Do not compile unused internal argon2 implementation.

cryptsetup-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch

@@ -0,0 +1,61 @@
+From b417154e71b571607513a768b3cb8e4587f00ba8 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Fri, 9 Feb 2024 12:37:10 +0100
+Subject: [PATCH] Fix configure Argon2 OpenSSL detection to not compile
+ internal Argon2.
+
+Code is not called anyway, but should be completely disabled.
+Note: there is intentionally no way to disable OpenSSL Argon2 if present.
+---
+ configure.ac | 4 ++--
+ meson.build  | 5 ++++-
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 84cef4ba..2e2f7d9e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -346,7 +346,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
+ 
+ 	saved_LIBS=$LIBS
+ 	AC_CHECK_DECLS([OSSL_get_max_threads], [], [], [#include <openssl/thread.h>])
+-	AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [], [], [#include <openssl/core_names.h>])
++	AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [use_internal_argon2=0], [], [#include <openssl/core_names.h>])
+ 	LIBS=$saved_LIBS
+ ])
+ 
+@@ -523,7 +523,7 @@ AC_ARG_ENABLE([libargon2],
+ 
+ if test $use_internal_argon2 = 0 -o "x$enable_internal_argon2" = "xno" ; then
+ 	if test "x$enable_internal_argon2" = "xyes" -o "x$enable_libargon" = "xyes"; then
+-		AC_MSG_WARN([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.])
++		AC_MSG_NOTICE([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.])
+ 	fi
+ 	enable_internal_argon2=no
+ 	enable_internal_sse_argon2=no
+diff --git a/meson.build b/meson.build
+index b26c71c4..2aba2f28 100644
+--- a/meson.build
++++ b/meson.build
+@@ -512,6 +512,9 @@ elif get_option('crypto-backend') == 'openssl'
+     conf.set10('HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION',
+         cc.has_header_symbol('openssl/core_names.h', 'OSSL_KDF_PARAM_ARGON2_VERSION',
+             dependencies: crypto_backend_library))
++    if conf.get('HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION') == 1
++        use_internal_argon2 = false
++    endif
+ elif get_option('crypto-backend') == 'nss'
+     if get_option('fips')
+         error('nss crypto backend is not supported with FIPS enabled')
+@@ -560,7 +563,7 @@ threads = []
+ use_internal_sse_argon2 = false
+ if not use_internal_argon2 or get_option('argon-implementation') == 'none'
+     if get_option('argon-implementation') == 'internal' or get_option('argon-implementation') == 'libargon2'
+-        warning('Argon2 in crypto library is used; internal Argon2 options are ignored.')
++        message('Argon2 in crypto library is used; internal Argon2 options are ignored.')
+     endif
+     conf.set10('USE_INTERNAL_ARGON2', false,
+         description: 'Use internal Argon2.')
+-- 
+2.43.0
+

cryptsetup.spec

@@ -18,6 +18,8 @@ Provides: %{name}-reencrypt = %{version}
 %global upstream_version %{version_no_tilde}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz
 
+Patch0:  %{name}-2.7.1-Fix-configure-Argon2-OpenSSL-detection-to-not-compil.patch
+
 %description
 The cryptsetup package contains a utility for setting up
 disk encryption using dm-crypt kernel module.
@@ -68,8 +70,7 @@ disk integrity protection using dm-integrity kernel module.
 rm -f man/*.8
 
 ./autogen.sh
-%configure --enable-fips --enable-pwquality --enable-asciidoc \
-  %{?rhel:--enable-internal-sse-argon2}
+%configure --enable-fips --enable-pwquality --enable-asciidoc --enable-internal-sse-argon2
 %make_build
 
 %install
@@ -120,6 +121,7 @@ rm -rf %{buildroot}%{_libdir}/%{name}/*.la
 %changelog
 * Fri Feb 09 2024 Ondrej Kozina <okozina@redhat.com> - 2.7.0-2
 - Rebuild for OpenSSL Argon2 implementation (OpenSSL 3.2)
+- patch: Do not compile unused internal argon2 implementation
 
 * Wed Jan 24 2024 Ondrej Kozina <okozina@redhat.com> - 2.7.0-1
 - Update to cryptsetup 2.7.0.