup-2.1.0/debian/gbp.conf 2019-06-10 14:51:15.000000000 +0200
+++ cryptsetup-2.1.0/debian/gbp.conf 2019-08-26 14:54:10.000000000 +0200
@@ -4,3 +4,4 @@
[buildpackage]
upstream-tag = v%(version)s
upstream-branch = upstream-2.0.x
+debian-branch = debian-buster
diff -Nru
cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
---
cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
1970-01-01 01:00:00.000000000 +0100
+++
cryptsetup-2.1.0/debian/patches/Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,56 @@
+From c03e3fe88a9761f34b22d2b4d4654353783e2d4f Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okoz...@redhat.com>
+Date: Tue, 26 Feb 2019 11:49:58 +0100
+Subject: Fix getting default LUKS2 keyslot encryption parameters.
+
+When information about original keyslot size is missing (no active
+keyslot assigned to default segment) we have to fallback to
+default luks2 encryption parameters even though we know default
+segment cipher and mode.
+
+Fixes: #442.
+---
+ lib/setup.c | 3 ++-
+ tests/api-test-2.c | 19 +++++++++++++++++++
+ 2 files changed, 21 insertions(+), 1 deletion(-)
+
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -4632,7 +4632,8 @@ const char *crypt_keyslot_get_encryption
+ cipher = LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
+ if (!LUKS2_keyslot_cipher_incompatible(cd, cipher)) {
+ *key_size = crypt_get_volume_key_size(cd);
+- return cipher;
++ if (*key_size)
++ return cipher;
+ }
+
+ /* Fallback to default LUKS2 keyslot encryption */
+--- a/tests/api-test-2.c
++++ b/tests/api-test-2.c
+@@ -914,6 +914,25 @@ static void AddDeviceLuks2(void)
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0),
"VK doesn't match any digest assigned to segment 0");
+ crypt_free(cd);
+
++ /*
++ * Check regression in getting keyslot encryption parameters when
++ * volume key size is unknown (no active keyslots).
++ */
++ if (!_fips_mode) {
++ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
++ crypt_set_iteration_time(cd, 1);
++ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL,
key, key_size, NULL));
++ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size,
PASSPHRASE, strlen(PASSPHRASE)), 0);
++ /* drop context copy of volume key */
++ crypt_free(cd);
++ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
++ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
++ EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size,
PASSPHRASE, strlen(PASSPHRASE)), 0);
++ OK_(crypt_keyslot_destroy(cd, 0));
++ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size,
PASSPHRASE, strlen(PASSPHRASE)), 0);
++ crypt_free(cd);
++ }
++
+ _cleanup_dmdevices();
+ }
+
diff -Nru
cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
---
cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
1970-01-01 01:00:00.000000000 +0100
+++
cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch
2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,151 @@
+From 8f8f0b3258152a260c6a40be89b485f943f81484 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyl...@gmail.com>
+Date: Mon, 26 Aug 2019 10:01:17 +0200
+Subject: Fix mapped segments overflow on 32bit architectures.
+
+All set_segment functions must use uin64_t everywhere,
+not size_t that is platform dependent.
+
+The code later uses it correctly, it is just wrong function
+prototype definitions.
+
+Reported in
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702
+
+(TODO: add a test for other segment types.)
+---
+ lib/libdevmapper.c | 12 ++++++------
+ lib/utils_dm.h | 12 ++++++------
+ tests/integrity-compat-test | 26 ++++++++++++++++++++++++++
+ 3 files changed, 38 insertions(+), 12 deletions(-)
+
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -2592,9 +2592,9 @@ int dm_is_dm_kernel_name(const char *nam
+ return strncmp(name, "dm-", 3) ? 0 : 1;
+ }
+
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
+ struct device *data_device, struct volume_key *vk, const char *cipher,
+- size_t iv_offset, size_t data_offset, const char *integrity, uint32_t
tag_size,
++ uint64_t iv_offset, uint64_t data_offset, const char *integrity,
uint32_t tag_size,
+ uint32_t sector_size)
+ {
+ int r = -EINVAL;
+@@ -2632,7 +2632,7 @@ err:
+ return r;
+ }
+
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
+ struct device *data_device, struct device *hash_device, struct device
*fec_device,
+ const char *root_hash, uint32_t root_hash_size, uint64_t
hash_offset_block,
+ uint64_t hash_blocks, struct crypt_params_verity *vp)
+@@ -2658,7 +2658,7 @@ int dm_verity_target_set(struct dm_targe
+ return 0;
+ }
+
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset,
uint64_t seg_size,
+ struct device *meta_device,
+ struct device *data_device, uint64_t tag_size, uint64_t
offset,
+ uint32_t sector_size, struct volume_key *vk,
+@@ -2697,8 +2697,8 @@ int dm_integrity_target_set(struct dm_ta
+ return 0;
+ }
+
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
+- struct device *data_device, size_t data_offset)
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
++ struct device *data_device, uint64_t data_offset)
+ {
+ if (!data_device)
+ return -EINVAL;
+--- a/lib/utils_dm.h
++++ b/lib/utils_dm.h
+@@ -156,22 +156,22 @@ void dm_backend_exit(struct crypt_device
+ int dm_targets_allocate(struct dm_target *first, unsigned count);
+ void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device
*dmd);
+
+-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
+ struct device *data_device, struct volume_key *vk, const char *cipher,
+- size_t iv_offset, size_t data_offset, const char *integrity,
++ uint64_t iv_offset, uint64_t data_offset, const char *integrity,
+ uint32_t tag_size, uint32_t sector_size);
+-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
+ struct device *data_device, struct device *hash_device, struct device
*fec_device,
+ const char *root_hash, uint32_t root_hash_size, uint64_t
hash_offset_block,
+ uint64_t hash_blocks, struct crypt_params_verity *vp);
+-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset,
uint64_t seg_size,
+ struct device *meta_device,
+ struct device *data_device, uint64_t tag_size, uint64_t offset,
uint32_t sector_size,
+ struct volume_key *vk,
+ struct volume_key *journal_crypt_key, struct volume_key
*journal_mac_key,
+ const struct crypt_params_integrity *ip);
+-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t
seg_size,
+- struct device *data_device, size_t data_offset);
++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t
seg_size,
++ struct device *data_device, uint64_t data_offset);
+
+ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t
flags);
+ int dm_status_device(struct crypt_device *cd, const char *name);
+--- a/tests/integrity-compat-test
++++ b/tests/integrity-compat-test
+@@ -7,6 +7,8 @@ INTSETUP_VALGRIND=../.libs/integritysetu
+ INTSETUP_LIB_VALGRIND=../.libs
+
+ DEV_NAME=dmc_test
++DEV_NAME_BIG=dmc_fake
++DEV_LOOP=""
+ DEV=test123.img
+ DEV2=test124.img
+ KEY_FILE=key.img
+@@ -18,6 +20,9 @@ dmremove() { # device
+
+ cleanup() {
+ [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
++ [ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG
++ [ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
++ DEV_LOOP=""
+ rm -f $DEV $DEV2 $KEY_FILE >/dev/null 2>&1
+ }
+
+@@ -282,6 +287,7 @@ int_mode() # alg tag_size sector_size [k
+
+ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test
skipped."
+ [ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped."
++which blockdev >/dev/null || skip "Cannot find blockdev utility, test
skipped."
+
+ [ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run
+ which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required."
+@@ -358,6 +364,26 @@ if [ -n "$DM_INTEGRITY_META" ] ; then
+ echo "[OK]"
+ else
+ echo "[N/A]"
++fi
++
++echo -n "Big device:"
++add_device
++DEV_LOOP=$(losetup -f $DEV --show)
++if [ -n "$DEV_LOOP" ] ; then
++dmsetup create $DEV_NAME_BIG <<EOF
++0 16284 linear $DEV_LOOP 0
++16284 80000000000 zero
++EOF
++ [ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail
++ $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG
++ $INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail
++ D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep
provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
++ A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
++ # Compare strings (to avoid 64bit integers), not integers
++ [ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
++ echo "[OK]"
++else
++ echo "[N/A]"
+ fi
+
+ cleanup
diff -Nru
cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
---
cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
1970-01-01 01:00:00.000000000 +0100
+++
cryptsetup-2.1.0/debian/patches/Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,86 @@
+From 725720dfc31ff26c4a60089a478fe5e882925ef3 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyl...@gmail.com>
+Date: Wed, 14 Aug 2019 12:31:40 +0200
+Subject: Fix volume key file if no LUKS2 keyslots are present.
+
+If all keyslots are removed, LUKS2 has no longer information about
+the volume key size (there is only key digest present).
+
+If user wants to open or add new keyslot, it must get information
+about key size externally.
+
+We do not want to guess key size from the file size (it does not
+work for block devices for example), so require explicit --keyfil
+option in these cases.
+
+Fixes #470.
+---
+ src/cryptsetup.c | 18 ++++++++++++++++--
+ tests/compat-test2 | 7 ++++++-
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+--- a/src/cryptsetup.c
++++ b/src/cryptsetup.c
+@@ -1249,6 +1249,13 @@ static int action_open_luks(void)
+
+ if (opt_master_key_file) {
+ keysize = crypt_get_volume_key_size(cd);
++ if (!keysize && !opt_key_size) {
++ log_err(_("Cannot dermine volume key size for LUKS
without keyslots, please use --key-size option."));
++ r = -EINVAL;
++ goto out;
++ } else if (!keysize)
++ keysize = opt_key_size / 8;
++
+ r = tools_read_mk(opt_master_key_file, &key, keysize);
+ if (r < 0)
+ goto out;
+@@ -1553,6 +1560,13 @@ static int action_luksAddKey(void)
+ }
+
+ if (opt_master_key_file) {
++ if (!keysize && !opt_key_size) {
++ log_err(_("Cannot dermine volume key size for LUKS
without keyslots, please use --key-size option."));
++ r = -EINVAL;
++ goto out;
++ } else if (!keysize)
++ keysize = opt_key_size / 8;
++
+ r = tools_read_mk(opt_master_key_file, &key, keysize);
+ if (r < 0)
+ goto out;
+@@ -2752,9 +2766,9 @@ int main(int argc, const char **argv)
+ strcmp(aname, "luksFormat") &&
+ strcmp(aname, "open") &&
+ strcmp(aname, "benchmark") &&
+- (strcmp(aname, "luksAddKey") || !opt_unbound))
++ strcmp(aname, "luksAddKey"))
+ usage(popt_context, EXIT_FAILURE,
+- _("Option --key-size is allowed only for luksFormat,
luksAddKey (with --unbound),\n"
++ _("Option --key-size is allowed only for luksFormat,
luksAddKey,\n"
+ "open and benchmark actions. To limit read from keyfile
use --keyfile-size=(bytes)."),
+ poptGetInvocationName(popt_context));
+
+--- a/tests/compat-test2
++++ b/tests/compat-test2
+@@ -492,7 +492,7 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPD
+ $CRYPTSETUP luksClose $DEV_NAME || fail
+
+ prepare "[21] luksDump" wipe
+-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID
--type luks2 $LOOPDEV $KEY1 || fail
++echo $PWD1 | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid
$TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail
+ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
+@@ -504,6 +504,11 @@ echo $PWD1 | $CRYPTSETUP luksDump -q $LO
+ fips_mode || {
+ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file
$VK_FILE $LOOPDEV || fail
+ }
++# Use volume key file without keyslots
++$CRYPTSETUP luksErase -q $LOOPDEV || fail
++$CRYPTSETUP luksOpen --master-key-file $VK_FILE --key-size 256
--test-passphrase $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file
$VK_FILE --key-size 256 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $LOOPDEV || fail
+
+ prepare "[22] remove disappeared device" wipe
+ dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail
diff -Nru
cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch
cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch
---
cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch
1970-01-01 01:00:00.000000000 +0100
+++
cryptsetup-2.1.0/debian/patches/Mention-limitation-of-crypt_get_volume_key_size.patch
2019-08-26 14:54:10.000000000 +0200
@@ -0,0 +1,20 @@
+From fe4e1de56639f1e6851ff8e47729f703a25dece4 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyl...@gmail.com>
+Date: Mon, 29 Jul 2019 14:32:13 +0200
+Subject: Mention limitation of crypt_get_volume_key_size().
+
+---
+ lib/libcryptsetup.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/lib/libcryptsetup.h
++++ b/lib/libcryptsetup.h
+@@ -1448,6 +1448,8 @@ uint64_t crypt_get_iv_offset(struct cryp
+ *
+ * @return volume key size
+ *
++ * @note For LUKS2, this function can be used only if there is at least
++ * one keyslot assigned to data segment.
+ */
+ int crypt_get_volume_key_size(struct crypt_device *cd);
+
diff -Nru cryptsetup-2.1.0/debian/patches/series
cryptsetup-2.1.0/debian/patches/series
--- cryptsetup-2.1.0/debian/patches/series 1970-01-01 01:00:00.000000000
+0100
+++ cryptsetup-2.1.0/debian/patches/series 2019-08-26 14:54:10.000000000
+0200
@@ -0,0 +1,4 @@
+Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch
+Mention-limitation-of-crypt_get_volume_key_size.patch
+Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch
+Fix-mapped-segments-overflow-on-32bit-architectures.patch
diffstat for cryptsetup-2.1.0 cryptsetup-2.1.0 changelog | 7 patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch | 151 ++++++++++ patches/series | 1 3 files changed, 159 insertions(+) diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog --- cryptsetup-2.1.0/debian/changelog 2019-08-16 19:18:10.000000000 +0200 +++ cryptsetup-2.1.0/debian/changelog 2019-08-26 14:54:10.000000000 +0200 @@ -1,3 +1,10 @@ +cryptsetup (2:2.1.0-5+deb10u2) buster; urgency=medium + + * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on + 32bit architectures. Regression since 2:2.1.0-1. (Closes: #935702) + + -- Guilhem Moulin <guil...@debian.org> Mon, 26 Aug 2019 14:54:10 +0200 + cryptsetup (2:2.1.0-5+deb10u1) buster; urgency=high * Backport upstream commits c03e3fe8, 725720df and fe4e1de5 to fix support diff -Nru cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch --- cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch 1970-01-01 01:00:00.000000000 +0100 +++ cryptsetup-2.1.0/debian/patches/Fix-mapped-segments-overflow-on-32bit-architectures.patch 2019-08-26 14:54:10.000000000 +0200 @@ -0,0 +1,151 @@ +From 8f8f0b3258152a260c6a40be89b485f943f81484 Mon Sep 17 00:00:00 2001 +From: Milan Broz <gmazyl...@gmail.com> +Date: Mon, 26 Aug 2019 10:01:17 +0200 +Subject: Fix mapped segments overflow on 32bit architectures. + +All set_segment functions must use uin64_t everywhere, +not size_t that is platform dependent. + +The code later uses it correctly, it is just wrong function +prototype definitions. + +Reported in +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702 + +(TODO: add a test for other segment types.) +--- + lib/libdevmapper.c | 12 ++++++------ + lib/utils_dm.h | 12 ++++++------ + tests/integrity-compat-test | 26 ++++++++++++++++++++++++++ + 3 files changed, 38 insertions(+), 12 deletions(-) + +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -2592,9 +2592,9 @@ int dm_is_dm_kernel_name(const char *nam + return strncmp(name, "dm-", 3) ? 0 : 1; + } + +-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct volume_key *vk, const char *cipher, +- size_t iv_offset, size_t data_offset, const char *integrity, uint32_t tag_size, ++ uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size, + uint32_t sector_size) + { + int r = -EINVAL; +@@ -2632,7 +2632,7 @@ err: + return r; + } + +-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct device *hash_device, struct device *fec_device, + const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block, + uint64_t hash_blocks, struct crypt_params_verity *vp) +@@ -2658,7 +2658,7 @@ int dm_verity_target_set(struct dm_targe + return 0; + } + +-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *meta_device, + struct device *data_device, uint64_t tag_size, uint64_t offset, + uint32_t sector_size, struct volume_key *vk, +@@ -2697,8 +2697,8 @@ int dm_integrity_target_set(struct dm_ta + return 0; + } + +-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, +- struct device *data_device, size_t data_offset) ++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, ++ struct device *data_device, uint64_t data_offset) + { + if (!data_device) + return -EINVAL; +--- a/lib/utils_dm.h ++++ b/lib/utils_dm.h +@@ -156,22 +156,22 @@ void dm_backend_exit(struct crypt_device + int dm_targets_allocate(struct dm_target *first, unsigned count); + void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd); + +-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct volume_key *vk, const char *cipher, +- size_t iv_offset, size_t data_offset, const char *integrity, ++ uint64_t iv_offset, uint64_t data_offset, const char *integrity, + uint32_t tag_size, uint32_t sector_size); +-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct device *hash_device, struct device *fec_device, + const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block, + uint64_t hash_blocks, struct crypt_params_verity *vp); +-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, ++int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *meta_device, + struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size, + struct volume_key *vk, + struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, + const struct crypt_params_integrity *ip); +-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size, +- struct device *data_device, size_t data_offset); ++int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, ++ struct device *data_device, uint64_t data_offset); + + int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags); + int dm_status_device(struct crypt_device *cd, const char *name); +--- a/tests/integrity-compat-test ++++ b/tests/integrity-compat-test +@@ -7,6 +7,8 @@ INTSETUP_VALGRIND=../.libs/integritysetu + INTSETUP_LIB_VALGRIND=../.libs + + DEV_NAME=dmc_test ++DEV_NAME_BIG=dmc_fake ++DEV_LOOP="" + DEV=test123.img + DEV2=test124.img + KEY_FILE=key.img +@@ -18,6 +20,9 @@ dmremove() { # device + + cleanup() { + [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME ++ [ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG ++ [ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP" ++ DEV_LOOP="" + rm -f $DEV $DEV2 $KEY_FILE >/dev/null 2>&1 + } + +@@ -282,6 +287,7 @@ int_mode() # alg tag_size sector_size [k + + [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." + [ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped." ++which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped." + + [ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run + which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required." +@@ -358,6 +364,26 @@ if [ -n "$DM_INTEGRITY_META" ] ; then + echo "[OK]" + else + echo "[N/A]" ++fi ++ ++echo -n "Big device:" ++add_device ++DEV_LOOP=$(losetup -f $DEV --show) ++if [ -n "$DEV_LOOP" ] ; then ++dmsetup create $DEV_NAME_BIG <<EOF ++0 16284 linear $DEV_LOOP 0 ++16284 80000000000 zero ++EOF ++ [ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail ++ $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG ++ $INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail ++ D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g') ++ A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME) ++ # Compare strings (to avoid 64bit integers), not integers ++ [ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail ++ echo "[OK]" ++else ++ echo "[N/A]" + fi + + cleanup diff -Nru cryptsetup-2.1.0/debian/patches/series cryptsetup-2.1.0/debian/patches/series --- cryptsetup-2.1.0/debian/patches/series 2019-08-16 19:18:10.000000000 +0200 +++ cryptsetup-2.1.0/debian/patches/series 2019-08-26 14:54:10.000000000 +0200 @@ -1,3 +1,4 @@ Fix-getting-default-LUKS2-keyslot-encryption-paramet.patch Mention-limitation-of-crypt_get_volume_key_size.patch Fix-volume-key-file-if-no-LUKS2-keyslots-are-present.patch +Fix-mapped-segments-overflow-on-32bit-architectures.patch
signature.asc
Description: PGP signature
