[pacman-dev] [PATCH v2] Allow replacing libcrypto with libnettle in pacman
Allan McRae
allan at archlinux.org
Wed Oct 12 10:34:00 UTC 2016
From: Florian Weigelt <weigelt.florian at gmx.net>
Add a --with-nettle configure option that directs pacman to use the libnettle
hashing functions. Only one of the --with-libssl and --with-nettle configure
options can be specified.
[Allan: rewrote configure check]
Signed-off-by: Allan McRae <allan at archlinux.org>
---
v2:
- add correct author
- rewrite configure check. Now select crypto library with:
--with-crypto={openssl|nettle}
select crypto implementation [default=openssl]
configure.ac | 32 ++++++++++++++++++++------------
lib/libalpm/Makefile.am | 6 ++++--
lib/libalpm/libalpm.pc.in | 2 +-
lib/libalpm/util.c | 41 +++++++++++++++++++++++++++++++++++++++--
4 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/configure.ac b/configure.ac
index f6b87e5..1991be6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,10 +120,11 @@ AC_ARG_WITH(ldconfig,
[set the full path to ldconfig]),
[LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig])
-# Help line for using OpenSSL
-AC_ARG_WITH(openssl,
- AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]),
- [], [with_openssl=check])
+# Help line for selecting a crypto library
+AC_ARG_WITH(crypto,
+ AS_HELP_STRING([--with-crypto={openssl|nettle}],
+ [select crypto implementation @<:@default=openssl@:>@]),
+ [with_crypto=$withval], [with_crypto=openssl])
# Help line for using gpgme
AC_ARG_WITH(gpgme,
@@ -220,19 +221,25 @@ PKG_CHECK_MODULES(LIBARCHIVE, [libarchive >= 2.8.0], ,
# Check for OpenSSL
have_openssl=no
-if test "x$with_openssl" != "xno"; then
+have_nettle=no
+if test "x$with_crypto" == "xnettle"; then
+ PKG_CHECK_MODULES(NETTLE, [nettle],
+ [AC_DEFINE(HAVE_LIBNETTLE, 1, [Define whether to use nettle]) have_nettle=yes], have_nettle=no)
+ if test "x$have_nettle" = xno -a "x$with_crypto" = xnettle; then
+ AC_MSG_ERROR([*** nettle support requested but libraries not found])
+ fi
+else if test "x$with_crypto" == "xopenssl"; then
PKG_CHECK_MODULES(LIBSSL, [libcrypto],
[AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no)
- if test "x$have_openssl" = xno -a "x$with_openssl" = xyes; then
+ if test "x$have_openssl" = xno; then
AC_MSG_ERROR([*** openssl support requested but libraries not found])
fi
+else
+ AC_MSG_ERROR([*** unknown crypto support library requested - $with_crypto])
fi
-AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
-
-# Ensure one library for generating checksums is present
-if test "$have_openssl" != "yes"; then
- AC_MSG_ERROR([*** no library for checksum generation found])
fi
+AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
+AM_CONDITIONAL(HAVE_LIBNETTLE, [test "$have_nettle" = "yes"])
# Check for libcurl
have_libcurl=no
@@ -542,7 +549,7 @@ ${PACKAGE_NAME}:
compiler : ${CC}
preprocessor flags : ${CPPFLAGS}
compiler flags : ${WARNING_CFLAGS} ${CFLAGS}
- library flags : ${LIBS} ${LIBSSL_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
+ library flags : ${LIBS} ${LIBSSL_LIBS} ${NETTLE_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
linker flags : ${LDFLAGS}
Architecture : ${CARCH}
@@ -569,6 +576,7 @@ ${PACKAGE_NAME}:
Use libcurl : ${have_libcurl}
Use GPGME : ${have_gpgme}
Use OpenSSL : ${have_openssl}
+ Use nettle : ${have_nettle}
Run make in doc/ dir : ${wantdoc} ${asciidoc}
Doxygen support : ${usedoxygen}
debug support : ${debug}
diff --git a/lib/libalpm/Makefile.am b/lib/libalpm/Makefile.am
index 945a612..f4f20e6 100644
--- a/lib/libalpm/Makefile.am
+++ b/lib/libalpm/Makefile.am
@@ -65,13 +65,15 @@ libalpm_la_CFLAGS = \
$(GPGME_CFLAGS) \
$(LIBARCHIVE_CFLAGS) \
$(LIBCURL_CFLAGS) \
- $(LIBSSL_CFLAGS)
+ $(LIBSSL_CFLAGS) \
+ $(NETTLE_CFLAGS)
libalpm_la_LIBADD = \
$(LTLIBINTL) \
$(GPGME_LIBS) \
$(LIBARCHIVE_LIBS) \
$(LIBCURL_LIBS) \
- $(LIBSSL_LIBS)
+ $(LIBSSL_LIBS) \
+ $(NETTLE_LIBS)
# vim:set noet:
diff --git a/lib/libalpm/libalpm.pc.in b/lib/libalpm/libalpm.pc.in
index e4be174..e1d74ef 100644
--- a/lib/libalpm/libalpm.pc.in
+++ b/lib/libalpm/libalpm.pc.in
@@ -9,4 +9,4 @@ URL: http://www.archlinux.org/pacman/
Version: @LIB_VERSION@
Cflags: -I${includedir} @LFS_CFLAGS@
Libs: -L${libdir} -lalpm
-Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@
+Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @NETTLE_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@
diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index 7ef4bf3..d0b9097 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -42,6 +42,11 @@
#include <openssl/sha.h>
#endif
+#ifdef HAVE_LIBNETTLE
+#include <nettle/md5.h>
+#include <nettle/sha2.h>
+#endif
+
/* libalpm */
#include "util.h"
#include "log.h"
@@ -856,7 +861,7 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
return cachedir;
}
-#ifdef HAVE_LIBSSL
+#if defined HAVE_LIBSSL || defined HAVE_LIBNETTLE
/** Compute the MD5 message digest of a file.
* @param path file path of file to compute MD5 digest of
* @param output string to hold computed MD5 digest
@@ -864,7 +869,11 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
*/
static int md5_file(const char *path, unsigned char output[16])
{
+#if HAVE_LIBSSL
MD5_CTX ctx;
+#else /* HAVE_LIBNETTLE */
+ struct md5_ctx ctx;
+#endif
unsigned char *buf;
ssize_t n;
int fd;
@@ -877,13 +886,21 @@ static int md5_file(const char *path, unsigned char output[16])
return 1;
}
+#if HAVE_LIBSSL
MD5_Init(&ctx);
+#else /* HAVE_LIBNETTLE */
+ md5_init(&ctx);
+#endif
while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
if(n < 0) {
continue;
}
+#if HAVE_LIBSSL
MD5_Update(&ctx, buf, n);
+#else /* HAVE_LIBNETTLE */
+ md5_update(&ctx, n, buf);
+#endif
}
close(fd);
@@ -893,7 +910,11 @@ static int md5_file(const char *path, unsigned char output[16])
return 2;
}
+#if HAVE_LIBSSL
MD5_Final(output, &ctx);
+#else /* HAVE_LIBNETTLE */
+ md5_digest(&ctx, MD5_DIGEST_SIZE, output);
+#endif
return 0;
}
@@ -904,7 +925,11 @@ static int md5_file(const char *path, unsigned char output[16])
*/
static int sha256_file(const char *path, unsigned char output[32])
{
+#if HAVE_LIBSSL
SHA256_CTX ctx;
+#else /* HAVE_LIBNETTLE */
+ struct sha256_ctx ctx;
+#endif
unsigned char *buf;
ssize_t n;
int fd;
@@ -917,13 +942,21 @@ static int sha256_file(const char *path, unsigned char output[32])
return 1;
}
+#if HAVE_LIBSSL
SHA256_Init(&ctx);
+#else /* HAVE_LIBNETTLE */
+ sha256_init(&ctx);
+#endif
while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
if(n < 0) {
continue;
}
+#if HAVE_LIBSSL
SHA256_Update(&ctx, buf, n);
+#else /* HAVE_LIBNETTLE */
+ sha256_update(&ctx, n, buf);
+#endif
}
close(fd);
@@ -933,10 +966,14 @@ static int sha256_file(const char *path, unsigned char output[32])
return 2;
}
+#if HAVE_LIBSSL
SHA256_Final(output, &ctx);
+#else /* HAVE_LIBNETTLE */
+ sha256_digest(&ctx, SHA256_DIGEST_SIZE, output);
+#endif
return 0;
}
-#endif
+#endif /* HAVE_LIBSSL || HAVE_LIBNETTLE */
/** Create a string representing bytes in hexadecimal.
* @param bytes the bytes to represent in hexadecimal
--
2.10.0
More information about the pacman-dev
mailing list