diff --git a/cryptsetup-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch b/cryptsetup-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch new file mode 100644 index 0000000..a3556fa --- /dev/null +++ b/cryptsetup-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch @@ -0,0 +1,61 @@ +From b417154e71b571607513a768b3cb8e4587f00ba8 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Fri, 9 Feb 2024 12:37:10 +0100 +Subject: [PATCH] Fix configure Argon2 OpenSSL detection to not compile + internal Argon2. + +Code is not called anyway, but should be completely disabled. +Note: there is intentionally no way to disable OpenSSL Argon2 if present. +--- + configure.ac | 4 ++-- + meson.build | 5 ++++- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 84cef4ba..2e2f7d9e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -346,7 +346,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [ + + saved_LIBS=$LIBS + AC_CHECK_DECLS([OSSL_get_max_threads], [], [], [#include ]) +- AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [], [], [#include ]) ++ AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [use_internal_argon2=0], [], [#include ]) + LIBS=$saved_LIBS + ]) + +@@ -523,7 +523,7 @@ AC_ARG_ENABLE([libargon2], + + if test $use_internal_argon2 = 0 -o "x$enable_internal_argon2" = "xno" ; then + if test "x$enable_internal_argon2" = "xyes" -o "x$enable_libargon" = "xyes"; then +- AC_MSG_WARN([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.]) ++ AC_MSG_NOTICE([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.]) + fi + enable_internal_argon2=no + enable_internal_sse_argon2=no +diff --git a/meson.build b/meson.build +index b26c71c4..2aba2f28 100644 +--- a/meson.build ++++ b/meson.build +@@ -512,6 +512,9 @@ elif get_option('crypto-backend') == 'openssl' + conf.set10('HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION', + cc.has_header_symbol('openssl/core_names.h', 'OSSL_KDF_PARAM_ARGON2_VERSION', + dependencies: crypto_backend_library)) ++ if conf.get('HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION') == 1 ++ use_internal_argon2 = false ++ endif + elif get_option('crypto-backend') == 'nss' + if get_option('fips') + error('nss crypto backend is not supported with FIPS enabled') +@@ -560,7 +563,7 @@ threads = [] + use_internal_sse_argon2 = false + if not use_internal_argon2 or get_option('argon-implementation') == 'none' + if get_option('argon-implementation') == 'internal' or get_option('argon-implementation') == 'libargon2' +- warning('Argon2 in crypto library is used; internal Argon2 options are ignored.') ++ message('Argon2 in crypto library is used; internal Argon2 options are ignored.') + endif + conf.set10('USE_INTERNAL_ARGON2', false, + description: 'Use internal Argon2.') +-- +2.43.0 + diff --git a/cryptsetup.spec b/cryptsetup.spec index 50ea273..7249785 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -18,6 +18,8 @@ Provides: %{name}-reencrypt = %{version} %global upstream_version %{version_no_tilde} Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz +Patch0: %{name}-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch + %description The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module. @@ -68,8 +70,7 @@ disk integrity protection using dm-integrity kernel module. rm -f man/*.8 ./autogen.sh -%configure --enable-fips --enable-pwquality --enable-asciidoc \ - %{?rhel:--enable-internal-sse-argon2} +%configure --enable-fips --enable-pwquality --enable-asciidoc --enable-internal-sse-argon2 %make_build %install @@ -120,6 +121,7 @@ rm -rf %{buildroot}%{_libdir}/%{name}/*.la %changelog * Fri Feb 09 2024 Ondrej Kozina - 2.7.0-2 - Rebuild for OpenSSL Argon2 implementation (OpenSSL 3.2) +- patch: Do not compile unused internal argon2 implementation * Wed Jan 24 2024 Ondrej Kozina - 2.7.0-1 - Update to cryptsetup 2.7.0.