Comment 0 for bug 2032659

[ Impact ]

 * Crytpsetup has some fips awerness

 * Ubuntu provides fips certified kernels & openssl

 * When vanilla cryptsetup observes fips kernel & openssl it fails to operate, at all

 * It appears the fips awerness in cryptsetup package is obsolete and out of date - i.e. if none of the checks were present, it would actually behaved in a fips compliant way, but it currently instead fails.

[ Test Plan ]

 * cherry-pick updated patches to cryptsetup to ensure it has correct modern fips mode detection

 * observe that cryptsetup can create new encrypted volume successfully / unchanged behaviour on vanilla ubuntu

 * observe that cryptsetup can create new encrypted volume successfully on fips ubuntu

[ Where problems could occur ]

 * The change is confined to cryptsetup backend usage (typically openssl) and is related to detecting kernel & openssl modes. There is no other functional changes. But for example strace calls will look slightly different - as possibly observable with strace it will try to open /proc/sys/crypto/fips and call into additional openssl apis.

[ Other Info ]

 * Detected during FIPS certification of Jammy