diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-05-24 12:15:27 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-05-24 12:15:27 +0200 |
| commit | 0c393aff8b7396a7de9092b5fa88ac2ff0845701 (patch) | |
| tree | e5a0433c14b449e200e61d183b7e6f398f08b6f0 | |
| parent | 0aff056a63af57441764f61b8bd2704590ca052d (diff) | |
| parent | ebd61e1bc15ef94fab28a2fc2de9118d9d8e44aa (diff) | |
| download | NetworkManager-0c393aff8b7396a7de9092b5fa88ac2ff0845701.tar.gz | |
build: merge branch 'th/contrib-rpm-use-gnutls'
https://bugzilla.redhat.com/show_bug.cgi?id=1581693
| -rw-r--r-- | configure.ac | 26 | ||||
| -rw-r--r-- | contrib/fedora/REQUIRED_PACKAGES | 1 | ||||
| -rw-r--r-- | contrib/fedora/rpm/NetworkManager.spec | 13 | ||||
| -rw-r--r-- | libnm-util/crypto_gnutls.c | 9 |
4 files changed, 24 insertions, 25 deletions
diff --git a/configure.ac b/configure.ac index 8adef88731..6ebbc488af 100644 --- a/configure.ac +++ b/configure.ac @@ -668,12 +668,9 @@ AC_SUBST(NM_MODIFY_SYSTEM_POLICY) AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss|gnutls], [Cryptography library to use for certificate and key operations]), - ac_crypto=$withval, - ac_crypto=nss) - -with_nss=no -with_gnutls=no -if test x"$ac_crypto" = xnss; then + with_crypto=$withval, + with_crypto=nss) +if test "$with_crypto" = 'nss'; then PKG_CHECK_MODULES(NSS, [nss]) # Work around a pkg-config bug (fdo #29801) where exists != usable @@ -681,23 +678,13 @@ if test x"$ac_crypto" = xnss; then if test x"$?" != "x0"; then AC_MSG_ERROR([No usable NSS found]) fi - - AC_DEFINE(HAVE_NSS, 1, [Define if you have NSS]) - with_nss=yes -elif test x"$ac_crypto" = xgnutls; then +elif test "$with_crypto" = 'gnutls'; then PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.12]) - AC_DEFINE(HAVE_GNUTLS, 1, [Define if you have libgnutls]) - with_gnutls=yes else AC_MSG_ERROR([Please choose either 'nss' or 'gnutls' for certificate and crypto operations]) fi -AM_CONDITIONAL(WITH_NSS, test x"$with_nss" != xno) -AM_CONDITIONAL(WITH_GNUTLS, test x"$with_gnutls" != xno) - -# Shouldn't ever trigger this, but just in case... -if test x"$ac_nss" = xno -a x"$ac_gnutls" = xno; then - AC_MSG_ERROR([Could not find required development headers and libraries for '$ac_crypto']) -fi +AM_CONDITIONAL(WITH_NSS, test "$with_crypto" = 'nss') +AM_CONDITIONAL(WITH_GNUTLS, test "$with_crypto" = 'gnutls') GLIB_MAKEFILE='$(top_srcdir)/Makefile.glib' AC_SUBST(GLIB_MAKEFILE) @@ -1393,6 +1380,7 @@ echo " code coverage: $enable_code_coverage" echo " LTO: $enable_lto" echo " linker garbage collection: $enable_ld_gc" echo " JSON validation for libnm: $enable_json_validation" +echo " crypto: $with_crypto" echo " sanitizers: $sanitizers" echo " Mozilla Public Suffix List: $with_libpsl" echo diff --git a/contrib/fedora/REQUIRED_PACKAGES b/contrib/fedora/REQUIRED_PACKAGES index 27606d1946..2efe95ce95 100644 --- a/contrib/fedora/REQUIRED_PACKAGES +++ b/contrib/fedora/REQUIRED_PACKAGES @@ -23,6 +23,7 @@ yum install \ dhclient \ gettext-devel \ git \ + gnutls-devel \ gobject-introspection-devel \ gtk-doc \ intltool \ diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index 618e6178b0..8da0cea5a3 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -74,6 +74,11 @@ %else %bcond_with connectivity_fedora %endif +%if 0%{?fedora} > 28 || 0%{?rhel} > 7 +%bcond_without crypto_gnutls +%else +%bcond_with crypto_gnutls +%endif ############################################################################### @@ -141,7 +146,11 @@ BuildRequires: automake autoconf intltool libtool %if %{with ppp} BuildRequires: ppp-devel >= 2.4.5 %endif +%if %{with crypto_gnutls} +BuildRequires: gnutls-devel >= 2.12 +%else BuildRequires: nss-devel >= 3.11.7 +%endif BuildRequires: dhclient BuildRequires: readline-devel BuildRequires: audit-libs-devel @@ -419,7 +428,11 @@ intltoolize --automake --copy --force --with-dhcpcd=no \ --with-dhcpcanon=no \ --with-config-dhcp-default=dhclient \ +%if %{with crypto_gnutls} + --with-crypto=gnutls \ +%else --with-crypto=nss \ +%endif %if %{with sanitizer} --with-address-sanitizer=exec \ %if 0%{?fedora} diff --git a/libnm-util/crypto_gnutls.c b/libnm-util/crypto_gnutls.c index 8604c5c3bc..47c614b919 100644 --- a/libnm-util/crypto_gnutls.c +++ b/libnm-util/crypto_gnutls.c @@ -242,15 +242,12 @@ crypto_encrypt (const char *cipher, gsize padded_buf_len, pad_len, output_len; char *padded_buf = NULL; guint32 i; - gsize salt_len; - if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) { + if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) cipher_mech = GNUTLS_CIPHER_3DES_CBC; - salt_len = SALT_LEN; - } else if (!strcmp (cipher, CIPHER_AES_CBC)) { + else if (!strcmp (cipher, CIPHER_AES_CBC)) cipher_mech = GNUTLS_CIPHER_AES_128_CBC; - salt_len = iv_len; - } else { + else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERR_UNKNOWN_CIPHER, _("Private key cipher '%s' was unknown."), |