sha256 hash not supported after upgrading to 22.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Expired
|
Critical
|
Unassigned | ||
Kinetic |
Expired
|
Critical
|
Unassigned |
Bug Description
I just upgraded from 22.04 to 22.10, and I cannot open my LUKS volume.
here is as much information that I could find
```
$ sudo cryptsetup luksDump --debug /dev/nvme0n1p7
# cryptsetup 2.5.0 processing "cryptsetup luksDump --debug /dev/nvme0n1p7"
# Verifying parameters for command luksDump.
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/nvme0n1p7.
# Trying to open and read device /dev/nvme0n1p7 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/nvme0n1p7.
# Crypto backend (OpenSSL 3.0.5 5 Jul 2022 [default][legacy]) initialized in cryptsetup library version 2.5.0.
# Detected kernel Linux 5.19.0-23-generic x86_64.
Requested hash sha256 is not supported.
Device /dev/nvme0n1p7 is not a valid LUKS device.
# Releasing crypt device /dev/nvme0n1p7 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).
```
so the actual errors appears to be `Requested hash sha256 is not supported.`
I opened an issue on cryptsetup itself, but he is telling me its likely an OpenSSL miss-configuration, or a missing package. sha256 i mandatory
https:/
I am seeing reference to sha256 in `/etc/ssl/
but when I type just `openssl -v` I get ...
```
FATAL: Startup failure (dev note: apps_startup()) for openssl
4057E8D4727F000
4057E8D4727F000
4057E8D4727F000
```
could it be related?
Changed in cryptsetup (Ubuntu): | |
importance: | Undecided → Critical |
status: | New → Triaged |
tags: | added: foundations-todo |
Changed in cryptsetup (Ubuntu): | |
status: | Triaged → Incomplete |
Changed in cryptsetup (Ubuntu Kinetic): | |
status: | Triaged → Incomplete |
tags: | removed: foundations-todo |
I don't know if its the right solution for all ubuntu users.
but I found that I could comment out the two fips related line in the openssl config
and everything works now.
``` openssl. cnf
$ grep fips /etc/ssl/
# Optionally include a file that is generated by the OpenSSL fipsinstall
# fips provider. It contains a named section e.g. [fips_sect] which is
#.include fipsmodule.cnf
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
#fips = fips_sect
```