Implement gnutls crypto provider (fixes #218)

Thanks to Zdenek Dohnal <zdohnal@redhat.com> for contributing the code used for the gnutls crypto provider.
qpdf · Nov 9, 2019 · 88bedb4 · 88bedb4
1 parent cc14523
commit 88bedb4
Show file tree

Hide file tree

Showing 9 changed files with 531 additions and 3 deletions.
diff --git a/autoconf.mk.in b/autoconf.mk.in
@@ -31,6 +31,7 @@ OBJDUMP=@OBJDUMP@
 GENDEPS=@GENDEPS@
 LIBTOOL=@LIBTOOL@
 USE_CRYPTO_NATIVE=@USE_CRYPTO_NATIVE@
+USE_CRYPTO_GNUTLS=@USE_CRYPTO_GNUTLS@
 DOCBOOKX_DTD=@DOCBOOKX_DTD@
 FOP=@FOP@
 XSLTPROC=@XSLTPROC@

diff --git a/autofiles.sums b/autofiles.sums
@@ -1,6 +1,6 @@
-2b5c5a808c353b8df9e28e8cfb1e7d37114a2cad37eaede5bfe4354acae804d0  configure.ac
+97f3ed3cd8b491f0ceeb57baa40f4ed9c4be188692da1d13c93ef318c45cc4ae  configure.ac
 d3f9ee6f6f0846888d9a10fd3dad2e4b1258be84205426cf04d7cef02d61dad7  aclocal.m4
-7fc840fce5d372e92aa676e0040213a0f239cc8c01b6d6ef53c82043ceda571a  libqpdf/qpdf/qpdf-config.h.in
+2e4cd495837be1b8454a4d8aef541b000988634be89d9c05a9cf5de67dffef5e  libqpdf/qpdf/qpdf-config.h.in
 5297971a0ef90bcd5563eb3f7127a032bb76d3ae2af7258bf13479caf8983a60  m4/ax_cxx_compile_stdcxx.m4
 35bc5c645dc42d47f2daeea06f8f3e767c8a1aee6a35eb2b4854fd2ce66c3413  m4/ax_random_device.m4
 37f8897d5f68d7d484e5457832a8f190ddb7507fa2a467cb7ee2be40a4364643  m4/libtool.m4

diff --git a/configure b/configure
@@ -643,6 +643,9 @@ DOCBOOK_XHTML
 SHOW_FAILED_TEST_OUTPUT
 QPDF_SKIP_TEST_COMPARE_IMAGES
 DEFAULT_CRYPTO
+USE_CRYPTO_GNUTLS
+pc_gnutls_LIBS
+pc_gnutls_CFLAGS
 USE_CRYPTO_NATIVE
 CXXWFLAGS
 WFLAGS
@@ -780,6 +783,7 @@ enable_werror
 enable_int_warnings
 enable_implicit_crypto
 enable_crypto_native
+enable_crypto_gnutls
 with_default_crypto
 enable_test_compare_images
 enable_show_failed_test_output
@@ -811,7 +815,9 @@ PKG_CONFIG_LIBDIR
 pc_zlib_CFLAGS
 pc_zlib_LIBS
 pc_libjpeg_CFLAGS
-pc_libjpeg_LIBS'
+pc_libjpeg_LIBS
+pc_gnutls_CFLAGS
+pc_gnutls_LIBS'
 
 
 # Initialize some variables set by options.
@@ -1466,6 +1472,8 @@ Optional Features:
                           are not explicitly requested; true by default
   --enable-crypto-native  whether to include support for native crypto
                           provider
+  --enable-crypto-gnutls  whether to include support for gnutls crypto
+                          provider
   --enable-test-compare-images
                           whether to compare images in test suite; disabled by
                           default, enabling requires ghostscript and tiffcmp
@@ -1535,6 +1543,10 @@ Some influential environment variables:
               C compiler flags for pc_libjpeg, overriding pkg-config
   pc_libjpeg_LIBS
               linker flags for pc_libjpeg, overriding pkg-config
+  pc_gnutls_CFLAGS
+              C compiler flags for pc_gnutls, overriding pkg-config
+  pc_gnutls_LIBS
+              linker flags for pc_gnutls, overriding pkg-config
 
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
@@ -17625,6 +17637,122 @@ $as_echo "#define USE_CRYPTO_NATIVE 1" >>confdefs.h
 fi
 
 
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pc_gnutls" >&5
+$as_echo_n "checking for pc_gnutls... " >&6; }
+
+if test -n "$pc_gnutls_CFLAGS"; then
+    pkg_cv_pc_gnutls_CFLAGS="$pc_gnutls_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "gnutls") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_pc_gnutls_CFLAGS=`$PKG_CONFIG --cflags "gnutls" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$pc_gnutls_LIBS"; then
+    pkg_cv_pc_gnutls_LIBS="$pc_gnutls_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "gnutls") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_pc_gnutls_LIBS=`$PKG_CONFIG --libs "gnutls" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        pc_gnutls_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gnutls" 2>&1`
+        else
+	        pc_gnutls_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gnutls" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$pc_gnutls_PKG_ERRORS" >&5
+
+	GNUTLS_FOUND=0
+elif test $pkg_failed = untried; then
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	GNUTLS_FOUND=0
+else
+	pc_gnutls_CFLAGS=$pkg_cv_pc_gnutls_CFLAGS
+	pc_gnutls_LIBS=$pkg_cv_pc_gnutls_LIBS
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	GNUTLS_FOUND=1
+fi
+
+IMPLICIT_GNUTLS=0
+USE_CRYPTO_GNUTLS=0
+
+# Check whether --enable-crypto-gnutls was given.
+if test "${enable_crypto_gnutls+set}" = set; then :
+  enableval=$enable_crypto_gnutls; if test "$enableval" = "yes"; then
+      USE_CRYPTO_GNUTLS=1
+    else
+      USE_CRYPTO_GNUTLS=0
+    fi
+else
+  IMPLICIT_GNUTLS=$IMPLICIT_CRYPTO
+fi
+
+
+if test "$IMPLICIT_GNUTLS" = "1"; then
+  USE_CRYPTO_GNUTLS=$GNUTLS_FOUND
+  if test "$USE_CRYPTO_GNUTLS" = "1"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: enabling gnutls crypto provider since gnutls is available" >&5
+$as_echo "$as_me: enabling gnutls crypto provider since gnutls is available" >&6;}
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not enabling gnutls crypto provider since gnutls was not found" >&5
+$as_echo "$as_me: not enabling gnutls crypto provider since gnutls was not found" >&6;}
+  fi
+fi
+
+if test "$USE_CRYPTO_GNUTLS" = "1" -a "$GNUTLS_FOUND" = "0"; then
+  as_fn_error $? "unable to use requested gnutls crypto provider without gnutls" "$LINENO" 5
+fi
+
+if test "$USE_CRYPTO_GNUTLS" = "1"; then
+  CFLAGS="$CFLAGS $pc_gnutls_CFLAGS"
+  CXXFLAGS="$CXXFLAGS $pc_gnutls_CXXFLAGS"
+  LIBS="$LIBS $pc_gnutls_LIBS"
+
+$as_echo "#define USE_CRYPTO_GNUTLS 1" >>confdefs.h
+
+  DEFAULT_CRYPTO=gnutls
+elif test "$GNUTLS_FOUND" = "1"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: not linking with gnutls even though it is available" >&5
+$as_echo "$as_me: not linking with gnutls even though it is available" >&6;}
+fi
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking which crypto to use by default" >&5
 $as_echo_n "checking which crypto to use by default... " >&6; }
 
@@ -17650,6 +17778,11 @@ case "$DEFAULT_CRYPTO" in
       bad_crypto=1
     fi
   ;;
+  "gnutls")
+    if test "$USE_CRYPTO_GNUTLS" != "1"; then
+      bad_crypto=1
+    fi
+  ;;
   *)
     bad_crypto=1
   ;;

diff --git a/configure.ac b/configure.ac
@@ -506,6 +506,49 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then
   DEFAULT_CRYPTO=native
 fi
 
+dnl If the gnutls provider is explicitly requested, require gnutls. If
+dnl the gnutls provider is not explicitly disabled, enable it if
+dnl gnutls is available. If the gnutls provider is explicitly
+dnl disabled, do not link with gnutls even if present.
+
+PKG_CHECK_MODULES([pc_gnutls], [gnutls], [GNUTLS_FOUND=1], [GNUTLS_FOUND=0])
+
+IMPLICIT_GNUTLS=0
+USE_CRYPTO_GNUTLS=0
+AC_SUBST(USE_CRYPTO_GNUTLS)
+AC_ARG_ENABLE(crypto-gnutls,
+   AS_HELP_STRING([--enable-crypto-gnutls],
+                  [whether to include support for gnutls crypto provider]),
+   [if test "$enableval" = "yes"; then
+      USE_CRYPTO_GNUTLS=1
+    else
+      USE_CRYPTO_GNUTLS=0
+    fi],
+   [IMPLICIT_GNUTLS=$IMPLICIT_CRYPTO])
+
+if test "$IMPLICIT_GNUTLS" = "1"; then
+  USE_CRYPTO_GNUTLS=$GNUTLS_FOUND
+  if test "$USE_CRYPTO_GNUTLS" = "1"; then
+    AC_MSG_NOTICE(enabling gnutls crypto provider since gnutls is available)
+  else
+    AC_MSG_NOTICE(not enabling gnutls crypto provider since gnutls was not found)
+  fi
+fi
+
+if test "$USE_CRYPTO_GNUTLS" = "1" -a "$GNUTLS_FOUND" = "0"; then
+  AC_MSG_ERROR(unable to use requested gnutls crypto provider without gnutls)
+fi
+
+if test "$USE_CRYPTO_GNUTLS" = "1"; then
+  CFLAGS="$CFLAGS $pc_gnutls_CFLAGS"
+  CXXFLAGS="$CXXFLAGS $pc_gnutls_CXXFLAGS"
+  LIBS="$LIBS $pc_gnutls_LIBS"
+  AC_DEFINE([USE_CRYPTO_GNUTLS], 1, [Whether to use the gnutls crypto provider])
+  DEFAULT_CRYPTO=gnutls
+elif test "$GNUTLS_FOUND" = "1"; then
+  AC_MSG_NOTICE(not linking with gnutls even though it is available)
+fi
+
 dnl Allow the default crypto provider to be specified explicitly.
 
 AC_MSG_CHECKING(which crypto to use by default)
@@ -527,6 +570,11 @@ case "$DEFAULT_CRYPTO" in
       bad_crypto=1
     fi
   ;;
+  "gnutls")
+    if test "$USE_CRYPTO_GNUTLS" != "1"; then
+      bad_crypto=1
+    fi
+  ;;
   *)
     bad_crypto=1
   ;;

diff --git a/libqpdf/QPDFCryptoProvider.cc b/libqpdf/QPDFCryptoProvider.cc
@@ -5,6 +5,9 @@
 #ifdef USE_CRYPTO_NATIVE
 # include <qpdf/QPDFCrypto_native.hh>
 #endif
+#ifdef USE_CRYPTO_GNUTLS
+# include <qpdf/QPDFCrypto_gnutls.hh>
+#endif
 
 std::shared_ptr<QPDFCryptoImpl>
 QPDFCryptoProvider::getImpl()
@@ -42,6 +45,9 @@ QPDFCryptoProvider::QPDFCryptoProvider() :
 {
 #ifdef USE_CRYPTO_NATIVE
     registerImpl_internal<QPDFCrypto_native>("native");
+#endif
+#ifdef USE_CRYPTO_GNUTLS
+    registerImpl_internal<QPDFCrypto_gnutls>("gnutls");
 #endif
     setDefaultProvider_internal(DEFAULT_CRYPTO);
 }