From e54c5a3bcecdc2e3fa60d96436752c051f0c113a Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sep 20 2022 11:49:02 +0000
Subject: import cryptsetup-2.4.3-4.el9_0.1


---

diff --git a/SOURCES/cryptsetup-2.5.1-Delegate-FIPS-mode-detection-to-configured-crypto-ba.patch b/SOURCES/cryptsetup-2.5.1-Delegate-FIPS-mode-detection-to-configured-crypto-ba.patch
new file mode 100644
index 0000000..2cd9115
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.1-Delegate-FIPS-mode-detection-to-configured-crypto-ba.patch
@@ -0,0 +1,364 @@
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_backend.h cryptsetup-2.4.3/lib/crypto_backend/crypto_backend.h
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_backend.h	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_backend.h	2022-08-10 17:04:13.727162964 +0200
+@@ -134,5 +134,8 @@ static inline void crypt_backend_memzero
+ 	while(n--) *p++ = 0;
+ #endif
+ }
++ 
++/* crypto backend running in FIPS mode */
++bool crypt_fips_mode(void);
+ 
+ #endif /* _CRYPTO_BACKEND_H */
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_gcrypt.c cryptsetup-2.4.3/lib/crypto_backend/crypto_gcrypt.c
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_gcrypt.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_gcrypt.c	2022-08-10 17:06:28.163895662 +0200
+@@ -550,3 +550,20 @@ out:
+ 	return -ENOTSUP;
+ #endif
+ }
++
++#if !ENABLE_FIPS
++bool crypt_fips_mode(void) { return false; }
++#else
++bool crypt_fips_mode(void)
++{
++	static bool fips_mode = false, fips_checked = false;
++
++	if (fips_checked)
++		return fips_mode;
++
++	fips_mode = gcry_fips_mode_active();
++	fips_checked = true;
++
++	return fips_mode;
++}
++#endif /* ENABLE FIPS */
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_kernel.c cryptsetup-2.4.3/lib/crypto_backend/crypto_kernel.c
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_kernel.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_kernel.c	2022-08-10 17:07:06.720105794 +0200
+@@ -416,3 +416,8 @@ int crypt_bitlk_decrypt_key(const void *
+ 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
+ 					      iv, iv_length, tag, tag_length);
+ }
++
++bool crypt_fips_mode(void)
++{
++	return false;
++}
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_nettle.c cryptsetup-2.4.3/lib/crypto_backend/crypto_nettle.c
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_nettle.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_nettle.c	2022-08-10 17:07:18.127167962 +0200
+@@ -446,3 +446,8 @@ int crypt_bitlk_decrypt_key(const void *
+ 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
+ 					      iv, iv_length, tag, tag_length);
+ }
++
++bool crypt_fips_mode(void)
++{
++	return false;
++}
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_nss.c cryptsetup-2.4.3/lib/crypto_backend/crypto_nss.c
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_nss.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_nss.c	2022-08-10 17:07:24.547202954 +0200
+@@ -395,3 +395,8 @@ int crypt_bitlk_decrypt_key(const void *
+ 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
+ 					      iv, iv_length, tag, tag_length);
+ }
++
++bool crypt_fips_mode(void)
++{
++	return false;
++}
+diff -rupN cryptsetup-2.4.3.old/lib/crypto_backend/crypto_openssl.c cryptsetup-2.4.3/lib/crypto_backend/crypto_openssl.c
+--- cryptsetup-2.4.3.old/lib/crypto_backend/crypto_openssl.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/crypto_backend/crypto_openssl.c	2022-08-10 17:05:51.483695770 +0200
+@@ -809,3 +809,29 @@ out:
+ 	return -ENOTSUP;
+ #endif
+ }
++
++#if !ENABLE_FIPS
++bool crypt_fips_mode(void) { return false; }
++#else
++static bool openssl_fips_mode(void)
++{
++#if OPENSSL_VERSION_MAJOR >= 3
++	return EVP_default_properties_is_fips_enabled(NULL);
++#else
++	return FIPS_mode();
++#endif
++}
++
++bool crypt_fips_mode(void)
++{
++	static bool fips_mode = false, fips_checked = false;
++
++	if (fips_checked)
++		return fips_mode;
++
++	fips_mode = openssl_fips_mode();
++	fips_checked = true;
++
++	return fips_mode;
++}
++#endif /* ENABLE FIPS */
+diff -rupN cryptsetup-2.4.3.old/lib/internal.h cryptsetup-2.4.3/lib/internal.h
+--- cryptsetup-2.4.3.old/lib/internal.h	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/internal.h	2022-08-10 17:03:00.348765820 +0200
+@@ -38,7 +38,6 @@
+ #include "utils_crypt.h"
+ #include "utils_loop.h"
+ #include "utils_dm.h"
+-#include "utils_fips.h"
+ #include "utils_keyring.h"
+ #include "utils_io.h"
+ #include "crypto_backend/crypto_backend.h"
+diff -rupN cryptsetup-2.4.3.old/lib/Makemodule.am cryptsetup-2.4.3/lib/Makemodule.am
+--- cryptsetup-2.4.3.old/lib/Makemodule.am	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/Makemodule.am	2022-08-10 17:03:00.342765787 +0200
+@@ -54,8 +54,6 @@ libcryptsetup_la_SOURCES = \
+ 	lib/utils_loop.h		\
+ 	lib/utils_devpath.c		\
+ 	lib/utils_wipe.c		\
+-	lib/utils_fips.c		\
+-	lib/utils_fips.h		\
+ 	lib/utils_device.c		\
+ 	lib/utils_keyring.c		\
+ 	lib/utils_keyring.h		\
+diff -rupN cryptsetup-2.4.3.old/lib/utils_fips.c cryptsetup-2.4.3/lib/utils_fips.c
+--- cryptsetup-2.4.3.old/lib/utils_fips.c	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/utils_fips.c	1970-01-01 01:00:00.000000000 +0100
+@@ -1,55 +0,0 @@
+-/*
+- * FIPS mode utilities
+- *
+- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
+- *
+- * This program is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU General Public License
+- * as published by the Free Software Foundation; either version 2
+- * of the License, or (at your option) any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+- */
+-
+-#include <unistd.h>
+-#include <fcntl.h>
+-#include <errno.h>
+-#include "utils_fips.h"
+-
+-#if !ENABLE_FIPS
+-bool crypt_fips_mode(void) { return false; }
+-#else
+-static bool fips_checked = false;
+-static bool fips_mode = false;
+-
+-static bool kernel_fips_mode(void)
+-{
+-	int fd;
+-	char buf[1] = "";
+-
+-	if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) {
+-		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+-		close(fd);
+-	}
+-
+-	return (buf[0] == '1');
+-}
+-
+-bool crypt_fips_mode(void)
+-{
+-	if (fips_checked)
+-		return fips_mode;
+-
+-	fips_mode = kernel_fips_mode() && !access("/etc/system-fips", F_OK);
+-	fips_checked = true;
+-
+-	return fips_mode;
+-}
+-#endif /* ENABLE_FIPS */
+diff -rupN cryptsetup-2.4.3.old/lib/utils_fips.h cryptsetup-2.4.3/lib/utils_fips.h
+--- cryptsetup-2.4.3.old/lib/utils_fips.h	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/lib/utils_fips.h	1970-01-01 01:00:00.000000000 +0100
+@@ -1,28 +0,0 @@
+-/*
+- * FIPS mode utilities
+- *
+- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
+- *
+- * This program is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU General Public License
+- * as published by the Free Software Foundation; either version 2
+- * of the License, or (at your option) any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+- */
+-
+-#ifndef _UTILS_FIPS_H
+-#define _UTILS_FIPS_H
+-
+-#include <stdbool.h>
+-
+-bool crypt_fips_mode(void);
+-
+-#endif /* _UTILS_FIPS_H */
+diff -rupN cryptsetup-2.4.3.old/Makefile.in cryptsetup-2.4.3/Makefile.in
+--- cryptsetup-2.4.3.old/Makefile.in	2022-01-13 10:24:33.000000000 +0100
++++ cryptsetup-2.4.3/Makefile.in	2022-08-10 17:28:09.508914077 +0200
+@@ -281,7 +281,6 @@ am_libcryptsetup_la_OBJECTS = lib/libcry
+ 	lib/libcryptsetup_la-utils_loop.lo \
+ 	lib/libcryptsetup_la-utils_devpath.lo \
+ 	lib/libcryptsetup_la-utils_wipe.lo \
+-	lib/libcryptsetup_la-utils_fips.lo \
+ 	lib/libcryptsetup_la-utils_device.lo \
+ 	lib/libcryptsetup_la-utils_keyring.lo \
+ 	lib/libcryptsetup_la-utils_device_locking.lo \
+@@ -547,7 +546,6 @@ am__depfiles_remade = lib/$(DEPDIR)/cryp
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo \
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo \
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo \
+-	lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo \
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo \
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo \
+ 	lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo \
+@@ -1036,8 +1034,6 @@ libcryptsetup_la_SOURCES = \
+ 	lib/utils_loop.h		\
+ 	lib/utils_devpath.c		\
+ 	lib/utils_wipe.c		\
+-	lib/utils_fips.c		\
+-	lib/utils_fips.h		\
+ 	lib/utils_device.c		\
+ 	lib/utils_keyring.c		\
+ 	lib/utils_keyring.h		\
+@@ -1551,8 +1547,6 @@ lib/libcryptsetup_la-utils_devpath.lo: l
+ 	lib/$(DEPDIR)/$(am__dirstamp)
+ lib/libcryptsetup_la-utils_wipe.lo: lib/$(am__dirstamp) \
+ 	lib/$(DEPDIR)/$(am__dirstamp)
+-lib/libcryptsetup_la-utils_fips.lo: lib/$(am__dirstamp) \
+-	lib/$(DEPDIR)/$(am__dirstamp)
+ lib/libcryptsetup_la-utils_device.lo: lib/$(am__dirstamp) \
+ 	lib/$(DEPDIR)/$(am__dirstamp)
+ lib/libcryptsetup_la-utils_keyring.lo: lib/$(am__dirstamp) \
+@@ -1811,7 +1805,6 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo@am__quote@ # am--include-marker
+-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo@am__quote@ # am--include-marker
+@@ -2105,13 +2098,6 @@ lib/libcryptsetup_la-utils_wipe.lo: lib/
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_wipe.lo `test -f 'lib/utils_wipe.c' || echo '$(srcdir)/'`lib/utils_wipe.c
+ 
+-lib/libcryptsetup_la-utils_fips.lo: lib/utils_fips.c
+-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_fips.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c
+-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='lib/utils_fips.c' object='lib/libcryptsetup_la-utils_fips.lo' libtool=yes @AMDEPBACKSLASH@
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c
+-
+ lib/libcryptsetup_la-utils_device.lo: lib/utils_device.c
+ @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_device.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo -c -o lib/libcryptsetup_la-utils_device.lo `test -f 'lib/utils_device.c' || echo '$(srcdir)/'`lib/utils_device.c
+ @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
+@@ -2987,7 +2973,6 @@ distclean: distclean-recursive
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo
+-	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo
+@@ -3124,7 +3109,6 @@ maintainer-clean: maintainer-clean-recur
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo
+-	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo
+ 	-rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo
+diff -rupN cryptsetup-2.4.3.old/po/POTFILES.in cryptsetup-2.4.3/po/POTFILES.in
+--- cryptsetup-2.4.3.old/po/POTFILES.in	2022-01-13 10:23:53.000000000 +0100
++++ cryptsetup-2.4.3/po/POTFILES.in	2022-08-10 17:03:30.306926994 +0200
+@@ -6,7 +6,6 @@ lib/volumekey.c
+ lib/crypt_plain.c
+ lib/utils_crypt.c
+ lib/utils_loop.c
+-lib/utils_fips.c
+ lib/utils_device.c
+ lib/utils_devpath.c
+ lib/utils_pbkdf.c
+diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.h cryptsetup-2.4.3/src/cryptsetup.h
+--- cryptsetup-2.4.3.old/src/cryptsetup.h	2022-01-13 10:14:51.000000000 +0100
++++ cryptsetup-2.4.3/src/cryptsetup.h	2022-08-10 17:03:30.307926999 +0200
+@@ -44,7 +44,6 @@
+ #include "lib/bitops.h"
+ #include "lib/utils_crypt.h"
+ #include "lib/utils_loop.h"
+-#include "lib/utils_fips.h"
+ #include "lib/utils_io.h"
+ #include "lib/utils_blkid.h"
+ #include "lib/libcryptsetup_macros.h"
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test cryptsetup-2.4.3/tests/compat-test
+--- cryptsetup-2.4.3.old/tests/compat-test	2022-08-10 16:36:36.593578847 +0200
++++ cryptsetup-2.4.3/tests/compat-test	2022-08-10 17:03:30.308927004 +0200
+@@ -44,7 +44,7 @@ KEY_MATERIAL5_EXT="S331776-395264"
+ TEST_UUID="12345678-1234-1234-1234-123456789abc"
+ 
+ LOOPDEV=$(losetup -f 2>/dev/null)
+-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
++FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+ 
+ function remove_mapping()
+ {
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test2 cryptsetup-2.4.3/tests/compat-test2
+--- cryptsetup-2.4.3.old/tests/compat-test2	2022-08-10 16:36:57.610677161 +0200
++++ cryptsetup-2.4.3/tests/compat-test2	2022-08-10 17:03:30.308927004 +0200
+@@ -42,7 +42,7 @@ FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-f
+ TEST_UUID="12345678-1234-1234-1234-123456789abc"
+ 
+ LOOPDEV=$(losetup -f 2>/dev/null)
+-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
++FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+ 
+ function remove_mapping()
+ {
+diff -rupN cryptsetup-2.4.3.old/tests/keyring-compat-test cryptsetup-2.4.3/tests/keyring-compat-test
+--- cryptsetup-2.4.3.old/tests/keyring-compat-test	2022-08-10 16:36:36.594578852 +0200
++++ cryptsetup-2.4.3/tests/keyring-compat-test	2022-08-10 17:09:55.062022004 +0200
+@@ -26,7 +26,7 @@ PWD="aaa"
+ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+ 
+-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
++FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+ 
+ function remove_mapping()
+ {
+diff -rupN cryptsetup-2.4.3.old/tests/luks2-reencryption-test cryptsetup-2.4.3/tests/luks2-reencryption-test
+--- cryptsetup-2.4.3.old/tests/luks2-reencryption-test	2022-08-10 16:37:14.711757148 +0200
++++ cryptsetup-2.4.3/tests/luks2-reencryption-test	2022-08-10 17:03:30.310927015 +0200
+@@ -25,7 +25,7 @@ PWD2="1cND4319812f"
+ PWD3="1-9Qu5Ejfnqv"
+ DEV_LINK="reenc-test-link"
+ 
+-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
++FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+ 
+ function dm_crypt_features()
+ {
diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec
index 1277cde..e7cafa2 100644
--- a/SPECS/cryptsetup.spec
+++ b/SPECS/cryptsetup.spec
@@ -1,7 +1,7 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
 Version: 2.4.3
-Release: 4%{?dist}
+Release: 4%{?dist}.1
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@@ -23,6 +23,7 @@ Patch0002: %{name}-2.5.0-Get-rid-of-SHA1-in-tests.patch
 Patch0003: %{name}-2.5.0-Do-not-use-too-small-key-in-tests.patch
 Patch0004: %{name}-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
 Patch0005: %{name}-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
+Patch0006: %{name}-2.5.1-Delegate-FIPS-mode-detection-to-configured-crypto-ba.patch
 Patch9999: %{name}-add-system-library-paths.patch
 
 %description
@@ -120,6 +121,10 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Tue Aug 16 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-4.1
+- patch: Delegate FIPS mode detection to crypto backend.
+- Resolves: #2118654
+
 * Thu Feb 24 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-4
 - patch: Fix broken upstream test.
 - Resolves: #2056439