Skip to content

Argon2 via OpenSSL >= 3.2#9602

Draft
ThomasWaldmann wants to merge 8 commits into
borgbackup:masterfrom
ThomasWaldmann:argon2-via-openssl32
Draft

Argon2 via OpenSSL >= 3.2#9602
ThomasWaldmann wants to merge 8 commits into
borgbackup:masterfrom
ThomasWaldmann:argon2-via-openssl32

Conversation

@ThomasWaldmann
Copy link
Copy Markdown
Member

@ThomasWaldmann ThomasWaldmann commented May 11, 2026

No description provided.

@ThomasWaldmann
use argon2 from openssl >= 3.2, drop argon2-cffi, fixes borgbackup#7963
9fa76bc 
- src/borg/crypto/low_level.pyx: implement `argon2_hash` using OpenSSL's
  `EVP_KDF` API for ARGON2 (requires OpenSSL >= 3.2.0).
- src/borg/crypto/key.py: switch to the native `argon2_hash` implementation,
  removing `argon2-cffi` dependency.
- setup.py: require OpenSSL >= 3.2.0 for the crypto extension to ensure
  ARGON2 KDF support is available.
- pyproject.toml: drop `argon2-cffi` dependency.
- docs: update installation requirements and security documentation to
  reflect the transition to OpenSSL for Argon2.
@ThomasWaldmann
CI: use FreeBSD 15.0 (has OpenSSL 3.5.x)
84707a7
@ThomasWaldmann
temp: for now, remove all ubuntu based testing, we need 26.04!
02214a2
@codecov
Copy link
Copy Markdown

codecov Bot commented May 11, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.57%. Comparing base (0cf9322) to head (252cf06).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9602      +/-   ##
==========================================
- Coverage   83.34%   79.57%   -3.77%     
==========================================
  Files          89       89              
  Lines       15546    15543       -3     
  Branches     2342     2342              
==========================================
- Hits        12957    12369     -588     
- Misses       1835     2452     +617     
+ Partials      754      722      -32

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ThomasWaldmann ThomasWaldmann force-pushed the argon2-via-openssl32 branch 2 times, most recently from 745ffbd to b06e98b Compare May 11, 2026 20:55
@ThomasWaldmann ThomasWaldmann marked this pull request as draft May 11, 2026 20:55
@ThomasWaldmann
Copy link
Copy Markdown
Member Author

ThomasWaldmann commented May 11, 2026
edited
Loading

Guess we need to wait for:

  • Ubuntu 26.04 github actions runner image
    https://github.com/actions/runner-images#available-images
  • NetBSD 11 via cross-platform-actions would be nice, but it also works with 10.1 and building openssl from source
  • Haiku r1beta6 via c-p-a would be nice, but it also works with r1beta and curling more recent openssl packages

@ThomasWaldmann
temp: remove codeql (we need ubuntu 26.04 for this)
d792911
@ThomasWaldmann
temp: no need for lint
29c5883
@ThomasWaldmann
remove cffi, not needed anymore
2a09a00
@ThomasWaldmann
CI: haiku: fix openssl dependency
de2c4ea 
- haiku r1beta5 has openssl 3.0, install openssl 3.5.6 packages from current master
- let pkg-config find openssl
@ThomasWaldmann ThomasWaldmann force-pushed the argon2-via-openssl32 branch 8 times, most recently from ffe98c5 to 18e786b Compare May 11, 2026 23:02
@ThomasWaldmann ThomasWaldmann force-pushed the argon2-via-openssl32 branch from 18e786b to 252cf06 Compare May 11, 2026 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThomasWaldmann