[pacman-dev] [PATCH v2] Allow replacing libcrypto with libnettle in pacman

Allan McRae allan at archlinux.org
Wed Oct 12 10:34:00 UTC 2016 

From: Florian Weigelt <weigelt.florian at gmx.net>

Add a --with-nettle configure option that directs pacman to use the libnettle
hashing functions. Only one of the --with-libssl and --with-nettle configure
options can be specified.

[Allan: rewrote configure check]
Signed-off-by: Allan McRae <allan at archlinux.org>
---

v2:
 - add correct author
 - rewrite configure check.  Now select crypto library with:

  --with-crypto={openssl|nettle}
                          select crypto implementation [default=openssl]


 configure.ac              | 32 ++++++++++++++++++++------------
 lib/libalpm/Makefile.am   |  6 ++++--
 lib/libalpm/libalpm.pc.in |  2 +-
 lib/libalpm/util.c        | 41 +++++++++++++++++++++++++++++++++++++++--
 4 files changed, 64 insertions(+), 17 deletions(-)

diff --git a/configure.ac b/configure.ac
index f6b87e5..1991be6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,10 +120,11 @@ AC_ARG_WITH(ldconfig,
 		[set the full path to ldconfig]),
 	[LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig])
 
-# Help line for using OpenSSL
-AC_ARG_WITH(openssl,
-	AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]),
-	[], [with_openssl=check])
+# Help line for selecting a crypto library
+AC_ARG_WITH(crypto,
+	AS_HELP_STRING([--with-crypto={openssl|nettle}],
+		[select crypto implementation @<:@default=openssl@:>@]),
+	[with_crypto=$withval], [with_crypto=openssl])
 
 # Help line for using gpgme
 AC_ARG_WITH(gpgme,
@@ -220,19 +221,25 @@ PKG_CHECK_MODULES(LIBARCHIVE, [libarchive >= 2.8.0], ,
 
 # Check for OpenSSL
 have_openssl=no
-if test "x$with_openssl" != "xno"; then
+have_nettle=no
+if test "x$with_crypto" == "xnettle"; then
+	PKG_CHECK_MODULES(NETTLE, [nettle],
+		[AC_DEFINE(HAVE_LIBNETTLE, 1, [Define whether to use nettle]) have_nettle=yes], have_nettle=no)
+	if test "x$have_nettle" = xno -a "x$with_crypto" = xnettle; then
+		AC_MSG_ERROR([*** nettle support requested but libraries not found])
+	fi
+else if test "x$with_crypto" == "xopenssl"; then
 	PKG_CHECK_MODULES(LIBSSL, [libcrypto],
 		[AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no)
-	if test "x$have_openssl" = xno -a "x$with_openssl" = xyes; then
+	if test "x$have_openssl" = xno; then
 		AC_MSG_ERROR([*** openssl support requested but libraries not found])
 	fi
+else
+	AC_MSG_ERROR([*** unknown crypto support library requested - $with_crypto])
 fi
-AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
-
-# Ensure one library for generating checksums is present
-if test "$have_openssl" != "yes"; then
-	AC_MSG_ERROR([*** no library for checksum generation found])
 fi
+AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
+AM_CONDITIONAL(HAVE_LIBNETTLE, [test "$have_nettle" = "yes"])
 
 # Check for libcurl
 have_libcurl=no
@@ -542,7 +549,7 @@ ${PACKAGE_NAME}:
     compiler               : ${CC}
     preprocessor flags     : ${CPPFLAGS}
     compiler flags         : ${WARNING_CFLAGS} ${CFLAGS}
-    library flags          : ${LIBS} ${LIBSSL_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
+    library flags          : ${LIBS} ${LIBSSL_LIBS} ${NETTLE_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
     linker flags           : ${LDFLAGS}
 
     Architecture           : ${CARCH}
@@ -569,6 +576,7 @@ ${PACKAGE_NAME}:
     Use libcurl            : ${have_libcurl}
     Use GPGME              : ${have_gpgme}
     Use OpenSSL            : ${have_openssl}
+    Use nettle             : ${have_nettle}
     Run make in doc/ dir   : ${wantdoc} ${asciidoc}
     Doxygen support        : ${usedoxygen}
     debug support          : ${debug}
diff --git a/lib/libalpm/Makefile.am b/lib/libalpm/Makefile.am
index 945a612..f4f20e6 100644
--- a/lib/libalpm/Makefile.am
+++ b/lib/libalpm/Makefile.am
@@ -65,13 +65,15 @@ libalpm_la_CFLAGS = \
 	$(GPGME_CFLAGS) \
 	$(LIBARCHIVE_CFLAGS) \
 	$(LIBCURL_CFLAGS) \
-	$(LIBSSL_CFLAGS)
+	$(LIBSSL_CFLAGS) \
+	$(NETTLE_CFLAGS)
 
 libalpm_la_LIBADD = \
 	$(LTLIBINTL) \
 	$(GPGME_LIBS) \
 	$(LIBARCHIVE_LIBS) \
 	$(LIBCURL_LIBS) \
-	$(LIBSSL_LIBS)
+	$(LIBSSL_LIBS) \
+	$(NETTLE_LIBS)
 
 # vim:set noet:
diff --git a/lib/libalpm/libalpm.pc.in b/lib/libalpm/libalpm.pc.in
index e4be174..e1d74ef 100644
--- a/lib/libalpm/libalpm.pc.in
+++ b/lib/libalpm/libalpm.pc.in
@@ -9,4 +9,4 @@ URL: http://www.archlinux.org/pacman/
 Version: @LIB_VERSION@
 Cflags: -I${includedir} @LFS_CFLAGS@
 Libs: -L${libdir} -lalpm
-Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@
+Libs.private: @LIBS@ @LIBARCHIVE_LIBS@ @LIBSSL_LIBS@ @NETTLE_LIBS@ @LIBCURL_LIBS@ @GPGME_LIBS@
diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index 7ef4bf3..d0b9097 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -42,6 +42,11 @@
 #include <openssl/sha.h>
 #endif
 
+#ifdef HAVE_LIBNETTLE
+#include <nettle/md5.h>
+#include <nettle/sha2.h>
+#endif
+
 /* libalpm */
 #include "util.h"
 #include "log.h"
@@ -856,7 +861,7 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
 	return cachedir;
 }
 
-#ifdef HAVE_LIBSSL
+#if defined  HAVE_LIBSSL || defined HAVE_LIBNETTLE
 /** Compute the MD5 message digest of a file.
  * @param path file path of file to compute  MD5 digest of
  * @param output string to hold computed MD5 digest
@@ -864,7 +869,11 @@ const char *_alpm_filecache_setup(alpm_handle_t *handle)
  */
 static int md5_file(const char *path, unsigned char output[16])
 {
+#if HAVE_LIBSSL
 	MD5_CTX ctx;
+#else /* HAVE_LIBNETTLE */
+	struct md5_ctx ctx;
+#endif
 	unsigned char *buf;
 	ssize_t n;
 	int fd;
@@ -877,13 +886,21 @@ static int md5_file(const char *path, unsigned char output[16])
 		return 1;
 	}
 
+#if HAVE_LIBSSL
 	MD5_Init(&ctx);
+#else /* HAVE_LIBNETTLE */
+	md5_init(&ctx);
+#endif
 
 	while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
 		if(n < 0) {
 			continue;
 		}
+#if HAVE_LIBSSL
 		MD5_Update(&ctx, buf, n);
+#else /* HAVE_LIBNETTLE */
+		md5_update(&ctx, n, buf);
+#endif
 	}
 
 	close(fd);
@@ -893,7 +910,11 @@ static int md5_file(const char *path, unsigned char output[16])
 		return 2;
 	}
 
+#if HAVE_LIBSSL
 	MD5_Final(output, &ctx);
+#else /* HAVE_LIBNETTLE */
+	md5_digest(&ctx, MD5_DIGEST_SIZE, output);
+#endif
 	return 0;
 }
 
@@ -904,7 +925,11 @@ static int md5_file(const char *path, unsigned char output[16])
  */
 static int sha256_file(const char *path, unsigned char output[32])
 {
+#if HAVE_LIBSSL
 	SHA256_CTX ctx;
+#else /* HAVE_LIBNETTLE */
+	struct sha256_ctx ctx;
+#endif
 	unsigned char *buf;
 	ssize_t n;
 	int fd;
@@ -917,13 +942,21 @@ static int sha256_file(const char *path, unsigned char output[32])
 		return 1;
 	}
 
+#if HAVE_LIBSSL
 	SHA256_Init(&ctx);
+#else /* HAVE_LIBNETTLE */
+	sha256_init(&ctx);
+#endif
 
 	while((n = read(fd, buf, ALPM_BUFFER_SIZE)) > 0 || errno == EINTR) {
 		if(n < 0) {
 			continue;
 		}
+#if HAVE_LIBSSL
 		SHA256_Update(&ctx, buf, n);
+#else /* HAVE_LIBNETTLE */
+		sha256_update(&ctx, n, buf);
+#endif
 	}
 
 	close(fd);
@@ -933,10 +966,14 @@ static int sha256_file(const char *path, unsigned char output[32])
 		return 2;
 	}
 
+#if HAVE_LIBSSL
 	SHA256_Final(output, &ctx);
+#else /* HAVE_LIBNETTLE */
+	sha256_digest(&ctx, SHA256_DIGEST_SIZE, output);
+#endif
 	return 0;
 }
-#endif
+#endif /* HAVE_LIBSSL || HAVE_LIBNETTLE */
 
 /** Create a string representing bytes in hexadecimal.
  * @param bytes the bytes to represent in hexadecimal
-- 
2.10.0

More information about the pacman-dev mailing list