From e8bfb9be5fdabc395eb122c186f575a56572c7ae Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sun, 1 Sep 2024 00:38:57 +0200 Subject: [PATCH] Fix clang undefined version error for ssh token We use common libcryptsetup-token.sym version script that contain all symbols, but some of them are optional. As clang linker treats missing symbols as errors, the linker phase for ssh token fails as optional cryptsetup_token_buffer_free is not defined. (Most of distros has this option still disabled, though). As the sym file is also example for token authors, removing symbols there is not an option. For clang, we can use --undefined-version option, but it is not supported by other linkers, so it requires non-trivial checks for usable LDFLAGS (for both autoconf and meson). Instead, fix it by simply defining the symbol in ssh token, which duplicates the internal libcryptsetup functionality. Fixes: #830 --- tokens/libcryptsetup-token.sym | 18 +++++++++++------- tokens/ssh/libcryptsetup-token-ssh.c | 9 ++++++++- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/tokens/libcryptsetup-token.sym b/tokens/libcryptsetup-token.sym index 17ec59911..6ac241aaa 100644 --- a/tokens/libcryptsetup-token.sym +++ b/tokens/libcryptsetup-token.sym @@ -1,9 +1,13 @@ CRYPTSETUP_TOKEN_1.0 { - global: cryptsetup_token_open; - cryptsetup_token_open_pin; - cryptsetup_token_buffer_free; - cryptsetup_token_validate; - cryptsetup_token_dump; - cryptsetup_token_version; - local: *; + global: + /* Mandatory functions */ + cryptsetup_token_open; + cryptsetup_token_version; + + /* Optional functions */ + cryptsetup_token_open_pin; + cryptsetup_token_buffer_free; + cryptsetup_token_validate; + cryptsetup_token_dump; + local: *; }; diff --git a/tokens/ssh/libcryptsetup-token-ssh.c b/tokens/ssh/libcryptsetup-token-ssh.c index 2accb85e1..2b9ee0b36 100644 --- a/tokens/ssh/libcryptsetup-token-ssh.c +++ b/tokens/ssh/libcryptsetup-token-ssh.c @@ -39,13 +39,20 @@ int cryptsetup_token_open(struct crypt_device *cd, int token, char **password, size_t *password_len, void *usrptr); void cryptsetup_token_dump(struct crypt_device *cd, const char *json); int cryptsetup_token_validate(struct crypt_device *cd, const char *json); - +void cryptsetup_token_buffer_free(void *buffer, size_t buffer_len); const char *cryptsetup_token_version(void) { return TOKEN_VERSION_MAJOR "." TOKEN_VERSION_MINOR; } +void cryptsetup_token_buffer_free(void *buffer, size_t buffer_len) +{ + /* libcryptsetup API call */ + crypt_safe_memzero(buffer, buffer_len); + free(buffer); +} + static json_object *get_token_jobj(struct crypt_device *cd, int token) { const char *json_slot;