Allow replacing libcrypto with libnettle in pacman

Add a --with-nettle configure option that directs pacman to use the libnettle
hashing functions. Only one of the --with-libssl and --with-nettle configure
options can be specified.

[Allan: rewrote configure check]
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Florian Weigelt 2016-10-11 21:20:11 +10:00 committed by Allan McRae
parent 1f8f0bd9ac
commit 603f087cd7
4 changed files with 64 additions and 17 deletions

View File

@ -120,10 +120,11 @@ AC_ARG_WITH(ldconfig,
[set the full path to ldconfig]), [set the full path to ldconfig]),
[LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig]) [LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig])
# Help line for using OpenSSL # Help line for selecting a crypto library
AC_ARG_WITH(openssl, AC_ARG_WITH(crypto,
AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]), AS_HELP_STRING([--with-crypto={openssl|nettle}],
[], [with_openssl=check]) [select crypto implementation @<:@default=openssl@:>@]),
[with_crypto=$withval], [with_crypto=openssl])
# Help line for using gpgme # Help line for using gpgme
AC_ARG_WITH(gpgme, AC_ARG_WITH(gpgme,
@ -220,19 +221,25 @@ PKG_CHECK_MODULES(LIBARCHIVE, [libarchive >= 2.8.0], ,
# Check for OpenSSL # Check for OpenSSL
have_openssl=no have_openssl=no
if test "x$with_openssl" != "xno"; then have_nettle=no
if test "x$with_crypto" == "xnettle"; then
PKG_CHECK_MODULES(NETTLE, [nettle],
[AC_DEFINE(HAVE_LIBNETTLE, 1, [Define whether to use nettle]) have_nettle=yes], have_nettle=no)
if test "x$have_nettle" = xno -a "x$with_crypto" = xnettle; then
AC_MSG_ERROR([*** nettle support requested but libraries not found])
fi
else if test "x$with_crypto" == "xopenssl"; then
PKG_CHECK_MODULES(LIBSSL, [libcrypto], PKG_CHECK_MODULES(LIBSSL, [libcrypto],
[AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no) [AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no)
if test "x$have_openssl" = xno -a "x$with_openssl" = xyes; then if test "x$have_openssl" = xno; then
AC_MSG_ERROR([*** openssl support requested but libraries not found]) AC_MSG_ERROR([*** openssl support requested but libraries not found])
fi fi
else
AC_MSG_ERROR([*** unknown crypto support library requested - $with_crypto])
fi
fi fi
AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"]) AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
AM_CONDITIONAL(HAVE_LIBNETTLE, [test "$have_nettle" = "yes"])
# Ensure one library for generating checksums is present
if test "$have_openssl" != "yes"; then
AC_MSG_ERROR([*** no library for checksum generation found])
fi
# Check for libcurl # Check for libcurl
have_libcurl=no have_libcurl=no
@ -542,7 +549,7 @@ ${PACKAGE_NAME}:
compiler : ${CC} compiler : ${CC}
preprocessor flags : ${CPPFLAGS} preprocessor flags : ${CPPFLAGS}
compiler flags : ${WARNING_CFLAGS} ${CFLAGS} compiler flags : ${WARNING_CFLAGS} ${CFLAGS}
library flags : ${LIBS} ${LIBSSL_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS} library flags : ${LIBS} ${LIBSSL_LIBS} ${NETTLE_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
linker flags : ${LDFLAGS} linker flags : ${LDFLAGS}
Architecture : ${CARCH} Architecture : ${CARCH}
@ -569,6 +576,7 @@ ${PACKAGE_NAME}:
Use libcurl : ${have_libcurl} Use libcurl : ${have_libcurl}
Use GPGME : ${have_gpgme} Use GPGME : ${have_gpgme}
Use OpenSSL : ${have_openssl} Use OpenSSL : ${have_openssl}
Use nettle : ${have_nettle}
Run make in doc/ dir : ${wantdoc} ${asciidoc} Run make in doc/ dir : ${wantdoc} ${asciidoc}
Doxygen support : ${usedoxygen} Doxygen support : ${usedoxygen}
debug support : ${debug} debug support : ${debug}

View File

@ -65,13 +65,15 @@ libalpm_la_CFLAGS = \
$(GPGME_CFLAGS) \ $(GPGME_CFLAGS) \
$(LIBARCHIVE_CFLAGS) \ $(LIBARCHIVE_CFLAGS) \
$(LIBCURL_CFLAGS) \ $(LIBCURL_CFLAGS) \
$(LIBSSL_CFLAGS) $(LIBSSL_CFLAGS) \
$(NETTLE_CFLAGS)
libalpm_la_LIBADD = \ libalpm_la_LIBADD = \
$(LTLIBINTL) \ $(LTLIBINTL) \
$(GPGME_LIBS) \ $(GPGME_LIBS) \
$(LIBARCHIVE_LIBS) \ $(LIBARCHIVE_LIBS) \
$(LIBCURL_LIBS) \ $(LIBCURL_LIBS) \
$(LIBSSL_LIBS) $(LIBSSL_LIBS) \
$(NETTLE_LIBS)
# vim:set noet: # vim:set noet:

View File

@ -9,4 +9,4 @@ URL: http://www.archlinux.org/pacman/
Version: @LIB_VERSION@ Version: @LIB_VERSION@
Cflags: -I${includedir} @LFS_CFLAGS@ Cflags: -I${includedir} @LFS_CFLAGS@
Libs: -L${libdir} -lalpm Libs: -L${libdir} -lalpm
Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@ Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @NETTLE_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@

View File

@ -42,6 +42,11 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#endif #endif
#ifdef HAVE_LIBNETTLE
#include <nettle/md5.h>
#include <nettle/sha2.h>
#endif
/* libalpm */ /* libalpm */
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
@ -856,7 +861,7 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
return cachedir; return cachedir;
} }
#ifdef HAVE_LIBSSL #if defined HAVE_LIBSSL || defined HAVE_LIBNETTLE
/** Compute the MD5 message digest of a file. /** Compute the MD5 message digest of a file.
* @param path file path of file to compute MD5 digest of * @param path file path of file to compute MD5 digest of
* @param output string to hold computed MD5 digest * @param output string to hold computed MD5 digest
@ -864,7 +869,11 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
*/ */
static int md5_file(const char *path, unsigned char output[16]) static int md5_file(const char *path, unsigned char output[16])
{ {
#if HAVE_LIBSSL
MD5_CTX ctx; MD5_CTX ctx;
#else /* HAVE_LIBNETTLE */
struct md5_ctx ctx;
#endif
unsigned char *buf; unsigned char *buf;
ssize_t n; ssize_t n;
int fd; int fd;
@ -877,13 +886,21 @@ static int md5_file(const char *path, unsigned char output[16])
return 1; return 1;
} }
#if HAVE_LIBSSL
MD5_Init(&ctx); MD5_Init(&ctx);
#else /* HAVE_LIBNETTLE */
md5_init(&ctx);
#endif
while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) { while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
if(n < 0) { if(n < 0) {
continue; continue;
} }
#if HAVE_LIBSSL
MD5_Update(&ctx, buf, n); MD5_Update(&ctx, buf, n);
#else /* HAVE_LIBNETTLE */
md5_update(&ctx, n, buf);
#endif
} }
close(fd); close(fd);
@ -893,7 +910,11 @@ static int md5_file(const char *path, unsigned char output[16])
return 2; return 2;
} }
#if HAVE_LIBSSL
MD5_Final(output, &ctx); MD5_Final(output, &ctx);
#else /* HAVE_LIBNETTLE */
md5_digest(&ctx, MD5_DIGEST_SIZE, output);
#endif
return 0; return 0;
} }
@ -904,7 +925,11 @@ static int md5_file(const char *path, unsigned char output[16])
*/ */
static int sha256_file(const char *path, unsigned char output[32]) static int sha256_file(const char *path, unsigned char output[32])
{ {
#if HAVE_LIBSSL
SHA256_CTX ctx; SHA256_CTX ctx;
#else /* HAVE_LIBNETTLE */
struct sha256_ctx ctx;
#endif
unsigned char *buf; unsigned char *buf;
ssize_t n; ssize_t n;
int fd; int fd;
@ -917,13 +942,21 @@ static int sha256_file(const char *path, unsigned char output[32])
return 1; return 1;
} }
#if HAVE_LIBSSL
SHA256_Init(&ctx); SHA256_Init(&ctx);
#else /* HAVE_LIBNETTLE */
sha256_init(&ctx);
#endif
while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) { while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
if(n < 0) { if(n < 0) {
continue; continue;
} }
#if HAVE_LIBSSL
SHA256_Update(&ctx, buf, n); SHA256_Update(&ctx, buf, n);
#else /* HAVE_LIBNETTLE */
sha256_update(&ctx, n, buf);
#endif
} }
close(fd); close(fd);
@ -933,10 +966,14 @@ static int sha256_file(const char *path, unsigned char output[32])
return 2; return 2;
} }
#if HAVE_LIBSSL
SHA256_Final(output, &ctx); SHA256_Final(output, &ctx);
#else /* HAVE_LIBNETTLE */
sha256_digest(&ctx, SHA256_DIGEST_SIZE, output);
#endif
return 0; return 0;
} }
#endif #endif /* HAVE_LIBSSL || HAVE_LIBNETTLE */
/** Create a string representing bytes in hexadecimal. /** Create a string representing bytes in hexadecimal.
* @param bytes the bytes to represent in hexadecimal * @param bytes the bytes to represent in hexadecimal