diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-10 14:28:15 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-10 15:05:14 +0200 |
commit | 46ac3fcb39483799946c606328e1006e92763a81 (patch) | |
tree | fc8b0a4fbc37f9be51d4dae4044c27b43e93c391 | |
parent | 86c0afcdb4329f54c8a7992b323611bdf3203ff0 (diff) | |
download | p11-kit-46ac3fcb39483799946c606328e1006e92763a81.tar.gz |
Add support for using freebl3 for SHA1 and MD5 hashing
-rw-r--r-- | common/hash.c | 90 | ||||
-rw-r--r-- | common/tests/Makefile.am | 1 | ||||
-rw-r--r-- | configure.ac | 33 | ||||
-rw-r--r-- | doc/manual/p11-kit-devel.xml | 7 | ||||
-rw-r--r-- | p11-kit/Makefile.am | 1 | ||||
-rw-r--r-- | p11-kit/tests/Makefile.am | 1 | ||||
-rw-r--r-- | tools/Makefile.am | 3 | ||||
-rw-r--r-- | tools/tests/Makefile.am | 1 | ||||
-rw-r--r-- | trust/Makefile.am | 1 | ||||
-rw-r--r-- | trust/tests/Makefile.am | 5 |
10 files changed, 141 insertions, 2 deletions
diff --git a/common/hash.c b/common/hash.c index 9fe3668..f6000c3 100644 --- a/common/hash.c +++ b/common/hash.c @@ -39,6 +39,42 @@ #include <stdint.h> #include <string.h> +#ifdef WITH_FREEBL + +/* + * NSS freebl3 has awkward headers not provided by appropriate packages + * in many cases. So put these defines here inline. freebl3 seems completely + * undocumented anyway. If you think this is a hack, then you guessed right. + * + * If you want a stable p11-kit without worries, use the builtin SHA1 and MD5 + * implementations. They're not used for crypto anyway. If you need p11-kit to + * tick the "doesn't implement own crypto" checkbox, then the you're signing + * up for this hack. + */ + +typedef enum { + HASH_AlgMD5 = 2, + HASH_AlgSHA1 = 3, +} HASH_HashType; + +typedef struct NSSLOWInitContextStr NSSLOWInitContext; +typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; + +NSSLOWInitContext *NSSLOW_Init(void); +NSSLOWHASHContext *NSSLOWHASH_NewContext( + NSSLOWInitContext *initContext, + HASH_HashType hashType); +void NSSLOWHASH_Begin(NSSLOWHASHContext *context); +void NSSLOWHASH_Update(NSSLOWHASHContext *context, + const unsigned char *buf, + unsigned int len); +void NSSLOWHASH_End(NSSLOWHASHContext *context, + unsigned char *buf, + unsigned int *ret, unsigned int len); +void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); + +#endif /* WITH_FREEBL3 */ + #define SHA1_BLOCK_LENGTH 64U typedef struct { @@ -251,6 +287,38 @@ sha1_final (sha1_t *context, memset (context, 0, sizeof (sha1_t)); } +#ifdef WITH_FREEBL + +static bool +nss_slow_hash (HASH_HashType type, + unsigned char *hash, + unsigned int hash_len, + const void *input, + size_t length, + va_list va) +{ + NSSLOWHASHContext *ctx; + unsigned int len; + + ctx = NSSLOWHASH_NewContext(NSSLOW_Init (), type); + if (ctx == NULL) + return false; + + NSSLOWHASH_Begin (ctx); + while (input != NULL) { + NSSLOWHASH_Update (ctx, input, length); + input = va_arg (va, const void *); + if (input) + length = va_arg (va, size_t); + } + NSSLOWHASH_End (ctx, hash, &len, hash_len); + assert (len == hash_len); + NSSLOWHASH_Destroy (ctx); + return true; +} + +#endif /* WITH_FREEBL */ + void p11_hash_sha1 (unsigned char *hash, const void *input, @@ -260,6 +328,17 @@ p11_hash_sha1 (unsigned char *hash, va_list va; sha1_t sha1; +#ifdef WITH_FREEBL + bool ret; + + va_start (va, length); + ret = nss_slow_hash (HASH_AlgSHA1, hash, P11_HASH_SHA1_LEN, input, length, va); + va_end (va); + + if (ret) + return; +#endif + sha1_init (&sha1); va_start (va, length); @@ -526,6 +605,17 @@ p11_hash_md5 (unsigned char *hash, va_list va; md5_t md5; +#ifdef WITH_FREEBL + bool ret; + + va_start (va, length); + ret = nss_slow_hash (HASH_AlgMD5, hash, P11_HASH_MD5_LEN, input, length, va); + va_end (va); + + if (ret) + return; +#endif + md5_init (&md5); va_start (va, length); diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am index 6959c4f..15dd35c 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -62,4 +62,5 @@ TESTS = $(CHECK_PROGS) LDADD += \ $(top_builddir)/common/libp11-common.la \ + $(HASH_LIBS) \ $(CUTEST_LIBS) diff --git a/configure.ac b/configure.ac index 298fb10..33ec808 100644 --- a/configure.ac +++ b/configure.ac @@ -156,6 +156,38 @@ AS_IF([test "$with_libtasn1" != "no"], [ AM_CONDITIONAL(WITH_ASN1, test "$with_libtasn1" = "yes") # -------------------------------------------------------------------- +# Hash implementation + +AC_ARG_WITH([hash-impl], + AS_HELP_STRING([--with-hash-impl=@<:@freebl/internal@:>@], + [Choose the hash implementation to use]) +) + +AS_IF([test "$with_hash_impl" = ""], [with_hash_impl=internal]) + +AS_CASE([$with_hash_impl], + [freebl], [ + AC_CHECK_LIB(freebl3, NSSLOW_Init, + [ + HASH_LIBS=-lfreebl3 + AC_DEFINE_UNQUOTED(WITH_FREEBL, 1, [Use freebl for hash implementation]) + ], + AC_MSG_ERROR([could not find the freebl3 library]) + ) + ], + + [internal], [ + HASH_LIBS= + ], + + [ + AC_MSG_ERROR([unsupported hash impl: $with_hash_impl]) + ] +) + +AC_SUBST(HASH_LIBS) + +# -------------------------------------------------------------------- # Trust Module AC_ARG_ENABLE([trust-module], @@ -454,6 +486,7 @@ AC_MSG_NOTICE([build options: Load relative module paths from: $p11_module_path With libtasn1 dependency: $with_libtasn1 + With hash implementation: $with_hash_impl Build trust module: $enable_trust_module Trust module paths: $trust_status diff --git a/doc/manual/p11-kit-devel.xml b/doc/manual/p11-kit-devel.xml index 96db868..42c438c 100644 --- a/doc/manual/p11-kit-devel.xml +++ b/doc/manual/p11-kit-devel.xml @@ -194,6 +194,13 @@ $ make install compiler warnings become errors.</para></listitem> </varlistentry> <varlistentry> + <term><option>--with-hash-impl=freebl</option></term> + <listitem><para>Instead of using internal hash code, link to the freebl3 + library and use its hash implementations. The only advantage this brings is to + meet the policy requirements of system builders.</para> + </listitem> + </varlistentry> + <varlistentry> <term><option>--with-libtasn1</option>, <option>--without-libtasn1</option></term> <listitem><para>Build with a dependency on the libtasn1 library. This dependency allows the trust policy module to be built as well as other code that interacts with diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index 1ab3b3d..5469ef5 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -57,6 +57,7 @@ libp11_kit_la_LIBADD = \ $(LTLIBINTL) \ $(top_builddir)/common/libp11-common.la \ $(top_builddir)/common/libp11-library.la \ + $(HASH_LIBS) \ $(NULL) noinst_LTLIBRARIES = \ diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am index c7b87ae..0c53c55 100644 --- a/p11-kit/tests/Makefile.am +++ b/p11-kit/tests/Makefile.am @@ -14,6 +14,7 @@ LDADD = \ $(top_builddir)/common/libp11-mock.la \ $(top_builddir)/common/libp11-common.la \ $(CUTEST_LIBS) \ + $(HASH_LIBS) \ $(LTLIBINTL) CHECK_PROGS = \ diff --git a/tools/Makefile.am b/tools/Makefile.am index 5e48149..02b52e6 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -35,7 +35,8 @@ if WITH_ASN1 p11_kit_LDADD += \ $(top_builddir)/common/libp11-data.la \ - $(LIBTASN1_LIBS) + $(LIBTASN1_LIBS) \ + $(HASH_LIBS) p11_kit_CFLAGS += \ $(LIBTASN1_CFLAGS) diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am index f6609ec..ad06446 100644 --- a/tools/tests/Makefile.am +++ b/tools/tests/Makefile.am @@ -29,6 +29,7 @@ LDADD = \ $(LIBTASN1_LIBS) \ $(LTLIBINTL) \ $(CUTEST_LIBS) \ + $(HASH_LIBS) \ $(NULL) noinst_LTLIBRARIES = \ diff --git a/trust/Makefile.am b/trust/Makefile.am index 875c8c4..1aa6cb5 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -38,6 +38,7 @@ p11_kit_trust_la_LIBADD = \ $(top_builddir)/common/libp11-library.la \ $(top_builddir)/common/libp11-common.la \ $(LIBTASN1_LIBS) \ + $(HASH_LIBS) \ $(NULL) p11_kit_trust_la_LDFLAGS = \ diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am index 90b9fb5..34ff06e 100644 --- a/trust/tests/Makefile.am +++ b/trust/tests/Makefile.am @@ -23,6 +23,7 @@ LDADD = \ $(builddir)/libtestdata.la \ $(LIBTASN1_LIBS) \ $(CUTEST_LIBS) \ + $(HASH_LIBS) \ $(NULL) CHECK_PROGS = \ @@ -42,7 +43,9 @@ noinst_PROGRAMS = \ frob_nss_trust_LDADD = \ $(top_builddir)/common/libp11-common.la \ - $(top_builddir)/p11-kit/libp11-kit.la + $(top_builddir)/p11-kit/libp11-kit.la \ + $(HASH_LIBS) \ + $(NULL) TESTS = $(CHECK_PROGS) |