meson: add config setting to select between openssl and gcrypt

This is not pretty, but it is supposed to be only a temporary measure.

diff --git a/meson.build b/meson.build
index b0054b666728a8beb3566c107a9ff3a3d05cd00c..dee05b6017bb9d0b5faecd56122858dfdf9b16cf 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1523,6 +1523,18 @@ else
 endif
 conf.set10('ENABLE_REPART', have)
 
+# We support one or the other. If gcrypt is available, we assume it's there to
+# be used, and use it in preference.
+opt = get_option('cryptolib')
+if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
+        error('openssl requested as the default cryptolib, but not available')
+endif
+conf.set10('PREFER_OPENSSL',
+           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
+conf.set10('HAVE_OPENSSL_OR_GCRYPT',
+           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
+lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
+
 want_importd = get_option('importd')
 if want_importd != 'false'
         have = (conf.get('HAVE_LIBCURL') == 1 and
@@ -4023,6 +4035,14 @@ else
         found += 'static-libudev(@0@)'.format(static_libudev)
 endif
 
+if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1
+        found += 'cryptolib(openssl)'
+elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1
+        found += 'cryptolib(gcrypt)'
+else
+        missing += 'cryptolib'
+endif
+
 if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
         found += 'DNS-over-TLS(gnutls)'
 elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1

diff --git a/meson_options.txt b/meson_options.txt
index 1e91bf1fd2b219a5c0100ed4d9109d8ae6c3f3cd..0d3491a56c7255a3856fc1a064964975020b016c 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -380,6 +380,8 @@ option('gnutls', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'gnutls support')
 option('openssl', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'openssl support')
+option('cryptolib', type : 'combo', choices : ['auto', 'openssl', 'gcrypt'],
+       description : 'whether to use openssl or gcrypt where both are supported')
 option('p11kit', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'p11kit support')
 option('libfido2', type : 'combo', choices : ['auto', 'true', 'false'],

diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index 5840d57d16590e2cf0f4960d2f46edd82d3d305b..eca56d1729d72e1ec8d0bc3b8eca0cb4f7de0013 100644 (file)
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -5,6 +5,8 @@
 
 #if HAVE_OPENSSL
 #  include <openssl/bio.h>
+#  include <openssl/bn.h>
+#  include <openssl/err.h>
 #  include <openssl/evp.h>
 #  include <openssl/pkcs7.h>
 #  include <openssl/ssl.h>
@@ -13,7 +15,15 @@
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
@@ -29,5 +39,24 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
 int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
 
 int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);
+#endif
+
+#if PREFER_OPENSSL
+/* The openssl definition */
+typedef const EVP_MD* hash_md_t;
+typedef const EVP_MD* hash_algorithm_t;
+typedef int elliptic_curve_t;
+typedef EVP_MD_CTX* hash_context_t;
+#  define OPENSSL_OR_GCRYPT(a, b) (a)
+
+#elif HAVE_GCRYPT
+
+#  include <gcrypt.h>
 
+/* The gcrypt definition */
+typedef int hash_md_t;
+typedef const char* hash_algorithm_t;
+typedef const char* elliptic_curve_t;
+typedef gcry_md_hd_t hash_context_t;
+#  define OPENSSL_OR_GCRYPT(a, b) (b)
 #endif