Report Argon2 crypto backend version in debug output

For Argon2 native code (gcrypt, OpenSSL) a flag in debug output is printed. If libargon is used, then [cryptsetup libargon2] is printed (embedded code) or [external libargon2] for dynamic external library. # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [external libargon2]) or # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [cryptsetup libargon2]) Fixes: #851
2025-12-05 16:00:05 +01:00 · 2023-12-16 12:25:46 +01:00
parent e5511b1920
commit 7db221e47e
5 changed files with 42 additions and 11 deletions
--- a/lib/crypto_backend/argon2_generic.c
+++ b/lib/crypto_backend/argon2_generic.c
@@ -52,6 +52,9 @@ int argon2(const char *type, const char *password, size_t password_length,
 	};
 	int r;
 	/* This code must not be run if crypt backend library natively supports Argon2 */
 	assert(!(crypt_backend_flags() & CRYPT_BACKEND_ARGON2));
 	if (!strcmp(type, "argon2i"))
 		atype = Argon2_i;
 	else if(!strcmp(type, "argon2id"))
@@ -87,3 +90,19 @@ int argon2(const char *type, const char *password, size_t password_length,
 }
 #endif
 /* Additional string for crypt backend version */
 const char *crypt_argon2_version(void)
 {
 	const char *version = "";
 	if (crypt_backend_flags() & CRYPT_BACKEND_ARGON2)
 		return version;
 #if HAVE_ARGON2_H /* this has priority over internal argon2 */
 	version = " [external libargon2]";
 #elif USE_INTERNAL_ARGON2
 	version = " [cryptsetup libargon2]";
 #endif
 	return version;
 }
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -43,9 +43,11 @@ void crypt_backend_destroy(void);
 #define CRYPT_BACKEND_KERNEL     (1 << 0) /* Crypto uses kernel part, for benchmark */
 #define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */
 #define CRYPT_BACKEND_ARGON2     (1 << 2) /* Backend provides native Argon2 implementation */
 uint32_t crypt_backend_flags(void);
 const char *crypt_backend_version(void);
 const char *crypt_argon2_version(void);
 /* HASH */
 int crypt_hash_size(const char *name);
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -127,10 +127,11 @@ int crypt_backend_init(bool fips __attribute__((unused)))
 	crypto_backend_initialised = 1;
 	crypt_hash_test_whirlpool_bug();
-	r = snprintf(version, sizeof(version), "gcrypt %s%s%s",
+	r = snprintf(version, sizeof(version), "gcrypt %s%s%s%s",
 		 gcry_check_version(NULL),
 		 crypto_backend_secmem ? "" : ", secmem disabled",
-		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "");
+		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "",
 		 crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? ", argon2" : "");
 	if (r < 0 || (size_t)r >= sizeof(version))
 		return -EINVAL;
@@ -152,7 +153,11 @@ const char *crypt_backend_version(void)
 uint32_t crypt_backend_flags(void)
 {
-	return 0;
+	uint32_t flags = 0;
 #if HAVE_DECL_GCRY_KDF_ARGON2 && !USE_INTERNAL_ARGON2
 	flags |= CRYPT_BACKEND_ARGON2;
 #endif
 	return flags;
 }
 static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -197,12 +197,13 @@ static int openssl_backend_init(bool fips)
 	    OSSL_get_max_threads(ossl_ctx) == MAX_THREADS)
 		ossl_threads = true;
-	r = snprintf(backend_version, sizeof(backend_version), "%s%s%s%s%s",
+	r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s%s%s",
 		OpenSSL_version(OPENSSL_VERSION),
 		ossl_default ? "[default]" : "",
 		ossl_legacy  ? "[legacy]" : "",
 		fips  ? "[fips]" : "",
-		ossl_threads ? "[threads]" : "");
+		ossl_threads ? "[threads]" : "",
 		crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? "[argon2]" : "");
 	if (r < 0 || (size_t)r >= sizeof(backend_version)) {
 		openssl_backend_exit();
@@ -251,11 +252,14 @@ void crypt_backend_destroy(void)
 uint32_t crypt_backend_flags(void)
 {
-#if OPENSSL_VERSION_MAJOR >= 3
+	uint32_t flags = 0;
-	return 0;
+#if OPENSSL_VERSION_MAJOR < 3
-#else
+	flags |= CRYPT_BACKEND_PBKDF2_INT;
 	return CRYPT_BACKEND_PBKDF2_INT;
 #endif
 #if HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION
 	flags |= CRYPT_BACKEND_ARGON2;
 #endif
 	return flags;
 }
 const char *crypt_backend_version(void)
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -285,8 +285,9 @@ int init_crypto(struct crypt_device *ctx)
 		log_err(ctx, _("Cannot initialize crypto backend."));
 	if (!r && !_crypto_logged) {
-		log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.",
+		log_dbg(ctx, "Crypto backend (%s%s) initialized in cryptsetup library version %s.",
-			crypt_backend_version(), PACKAGE_VERSION);
+			crypt_backend_version(), crypt_argon2_version(), PACKAGE_VERSION);
 		if (!uname(&uts))
 			log_dbg(ctx, "Detected kernel %s %s %s.",
 				uts.sysname, uts.release, uts.machine);