])
AM_CONDITIONAL(USE_SMACK, test $with_smack != no)
+dnl crypto
+AC_ARG_WITH(crypto,
+AS_HELP_STRING([--with-crypto], [Choose library for checksums, one of glib, openssl, gnutls (default: glib)]),
+:, with_crypto=glib)
+
+AS_IF([test $with_crypto = glib],
+ [],
+ [test $with_crypto = openssl],
+ [with_openssl=yes],
+ [test $with_crypto = gnutls],
+ [],
+ [AC_MSG_ERROR([Invalid --with-crypto $with_crypto])]
+ )
+
dnl begin openssl (really just libcrypto right now)
+dnl Note this option is now deprecated in favor of --with-crypto=openssl
OPENSSL_DEPENDENCY="libcrypto >= 1.0.1"
AC_ARG_WITH(openssl,
-AS_HELP_STRING([--with-openssl], [Enable use of OpenSSL libcrypto (checksums)]),
-:, with_openssl=no)
-
+AS_HELP_STRING([--with-openssl], [Enable use of OpenSSL libcrypto (checksums)]),with_openssl=$withval,with_openssl=no)
AS_IF([ test x$with_openssl != xno ], [
- PKG_CHECK_MODULES(OT_DEP_OPENSSL, $OPENSSL_DEPENDENCY)
+ PKG_CHECK_MODULES(OT_DEP_CRYPTO, $OPENSSL_DEPENDENCY)
AC_DEFINE([HAVE_OPENSSL], 1, [Define if we have openssl])
+ with_crypto=openssl
with_openssl=yes
], [
with_openssl=no
AM_CONDITIONAL(USE_OPENSSL, test $with_openssl != no)
dnl end openssl
+dnl begin gnutls; in contrast to openssl this one only
+dnl supports --with-crypto=gnutls
+GNUTLS_DEPENDENCY="gnutls >= 3.5.0"
+AS_IF([ test $with_crypto = gnutls ], [
+ PKG_CHECK_MODULES(OT_DEP_CRYPTO, $GNUTLS_DEPENDENCY)
+ AC_DEFINE([HAVE_GNUTLS], 1, [Define if we have gnutls])
+ OSTREE_FEATURES="$OSTREE_FEATURES gnutls"
+])
+AM_CONDITIONAL(USE_GNUTLS, test $with_crypto = gnutls)
+dnl end gnutls
+
dnl Avahi dependency for finding repos
AVAHI_DEPENDENCY="avahi-client >= 0.6.31 avahi-glib >= 0.6.31"
HTTP backend: $fetcher_backend
\"ostree trivial-httpd\": $enable_trivial_httpd_cmdline
SELinux: $with_selinux
- OpenSSL libcrypto (checksums): $with_openssl
+ cryptographic checksums: $with_crypto
systemd: $have_libsystemd
libmount: $with_libmount
libarchive (parse tar files directly): $with_libarchive
#include "ot-checksum-instream.h"
#include "ot-checksum-utils.h"
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
#include <openssl/evp.h>
+#elif defined(HAVE_GNUTLS)
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#endif
G_DEFINE_TYPE (OtChecksumInstream, ot_checksum_instream, G_TYPE_FILTER_INPUT_STREAM)
struct _OtChecksumInstreamPrivate {
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
EVP_MD_CTX *checksum;
+#elif defined(HAVE_GNUTLS)
+ gnutls_digest_algorithm_t checksum_type;
+ gnutls_hash_hd_t checksum;
#else
GChecksumType checksum_type;
GChecksum *checksum;
{
OtChecksumInstream *self = (OtChecksumInstream*)object;
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
EVP_MD_CTX_destroy (self->priv->checksum);
+#elif defined(HAVE_GNUTLS)
+ gnutls_hash_deinit (self->priv->checksum, NULL);
#else
g_checksum_free (self->priv->checksum);
#endif
self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, OT_TYPE_CHECKSUM_INSTREAM, OtChecksumInstreamPrivate);
}
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
static const EVP_MD *
gchecksum_type_to_openssl (GChecksumType checksum_type)
{
g_assert_not_reached ();
}
}
+#elif defined(HAVE_GNUTLS)
+static gnutls_digest_algorithm_t
+gchecksum_type_to_gnutls (GChecksumType checksum_type)
+{
+ switch (checksum_type)
+ {
+ case G_CHECKSUM_SHA256:
+ return GNUTLS_DIG_SHA256;
+ default:
+ g_assert_not_reached ();
+ }
+}
#endif
OtChecksumInstream *
/* For now */
g_assert (checksum_type == G_CHECKSUM_SHA256);
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
stream->priv->checksum = EVP_MD_CTX_create ();
g_assert (stream->priv->checksum);
g_assert (EVP_DigestInit_ex (stream->priv->checksum, gchecksum_type_to_openssl (checksum_type), NULL));
+#elif defined(HAVE_GNUTLS)
+ stream->priv->checksum_type = gchecksum_type_to_gnutls (checksum_type);
+ g_assert (!gnutls_hash_init (&stream->priv->checksum, stream->priv->checksum_type));
#else
stream->priv->checksum = g_checksum_new (checksum_type);
stream->priv->checksum_type = checksum_type;
error);
if (res > 0)
{
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
g_assert (EVP_DigestUpdate (self->priv->checksum, buffer, res));
+#elif defined(HAVE_GNUTLS)
+ g_assert (!gnutls_hash (self->priv->checksum, buffer, res));
#else
g_checksum_update (self->priv->checksum, buffer, res);
#endif
guint8 *buffer,
gsize *digest_len)
{
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
unsigned len;
EVP_DigestFinal_ex (stream->priv->checksum, buffer, &len);
if (digest_len)
*digest_len = len;
+#elif defined(HAVE_GNUTLS)
+ gnutls_hash_output (stream->priv->checksum, buffer);
+ if (digest_len)
+ *digest_len = gnutls_hash_get_len (stream->priv->checksum_type);
#else
g_checksum_get_digest (stream->priv->checksum, buffer, digest_len);
#endif
ot_checksum_instream_dup_digest (OtChecksumInstream *stream,
gsize *ret_len)
{
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
guint len;
guchar *ret = g_malloc0 (EVP_MAX_MD_SIZE);
g_assert (EVP_DigestFinal_ex (stream->priv->checksum, ret, &len));
+#elif defined(HAVE_GNUTLS)
+ guint len = gnutls_hash_get_len (stream->priv->checksum_type);
+ guchar *ret = g_malloc0 (len);
+ gnutls_hash_output (stream->priv->checksum, ret);
#else
gsize len = g_checksum_type_get_length (stream->priv->checksum_type);
guchar *ret = g_malloc (len);
char *
ot_checksum_instream_get_string (OtChecksumInstream *stream)
{
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
unsigned len;
guint8 csum[EVP_MAX_MD_SIZE];
g_assert (EVP_DigestFinal_ex (stream->priv->checksum, csum, &len));
char *buf = g_malloc (len * 2 + 1);
ot_bin2hex (buf, (guint8*)csum, len);
return buf;
+#elif defined(HAVE_GNUTLS)
+ gsize len;
+ guint8 *csum = ot_checksum_instream_dup_digest(stream, &len);
+ char *buf = g_malloc0 (len * 2 + 1);
+ ot_bin2hex (buf, csum, len);
+ g_free (csum);
+ return buf;
#else
return g_strdup (g_checksum_get_string (stream->priv->checksum));
#endif
projects / ostree.git / commitdiff