diff --git a/meson.build b/meson.build index b0054b66672..dee05b6017b 100644 --- a/meson.build +++ b/meson.build @@ -1523,6 +1523,18 @@ else endif conf.set10('ENABLE_REPART', have) +# We support one or the other. If gcrypt is available, we assume it's there to +# be used, and use it in preference. +opt = get_option('cryptolib') +if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0 + error('openssl requested as the default cryptolib, but not available') +endif +conf.set10('PREFER_OPENSSL', + opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0)) +conf.set10('HAVE_OPENSSL_OR_GCRYPT', + conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1) +lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt + want_importd = get_option('importd') if want_importd != 'false' have = (conf.get('HAVE_LIBCURL') == 1 and @@ -4023,6 +4035,14 @@ else found += 'static-libudev(@0@)'.format(static_libudev) endif +if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1 + found += 'cryptolib(openssl)' +elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 + found += 'cryptolib(gcrypt)' +else + missing += 'cryptolib' +endif + if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1 found += 'DNS-over-TLS(gnutls)' elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1 diff --git a/meson_options.txt b/meson_options.txt index 1e91bf1fd2b..0d3491a56c7 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -380,6 +380,8 @@ option('gnutls', type : 'combo', choices : ['auto', 'true', 'false'], description : 'gnutls support') option('openssl', type : 'combo', choices : ['auto', 'true', 'false'], description : 'openssl support') +option('cryptolib', type : 'combo', choices : ['auto', 'openssl', 'gcrypt'], + description : 'whether to use openssl or gcrypt where both are supported') option('p11kit', type : 'combo', choices : ['auto', 'true', 'false'], description : 'p11kit support') option('libfido2', type : 'combo', choices : ['auto', 'true', 'false'], diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h index 5840d57d165..eca56d1729d 100644 --- a/src/shared/openssl-util.h +++ b/src/shared/openssl-util.h @@ -5,6 +5,8 @@ #if HAVE_OPENSSL # include +# include +# include # include # include # include @@ -13,7 +15,15 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL); @@ -29,5 +39,24 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) { int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size); - +#endif + +#if PREFER_OPENSSL +/* The openssl definition */ +typedef const EVP_MD* hash_md_t; +typedef const EVP_MD* hash_algorithm_t; +typedef int elliptic_curve_t; +typedef EVP_MD_CTX* hash_context_t; +# define OPENSSL_OR_GCRYPT(a, b) (a) + +#elif HAVE_GCRYPT + +# include + +/* The gcrypt definition */ +typedef int hash_md_t; +typedef const char* hash_algorithm_t; +typedef const char* elliptic_curve_t; +typedef gcry_md_hd_t hash_context_t; +# define OPENSSL_OR_GCRYPT(a, b) (b) #endif