colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[OSX] Use CommonCrypto md5 & sha1 impls by default, with a --disable-commoncrypto configure option to disable them and use the old builtin impls.

This commit is contained in:
Brian Cox 2016-06-07 19:06:10 -07:00
parent 704829cbd5
commit c79a6af7b1
4 changed files with 66 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
configure vendored
View File

@ -746,6 +746,7 @@ enable_silent_rules
enable_static enable_static
enable_debug enable_debug
enable_dependency_tracking enable_dependency_tracking
enable_commoncrypto
enable_iconv enable_iconv
enable_openssl enable_openssl
with_ssl_dir with_ssl_dir
@ -1392,8 +1393,9 @@ Optional Features:
do not reject slow dependency extractors do not reject slow dependency extractors
--disable-dependency-tracking --disable-dependency-tracking
speeds up one-time build speeds up one-time build
--disable-commoncrypto Don't use CommonCrypto hash implementations (OSX only)
--enable-iconv Use iconv for locale-independent report and db files --enable-iconv Use iconv for locale-independent report and db files
--disable-openssl don't link against OpenSSL libraries --disable-openssl Don't link against OpenSSL libraries
Optional Packages: Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@ -6175,7 +6177,15 @@ fi
done done
for ac_header in CommonCrypto/CommonDigest.h # Check whether --enable-commoncrypto was given.
if test "${enable_commoncrypto+set}" = set; then :
enableval=$enable_commoncrypto;
fi
if test "x${enable_commoncrypto}" != "xno"
then
for ac_header in CommonCrypto/CommonDigest.h
do : do :
ac_fn_c_check_header_mongrel "$LINENO" "CommonCrypto/CommonDigest.h" "ac_cv_header_CommonCrypto_CommonDigest_h" "$ac_includes_default" ac_fn_c_check_header_mongrel "$LINENO" "CommonCrypto/CommonDigest.h" "ac_cv_header_CommonCrypto_CommonDigest_h" "$ac_includes_default"
if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" = xyes; then : if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" = xyes; then :
@ -6187,6 +6197,7 @@ fi
done done
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lc" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lc" >&5

10
configure.ac
View File

@ -110,7 +110,13 @@ dnl check for posix_fadvise
AC_CHECK_HEADERS(fcntl.h, [AC_CHECK_FUNCS(posix_fadvise)]) AC_CHECK_HEADERS(fcntl.h, [AC_CHECK_FUNCS(posix_fadvise)])
dnl check for OSX builtin hash algorithms dnl check for OSX builtin hash algorithms
AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h) AC_ARG_ENABLE(commoncrypto,
[ --disable-commoncrypto Don't use CommonCrypto hash implementations (OSX only)])
if test "x${enable_commoncrypto}" != "xno"
then
AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h)
fi
dnl ############################################## dnl ##############################################
dnl Checks for various platform specific libraries dnl Checks for various platform specific libraries
@ -304,7 +310,7 @@ if you are trying to compile a static binary.
dnl Check for OpenSSL, now that we have a working compiler dnl Check for OpenSSL, now that we have a working compiler
AC_ARG_ENABLE(openssl, AC_ARG_ENABLE(openssl,
[ --disable-openssl don't link against OpenSSL libraries]) [ --disable-openssl Don't link against OpenSSL libraries])
AC_ARG_WITH(ssl-dir, AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[ [

37
src/fco/signature.cpp
View File

@ -495,7 +495,11 @@ IMPLEMENT_TYPEDSERIALIZABLE(cMD5Signature, _T("cMD5Signature"), 0, 1)
cMD5Signature::cMD5Signature() cMD5Signature::cMD5Signature()
{ {
memset( mMD5Info.digest, 0, sizeof( mMD5Info.digest ) ); #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
memset( mMD5Info.data, 0, sizeof( mMD5Info.data ) );
#else
memset( mMD5Info.digest, 0, sizeof( mMD5Info.digest ) );
#endif
memset( md5_digest, 0, MD5_DIGEST_LENGTH ); memset( md5_digest, 0, MD5_DIGEST_LENGTH );
} }
@ -505,7 +509,9 @@ cMD5Signature::~cMD5Signature()
void cMD5Signature::Init() void cMD5Signature::Init()
{ {
#ifdef HAVE_OPENSSL_MD5_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_MD5_Init(&mMD5Info);
#elif HAVE_OPENSSL_MD5_H
MD5_Init( &mMD5Info ); MD5_Init( &mMD5Info );
#else #else
MD5Init( &mMD5Info ); MD5Init( &mMD5Info );
@ -514,7 +520,9 @@ void cMD5Signature::Init()
void cMD5Signature::Update( const byte* const pbData, int cbDataLen ) void cMD5Signature::Update( const byte* const pbData, int cbDataLen )
{ {
#ifdef HAVE_OPENSSL_MD5_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_MD5_Update(&mMD5Info, (uint8*)pbData, cbDataLen);
#elif HAVE_OPENSSL_MD5_H
MD5_Update( &mMD5Info, (uint8*)pbData, cbDataLen ); MD5_Update( &mMD5Info, (uint8*)pbData, cbDataLen );
#else #else
MD5Update( &mMD5Info, (uint8*)pbData, cbDataLen ); MD5Update( &mMD5Info, (uint8*)pbData, cbDataLen );
@ -523,7 +531,9 @@ void cMD5Signature::Update( const byte* const pbData, int cbDataLen )
void cMD5Signature::Finit() void cMD5Signature::Finit()
{ {
#ifdef HAVE_OPENSSL_MD5_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_MD5_Final(md5_digest, &mMD5Info);
#elif HAVE_OPENSSL_MD5_H
MD5_Final( md5_digest, &mMD5Info ); MD5_Final( md5_digest, &mMD5Info );
#else #else
MD5Final( &mMD5Info ); MD5Final( &mMD5Info );
@ -616,7 +626,10 @@ IMPLEMENT_TYPEDSERIALIZABLE(cSHASignature, _T("cSHASignature"), 0, 1)
cSHASignature::cSHASignature() cSHASignature::cSHASignature()
{ {
memset( &mSHAInfo, 0, sizeof( mSHAInfo ) ); memset( &mSHAInfo, 0, sizeof( mSHAInfo ) );
#ifdef HAVE_OPENSSL_SHA_H
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
memset( sha_digest, 0, CC_SHA1_DIGEST_LENGTH );
#elif HAVE_OPENSSL_SHA_H
memset( sha_digest, 0, SHA_DIGEST_LENGTH ); memset( sha_digest, 0, SHA_DIGEST_LENGTH );
#endif #endif
} }
@ -626,7 +639,9 @@ cSHASignature::~cSHASignature()
void cSHASignature::Init() void cSHASignature::Init()
{ {
#ifdef HAVE_OPENSSL_SHA_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_SHA1_Init( &mSHAInfo );
#elif HAVE_OPENSSL_SHA_H
SHA1_Init( &mSHAInfo ); SHA1_Init( &mSHAInfo );
#else #else
shsInit( &mSHAInfo ); shsInit( &mSHAInfo );
@ -636,7 +651,9 @@ void cSHASignature::Init()
void cSHASignature::Update( const byte* const pbData, int cbDataLen ) void cSHASignature::Update( const byte* const pbData, int cbDataLen )
{ {
ASSERT( sizeof( byte ) == sizeof( uint8 ) ); ASSERT( sizeof( byte ) == sizeof( uint8 ) );
#ifdef HAVE_OPENSSL_SHA_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_SHA1_Update( &mSHAInfo, (uint8*)pbData, cbDataLen );
#elif HAVE_OPENSSL_SHA_H
SHA1_Update( &mSHAInfo, (uint8*)pbData, cbDataLen ); SHA1_Update( &mSHAInfo, (uint8*)pbData, cbDataLen );
#else #else
shsUpdate( &mSHAInfo, (uint8*)pbData, cbDataLen ); shsUpdate( &mSHAInfo, (uint8*)pbData, cbDataLen );
@ -645,7 +662,9 @@ void cSHASignature::Update( const byte* const pbData, int cbDataLen )
void cSHASignature::Finit() void cSHASignature::Finit()
{ {
#ifdef HAVE_OPENSSL_SHA_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo );
#elif HAVE_OPENSSL_SHA_H
SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo ); SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo );
#else #else
shsFinal( &mSHAInfo ); shsFinal( &mSHAInfo );
@ -654,7 +673,7 @@ void cSHASignature::Finit()
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
// AsString -- Converts to Base64 representation and returns a TSTRING // AsString -- Converts to Base64 representation and returns a TSTRING
#ifdef HAVE_OPENSSL_SHA_H #if defined(HAVE_OPENSSL_SHA_H) || defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
TSTRING cSHASignature::AsString(void) const TSTRING cSHASignature::AsString(void) const
{ {
if (cArchiveSigGen::Hex()) if (cArchiveSigGen::Hex())

19
src/fco/signature.h
View File

@ -71,6 +71,12 @@
# endif # endif
#endif #endif
/*Use OSX CommonCrypto lib if available*/
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
# include <CommonCrypto/CommonDigest.h>
#endif
#include "core/haval.h" #include "core/haval.h"
// TODO: figure out a way to do this without including these headers. // TODO: figure out a way to do this without including these headers.
// pool of objects? // pool of objects?
@ -281,8 +287,13 @@ protected:
enum { SIG_BYTE_SIZE = MD5_DIGEST_LENGTH }; enum { SIG_BYTE_SIZE = MD5_DIGEST_LENGTH };
virtual bool IsEqual(const iSignature& rhs) const; virtual bool IsEqual(const iSignature& rhs) const;
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
CC_MD5_CTX mMD5Info;
uint8 md5_digest[CC_MD5_DIGEST_LENGTH];
#else
MD5_CTX mMD5Info; MD5_CTX mMD5Info;
uint8 md5_digest[MD5_DIGEST_LENGTH]; uint8 md5_digest[MD5_DIGEST_LENGTH];
#endif
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -310,10 +321,14 @@ protected:
virtual bool IsEqual(const iSignature& rhs) const; virtual bool IsEqual(const iSignature& rhs) const;
#ifdef HAVE_OPENSSL_SHA_H #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
enum { SIG_UINT32_SIZE = CC_SHA1_DIGEST_LENGTH/4 };
CC_SHA1_CTX mSHAInfo;
uint32 sha_digest[SIG_UINT32_SIZE];
#elif HAVE_OPENSSL_SHA_H
enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 }; enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 };
SHA_CTX mSHAInfo; SHA_CTX mSHAInfo;
uint32 sha_digest[SHA_DIGEST_LENGTH/4]; uint32 sha_digest[SIG_UINT32_SIZE];
#else #else
enum { SIG_UINT32_SIZE = 5 }; enum { SIG_UINT32_SIZE = 5 };
SHS_INFO mSHAInfo; SHS_INFO mSHAInfo;