cryptsetup-luks bug fix and enhancement update

Updated cryptsetup-luks packages that fix several bugs and add various
enhancements are now available for Red Hat Enterprise Linux 6.

The cryptsetup-luks packages provide the utility allowing users to set up
encrypted devices with the Device Mapper and the dm-crypt target.

The cryptsetup-luks package has been upgraded to upstream version 1.2.0, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#658817)

In addition, these updated cryptsetup-luks packages provide fixes for the
following bugs:

* Previously, cryptsetup printed twice the error message notifying the user that
the queried device did not exist. With this update, the underlying code was
changed and the error message is displayed once. (BZ#612963)

* Prior to this update, when the user attempted to encrypt a device with the MD4
or MD5 hash algorithm, cryptsetup did not alert the user that the encryption
with those algorithms was not supported, had failed, and that therefore the
device could not be used. With this update, cryptsetup terminates the process
and prints a message advising the user to check if the required encryption
method is supported. (BZ#623121)

* Previously, cryptsetup did not remove keys as soon as possible from device
control buffers and therefore did not follow FIPS (Federal Information
Processing Standard). With this update, the underlying code has been changed and
the keys are removed from the buffers as soon as possible. (BZ#674825)

* Previously, if the user issued the "cryptsetup luksRemoveKey" command with the
"--key-file" parameter, the command removed the key defined in the standard
input. With this update, such command removes the key defined in the
"--key-file" parameter. (BZ#677634)

* Prior to this update, when updating with the "yum update" command, the
device-mapper-libs package was not updated. This occurred because the previous
version of the cryptsetup package was compatible with any version of the
package. This update adds the dependency to the cryptsetup package and the
device-mapper-libs is updated to provide the compatible device-mapper-libs
package. (BZ#692512)

* Previously, when running in FIPS mode, the salt for PBKDF2 (Password-Based Key
Derivation Function) was generated with the /dev/urandom device. According to
NIST Special Publication 800-132, all or a portion of the salt must be generated
with an approved random number generator. With this update, the salt is
generated with the FIPS RNG (Random Number Generator) and the criterion is met.
(BZ#693371)

These updated packages provide also the following enhancements:

* With this update, cryptsetup uses a FIPS certified random number generator for
generation of volume keys when running in FIPS mode. (BZ#663869)

* This update adds the integrity check of the cryptsetup binary and library for
FIPS mode. (BZ#663870)

Users are advised to upgrade to these updated cryptsetup-luks packages, which
resolve these bugs and add these enhancements.

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

612963 - error message is shown twice on cryptsetup status
623121 - md4 and md5 hashes are not supported by LUKS
658817 - Update cryptsetup to new version
692512 - cryptsetup should have dependency for device-mapper-libs