Updated cryptsetup-luks packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 6.
The cryptsetup-luks packages provide a utility which allows users to set up encrypted devices with the Device Mapper and the dm-crypt target.
- When the cryptsetup or libcryptsetup utility was run in FIPS (Federal Information Processing Standards) mode, the "Running in FIPS mode." message was displayed during initialization of all commands. This sometimes caused minor issues with associated scripts. This bug has been fixed and the message is now displayed only in verbose mode.
- Prior to this update, several directives were missing in cryptsetup status command implementation. Therefore, the cryptsetup status command always returned the exit code 0 when verifying the status of a mapped device. To fix this issue, the code has been modified. The cryptsetup status command now returns the 0 value only if the device checked is active.
- Previously, the libcryptsetup crypt_get_volume_key() function allowed to perform an action not compliant with FIPS. To conform FIPS requirements, the function is now disabled in FIPS mode and returns an EACCES error code to indicate it. Note that the "luksDump --dump-master-key" command and the key escrow functionality of the volume_key package are also disabled in FIPS mode as a consequence of this update.
All users of cryptsetup-luks are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.