2d3b65
From 440a178c5aad19050a3d5b5d76881931138af680 Mon Sep 17 00:00:00 2001
2d3b65
From: Colin Walters <walters@verbum.org>
2d3b65
Date: Fri, 7 Jun 2019 18:44:43 +0000
2d3b65
Subject: [PATCH 1/2] ghmac: Split off wrapper functions into ghmac-utils.c
2d3b65
2d3b65
Prep for adding a GnuTLS HMAC implementation; these are just
2d3b65
utility functions that call the "core" API.
2d3b65
---
2d3b65
 glib/Makefile.am   |   1 +
2d3b65
 glib/ghmac-utils.c | 145 +++++++++++++++++++++++++++++++++++++++++++++
2d3b65
 glib/ghmac.c       | 112 ----------------------------------
2d3b65
 glib/meson.build   |   1 +
2d3b65
 4 files changed, 147 insertions(+), 112 deletions(-)
2d3b65
 create mode 100644 glib/ghmac-utils.c
2d3b65
2d3b65
diff --git a/glib/Makefile.am b/glib/Makefile.am
2d3b65
index 8da549c7f..c367b09ad 100644
2d3b65
--- a/glib/Makefile.am
2d3b65
+++ b/glib/Makefile.am
2d3b65
@@ -126,6 +126,7 @@ libglib_2_0_la_SOURCES = 	\
2d3b65
 	ggettext.c		\
2d3b65
 	ghash.c			\
2d3b65
 	ghmac.c			\
2d3b65
+	ghmac-utils.c		\
2d3b65
 	ghook.c			\
2d3b65
 	ghostutils.c		\
2d3b65
 	giochannel.c    	\
2d3b65
diff --git a/glib/ghmac-utils.c b/glib/ghmac-utils.c
2d3b65
new file mode 100644
2d3b65
index 000000000..a17359ff1
2d3b65
--- /dev/null
2d3b65
+++ b/glib/ghmac-utils.c
2d3b65
@@ -0,0 +1,145 @@
2d3b65
+/* ghmac.h - data hashing functions
2d3b65
+ *
2d3b65
+ * Copyright (C) 2011  Collabora Ltd.
2d3b65
+ * Copyright (C) 2019  Red Hat, Inc.
2d3b65
+ *
2d3b65
+ * This library is free software; you can redistribute it and/or
2d3b65
+ * modify it under the terms of the GNU Lesser General Public
2d3b65
+ * License as published by the Free Software Foundation; either
2d3b65
+ * version 2.1 of the License, or (at your option) any later version.
2d3b65
+ *
2d3b65
+ * This library is distributed in the hope that it will be useful,
2d3b65
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
2d3b65
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
2d3b65
+ * Lesser General Public License for more details.
2d3b65
+ *
2d3b65
+ * You should have received a copy of the GNU Lesser General Public License
2d3b65
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
2d3b65
+ */
2d3b65
+
2d3b65
+#include "config.h"
2d3b65
+
2d3b65
+#include <string.h>
2d3b65
+
2d3b65
+#include "ghmac.h"
2d3b65
+
2d3b65
+#include "glib/galloca.h"
2d3b65
+#include "gatomic.h"
2d3b65
+#include "gslice.h"
2d3b65
+#include "gmem.h"
2d3b65
+#include "gstrfuncs.h"
2d3b65
+#include "gtestutils.h"
2d3b65
+#include "gtypes.h"
2d3b65
+#include "glibintl.h"
2d3b65
+
2d3b65
+/**
2d3b65
+ * g_compute_hmac_for_data:
2d3b65
+ * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
+ * @key: (array length=key_len): the key to use in the HMAC
2d3b65
+ * @key_len: the length of the key
2d3b65
+ * @data: (array length=length): binary blob to compute the HMAC of
2d3b65
+ * @length: length of @data
2d3b65
+ *
2d3b65
+ * Computes the HMAC for a binary @data of @length. This is a
2d3b65
+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()
2d3b65
+ * and g_hmac_unref().
2d3b65
+ *
2d3b65
+ * The hexadecimal string returned will be in lower case.
2d3b65
+ *
2d3b65
+ * Returns: the HMAC of the binary data as a string in hexadecimal.
2d3b65
+ *   The returned string should be freed with g_free() when done using it.
2d3b65
+ *
2d3b65
+ * Since: 2.30
2d3b65
+ */
2d3b65
+gchar *
2d3b65
+g_compute_hmac_for_data (GChecksumType  digest_type,
2d3b65
+                         const guchar  *key,
2d3b65
+                         gsize          key_len,
2d3b65
+                         const guchar  *data,
2d3b65
+                         gsize          length)
2d3b65
+{
2d3b65
+  GHmac *hmac;
2d3b65
+  gchar *retval;
2d3b65
+
2d3b65
+  g_return_val_if_fail (length == 0 || data != NULL, NULL);
2d3b65
+
2d3b65
+  hmac = g_hmac_new (digest_type, key, key_len);
2d3b65
+  if (!hmac)
2d3b65
+    return NULL;
2d3b65
+
2d3b65
+  g_hmac_update (hmac, data, length);
2d3b65
+  retval = g_strdup (g_hmac_get_string (hmac));
2d3b65
+  g_hmac_unref (hmac);
2d3b65
+
2d3b65
+  return retval;
2d3b65
+}
2d3b65
+
2d3b65
+/**
2d3b65
+ * g_compute_hmac_for_bytes:
2d3b65
+ * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
+ * @key: the key to use in the HMAC
2d3b65
+ * @data: binary blob to compute the HMAC of
2d3b65
+ *
2d3b65
+ * Computes the HMAC for a binary @data. This is a
2d3b65
+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()
2d3b65
+ * and g_hmac_unref().
2d3b65
+ *
2d3b65
+ * The hexadecimal string returned will be in lower case.
2d3b65
+ *
2d3b65
+ * Returns: the HMAC of the binary data as a string in hexadecimal.
2d3b65
+ *   The returned string should be freed with g_free() when done using it.
2d3b65
+ *
2d3b65
+ * Since: 2.50
2d3b65
+ */
2d3b65
+gchar *
2d3b65
+g_compute_hmac_for_bytes (GChecksumType  digest_type,
2d3b65
+                          GBytes        *key,
2d3b65
+                          GBytes        *data)
2d3b65
+{
2d3b65
+  gconstpointer byte_data;
2d3b65
+  gsize length;
2d3b65
+  gconstpointer key_data;
2d3b65
+  gsize key_len;
2d3b65
+
2d3b65
+  g_return_val_if_fail (data != NULL, NULL);
2d3b65
+  g_return_val_if_fail (key != NULL, NULL);
2d3b65
+
2d3b65
+  byte_data = g_bytes_get_data (data, &length);
2d3b65
+  key_data = g_bytes_get_data (key, &key_len);
2d3b65
+  return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);
2d3b65
+}
2d3b65
+
2d3b65
+
2d3b65
+/**
2d3b65
+ * g_compute_hmac_for_string:
2d3b65
+ * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
+ * @key: (array length=key_len): the key to use in the HMAC
2d3b65
+ * @key_len: the length of the key
2d3b65
+ * @str: the string to compute the HMAC for
2d3b65
+ * @length: the length of the string, or -1 if the string is nul-terminated
2d3b65
+ *
2d3b65
+ * Computes the HMAC for a string.
2d3b65
+ *
2d3b65
+ * The hexadecimal string returned will be in lower case.
2d3b65
+ *
2d3b65
+ * Returns: the HMAC as a hexadecimal string.
2d3b65
+ *     The returned string should be freed with g_free()
2d3b65
+ *     when done using it.
2d3b65
+ *
2d3b65
+ * Since: 2.30
2d3b65
+ */
2d3b65
+gchar *
2d3b65
+g_compute_hmac_for_string (GChecksumType  digest_type,
2d3b65
+                           const guchar  *key,
2d3b65
+                           gsize          key_len,
2d3b65
+                           const gchar   *str,
2d3b65
+                           gssize         length)
2d3b65
+{
2d3b65
+  g_return_val_if_fail (length == 0 || str != NULL, NULL);
2d3b65
+
2d3b65
+  if (length < 0)
2d3b65
+    length = strlen (str);
2d3b65
+
2d3b65
+  return g_compute_hmac_for_data (digest_type, key, key_len,
2d3b65
+                                  (const guchar *) str, length);
2d3b65
+}
2d3b65
diff --git a/glib/ghmac.c b/glib/ghmac.c
2d3b65
index 9b58fd81c..7db38e34a 100644
2d3b65
--- a/glib/ghmac.c
2d3b65
+++ b/glib/ghmac.c
2d3b65
@@ -329,115 +329,3 @@ g_hmac_get_digest (GHmac  *hmac,
2d3b65
   g_checksum_update (hmac->digesto, buffer, len);
2d3b65
   g_checksum_get_digest (hmac->digesto, buffer, digest_len);
2d3b65
 }
2d3b65
-
2d3b65
-/**
2d3b65
- * g_compute_hmac_for_data:
2d3b65
- * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
- * @key: (array length=key_len): the key to use in the HMAC
2d3b65
- * @key_len: the length of the key
2d3b65
- * @data: (array length=length): binary blob to compute the HMAC of
2d3b65
- * @length: length of @data
2d3b65
- *
2d3b65
- * Computes the HMAC for a binary @data of @length. This is a
2d3b65
- * convenience wrapper for g_hmac_new(), g_hmac_get_string()
2d3b65
- * and g_hmac_unref().
2d3b65
- *
2d3b65
- * The hexadecimal string returned will be in lower case.
2d3b65
- *
2d3b65
- * Returns: the HMAC of the binary data as a string in hexadecimal.
2d3b65
- *   The returned string should be freed with g_free() when done using it.
2d3b65
- *
2d3b65
- * Since: 2.30
2d3b65
- */
2d3b65
-gchar *
2d3b65
-g_compute_hmac_for_data (GChecksumType  digest_type,
2d3b65
-                         const guchar  *key,
2d3b65
-                         gsize          key_len,
2d3b65
-                         const guchar  *data,
2d3b65
-                         gsize          length)
2d3b65
-{
2d3b65
-  GHmac *hmac;
2d3b65
-  gchar *retval;
2d3b65
-
2d3b65
-  g_return_val_if_fail (length == 0 || data != NULL, NULL);
2d3b65
-
2d3b65
-  hmac = g_hmac_new (digest_type, key, key_len);
2d3b65
-  if (!hmac)
2d3b65
-    return NULL;
2d3b65
-
2d3b65
-  g_hmac_update (hmac, data, length);
2d3b65
-  retval = g_strdup (g_hmac_get_string (hmac));
2d3b65
-  g_hmac_unref (hmac);
2d3b65
-
2d3b65
-  return retval;
2d3b65
-}
2d3b65
-
2d3b65
-/**
2d3b65
- * g_compute_hmac_for_bytes:
2d3b65
- * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
- * @key: the key to use in the HMAC
2d3b65
- * @data: binary blob to compute the HMAC of
2d3b65
- *
2d3b65
- * Computes the HMAC for a binary @data. This is a
2d3b65
- * convenience wrapper for g_hmac_new(), g_hmac_get_string()
2d3b65
- * and g_hmac_unref().
2d3b65
- *
2d3b65
- * The hexadecimal string returned will be in lower case.
2d3b65
- *
2d3b65
- * Returns: the HMAC of the binary data as a string in hexadecimal.
2d3b65
- *   The returned string should be freed with g_free() when done using it.
2d3b65
- *
2d3b65
- * Since: 2.50
2d3b65
- */
2d3b65
-gchar *
2d3b65
-g_compute_hmac_for_bytes (GChecksumType  digest_type,
2d3b65
-                          GBytes        *key,
2d3b65
-                          GBytes        *data)
2d3b65
-{
2d3b65
-  gconstpointer byte_data;
2d3b65
-  gsize length;
2d3b65
-  gconstpointer key_data;
2d3b65
-  gsize key_len;
2d3b65
-
2d3b65
-  g_return_val_if_fail (data != NULL, NULL);
2d3b65
-  g_return_val_if_fail (key != NULL, NULL);
2d3b65
-
2d3b65
-  byte_data = g_bytes_get_data (data, &length);
2d3b65
-  key_data = g_bytes_get_data (key, &key_len);
2d3b65
-  return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);
2d3b65
-}
2d3b65
-
2d3b65
-
2d3b65
-/**
2d3b65
- * g_compute_hmac_for_string:
2d3b65
- * @digest_type: a #GChecksumType to use for the HMAC
2d3b65
- * @key: (array length=key_len): the key to use in the HMAC
2d3b65
- * @key_len: the length of the key
2d3b65
- * @str: the string to compute the HMAC for
2d3b65
- * @length: the length of the string, or -1 if the string is nul-terminated
2d3b65
- *
2d3b65
- * Computes the HMAC for a string.
2d3b65
- *
2d3b65
- * The hexadecimal string returned will be in lower case.
2d3b65
- *
2d3b65
- * Returns: the HMAC as a hexadecimal string.
2d3b65
- *     The returned string should be freed with g_free()
2d3b65
- *     when done using it.
2d3b65
- *
2d3b65
- * Since: 2.30
2d3b65
- */
2d3b65
-gchar *
2d3b65
-g_compute_hmac_for_string (GChecksumType  digest_type,
2d3b65
-                           const guchar  *key,
2d3b65
-                           gsize          key_len,
2d3b65
-                           const gchar   *str,
2d3b65
-                           gssize         length)
2d3b65
-{
2d3b65
-  g_return_val_if_fail (length == 0 || str != NULL, NULL);
2d3b65
-
2d3b65
-  if (length < 0)
2d3b65
-    length = strlen (str);
2d3b65
-
2d3b65
-  return g_compute_hmac_for_data (digest_type, key, key_len,
2d3b65
-                                  (const guchar *) str, length);
2d3b65
-}
2d3b65
diff --git a/glib/meson.build b/glib/meson.build
2d3b65
index 9df77b6f9..c7f28b5b6 100644
2d3b65
--- a/glib/meson.build
2d3b65
+++ b/glib/meson.build
2d3b65
@@ -138,6 +138,7 @@ glib_sources = files(
2d3b65
   'ggettext.c',
2d3b65
   'ghash.c',
2d3b65
   'ghmac.c',
2d3b65
+  'ghmac-utils.c',
2d3b65
   'ghook.c',
2d3b65
   'ghostutils.c',
2d3b65
   'giochannel.c',
2d3b65
-- 
2d3b65
2.21.0
2d3b65
2d3b65
2d3b65
From 423355787ba9133b310c0b72708024b1428d7d14 Mon Sep 17 00:00:00 2001
2d3b65
From: Colin Walters <walters@verbum.org>
2d3b65
Date: Fri, 7 Jun 2019 19:36:54 +0000
2d3b65
Subject: [PATCH 2/2] Add a gnutls backend for GHmac
2d3b65
2d3b65
For RHEL we want apps to use FIPS-certified crypto libraries,
2d3b65
and HMAC apparently counts as "keyed" and hence needs to
2d3b65
be validated.
2d3b65
2d3b65
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1630260
2d3b65
Replaces: https://gitlab.gnome.org/GNOME/glib/merge_requests/897
2d3b65
2d3b65
This is a build-time option that backs the GHmac API with GnuTLS.
2d3b65
Most distributors ship glib-networking built with GnuTLS, and
2d3b65
most apps use glib-networking, so this isn't a net-new library
2d3b65
in most cases.
2d3b65
2d3b65
However, a fun wrinkle is that the GnuTLS HMAC API doesn't expose
2d3b65
the necessary bits to implement `g_hmac_copy()`; OpenSSL does.
2d3b65
I chose to just make that abort for now since I didn't find
2d3b65
apps using it.
2d3b65
---
2d3b65
 glib/Makefile.am        |   9 ++-
2d3b65
 glib/gchecksum.c        |   9 +--
2d3b65
 glib/gchecksumprivate.h |  32 +++++++++
2d3b65
 glib/ghmac-gnutls.c     | 151 ++++++++++++++++++++++++++++++++++++++++
2d3b65
 glib/ghmac.c            |   1 +
2d3b65
 glib/meson.build        |  10 ++-
2d3b65
 glib/tests/hmac.c       |   6 ++
2d3b65
 meson.build             |   7 ++
2d3b65
 meson_options.txt       |   5 ++
2d3b65
 9 files changed, 221 insertions(+), 9 deletions(-)
2d3b65
 create mode 100644 glib/gchecksumprivate.h
2d3b65
 create mode 100644 glib/ghmac-gnutls.c
2d3b65
2d3b65
diff --git a/glib/Makefile.am b/glib/Makefile.am
2d3b65
index c367b09ad..b0a721ad0 100644
2d3b65
--- a/glib/Makefile.am
2d3b65
+++ b/glib/Makefile.am
2d3b65
@@ -125,7 +125,7 @@ libglib_2_0_la_SOURCES = 	\
2d3b65
 	gfileutils.c		\
2d3b65
 	ggettext.c		\
2d3b65
 	ghash.c			\
2d3b65
-	ghmac.c			\
2d3b65
+	ghmac-gnutls.c		\
2d3b65
 	ghmac-utils.c		\
2d3b65
 	ghook.c			\
2d3b65
 	ghostutils.c		\
2d3b65
@@ -352,11 +352,14 @@ pcre_lib = pcre/libpcre.la
2d3b65
 pcre_inc =
2d3b65
 endif
2d3b65
 
2d3b65
-libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS)
2d3b65
+gnutls_libs = $(shell pkg-config --libs gnutls)
2d3b65
+gnutls_cflags = $(shell pkg-config --cflags gnutls)
2d3b65
+
2d3b65
+libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS) $(gnutls_cflags)
2d3b65
 libglib_2_0_la_LIBADD = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ @ICONV_LIBS@ @G_LIBS_EXTRA@ $(pcre_lib) $(G_THREAD_LIBS_EXTRA) $(G_THREAD_LIBS_FOR_GTHREAD) $(LIBSYSTEMD_LIBS)
2d3b65
 libglib_2_0_la_DEPENDENCIES = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ $(glib_win32_res) $(glib_def)
2d3b65
 
2d3b65
-libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) \
2d3b65
+libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) $(gnutls_libs) \
2d3b65
 	 $(glib_win32_res_ldflag) \
2d3b65
 	-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
2d3b65
 	-export-dynamic $(no_undefined)
2d3b65
diff --git a/glib/gchecksum.c b/glib/gchecksum.c
2d3b65
index 40b1d50e2..2f59d4a66 100644
2d3b65
--- a/glib/gchecksum.c
2d3b65
+++ b/glib/gchecksum.c
2d3b65
@@ -20,7 +20,7 @@
2d3b65
 
2d3b65
 #include <string.h>
2d3b65
 
2d3b65
-#include "gchecksum.h"
2d3b65
+#include "gchecksumprivate.h"
2d3b65
 
2d3b65
 #include "gslice.h"
2d3b65
 #include "gmem.h"
2d3b65
@@ -173,9 +173,9 @@ sha_byte_reverse (guint32 *buffer,
2d3b65
 }
2d3b65
 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
2d3b65
 
2d3b65
-static gchar *
2d3b65
-digest_to_string (guint8 *digest,
2d3b65
-                  gsize   digest_len)
2d3b65
+gchar *
2d3b65
+gchecksum_digest_to_string (guint8 *digest,
2d3b65
+                            gsize   digest_len)
2d3b65
 {
2d3b65
   gint len = digest_len * 2;
2d3b65
   gint i;
2d3b65
@@ -195,6 +195,7 @@ digest_to_string (guint8 *digest,
2d3b65
 
2d3b65
   return retval;
2d3b65
 }
2d3b65
+#define digest_to_string gchecksum_digest_to_string
2d3b65
 
2d3b65
 /*
2d3b65
  * MD5 Checksum
2d3b65
diff --git a/glib/gchecksumprivate.h b/glib/gchecksumprivate.h
2d3b65
new file mode 100644
2d3b65
index 000000000..86c7a3b61
2d3b65
--- /dev/null
2d3b65
+++ b/glib/gchecksumprivate.h
2d3b65
@@ -0,0 +1,32 @@
2d3b65
+/* gstdioprivate.h - Private GLib stdio functions
2d3b65
+ *
2d3b65
+ * Copyright 2017 Руслан Ижбулатов
2d3b65
+ *
2d3b65
+ * This library is free software; you can redistribute it and/or
2d3b65
+ * modify it under the terms of the GNU Lesser General Public
2d3b65
+ * License as published by the Free Software Foundation; either
2d3b65
+ * version 2.1 of the License, or (at your option) any later version.
2d3b65
+ *
2d3b65
+ * This library is distributed in the hope that it will be useful,
2d3b65
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
2d3b65
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
2d3b65
+ * Lesser General Public License for more details.
2d3b65
+ *
2d3b65
+ * You should have received a copy of the GNU Lesser General Public License
2d3b65
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
2d3b65
+ */
2d3b65
+
2d3b65
+#ifndef __G_CHECKSUMPRIVATE_H__
2d3b65
+#define __G_CHECKSUMPRIVATE_H__
2d3b65
+
2d3b65
+#include "gchecksum.h"
2d3b65
+
2d3b65
+G_BEGIN_DECLS
2d3b65
+
2d3b65
+gchar *
2d3b65
+gchecksum_digest_to_string (guint8 *digest,
2d3b65
+                            gsize   digest_len);
2d3b65
+
2d3b65
+G_END_DECLS
2d3b65
+
2d3b65
+#endif
2d3b65
\ No newline at end of file
2d3b65
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
2d3b65
new file mode 100644
2d3b65
index 000000000..3b4dfb872
2d3b65
--- /dev/null
2d3b65
+++ b/glib/ghmac-gnutls.c
2d3b65
@@ -0,0 +1,151 @@
2d3b65
+/* ghmac.h - data hashing functions
2d3b65
+ *
2d3b65
+ * Copyright (C) 2011  Collabora Ltd.
2d3b65
+ * Copyright (C) 2019  Red Hat, Inc.
2d3b65
+ *
2d3b65
+ * This library is free software; you can redistribute it and/or
2d3b65
+ * modify it under the terms of the GNU Lesser General Public
2d3b65
+ * License as published by the Free Software Foundation; either
2d3b65
+ * version 2.1 of the License, or (at your option) any later version.
2d3b65
+ *
2d3b65
+ * This library is distributed in the hope that it will be useful,
2d3b65
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
2d3b65
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
2d3b65
+ * Lesser General Public License for more details.
2d3b65
+ *
2d3b65
+ * You should have received a copy of the GNU Lesser General Public License
2d3b65
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
2d3b65
+ */
2d3b65
+
2d3b65
+#include "config.h"
2d3b65
+
2d3b65
+#include <string.h>
2d3b65
+#include <gnutls/crypto.h>
2d3b65
+
2d3b65
+#include "ghmac.h"
2d3b65
+
2d3b65
+#include "glib/galloca.h"
2d3b65
+#include "gatomic.h"
2d3b65
+#include "gslice.h"
2d3b65
+#include "gmem.h"
2d3b65
+#include "gstrfuncs.h"
2d3b65
+#include "gchecksumprivate.h"
2d3b65
+#include "gtestutils.h"
2d3b65
+#include "gtypes.h"
2d3b65
+#include "glibintl.h"
2d3b65
+
2d3b65
+struct _GHmac
2d3b65
+{
2d3b65
+  int ref_count;
2d3b65
+  GChecksumType digest_type;
2d3b65
+  gnutls_hmac_hd_t hmac;
2d3b65
+  gchar *digest_str;
2d3b65
+};
2d3b65
+
2d3b65
+GHmac *
2d3b65
+g_hmac_new (GChecksumType  digest_type,
2d3b65
+            const guchar  *key,
2d3b65
+            gsize          key_len)
2d3b65
+{
2d3b65
+  gnutls_mac_algorithm_t algo;
2d3b65
+  GHmac *hmac = g_slice_new0 (GHmac);
2d3b65
+  hmac->ref_count = 1;
2d3b65
+  hmac->digest_type = digest_type;  
2d3b65
+
2d3b65
+  switch (digest_type)
2d3b65
+    {
2d3b65
+    case G_CHECKSUM_MD5:
2d3b65
+      algo = GNUTLS_MAC_MD5;
2d3b65
+      break;
2d3b65
+    case G_CHECKSUM_SHA1:
2d3b65
+      algo = GNUTLS_MAC_SHA1;
2d3b65
+      break;
2d3b65
+    case G_CHECKSUM_SHA256:
2d3b65
+      algo = GNUTLS_MAC_SHA256;
2d3b65
+      break;
2d3b65
+    case G_CHECKSUM_SHA384:
2d3b65
+      algo = GNUTLS_MAC_SHA384;
2d3b65
+      break;
2d3b65
+    case G_CHECKSUM_SHA512:
2d3b65
+      algo = GNUTLS_MAC_SHA512;
2d3b65
+      break;
2d3b65
+    default:
2d3b65
+      g_return_val_if_reached (NULL);
2d3b65
+    }
2d3b65
+
2d3b65
+  gnutls_hmac_init (&hmac->hmac, algo, key, key_len);
2d3b65
+
2d3b65
+  return hmac;
2d3b65
+}
2d3b65
+
2d3b65
+GHmac *
2d3b65
+g_hmac_copy (const GHmac *hmac)
2d3b65
+{
2d3b65
+  g_error ("g_hmac_copy is not available with GnuTLS-backend GHmac");
2d3b65
+}
2d3b65
+
2d3b65
+GHmac *
2d3b65
+g_hmac_ref (GHmac *hmac)
2d3b65
+{
2d3b65
+  g_return_val_if_fail (hmac != NULL, NULL);
2d3b65
+
2d3b65
+  g_atomic_int_inc (&hmac->ref_count);
2d3b65
+
2d3b65
+  return hmac;
2d3b65
+}
2d3b65
+
2d3b65
+void
2d3b65
+g_hmac_unref (GHmac *hmac)
2d3b65
+{
2d3b65
+  g_return_if_fail (hmac != NULL);
2d3b65
+
2d3b65
+  if (g_atomic_int_dec_and_test (&hmac->ref_count))
2d3b65
+    {
2d3b65
+      gnutls_hmac_deinit (hmac->hmac, NULL);
2d3b65
+      g_free (hmac->digest_str);
2d3b65
+      g_slice_free (GHmac, hmac);
2d3b65
+    }
2d3b65
+}
2d3b65
+
2d3b65
+
2d3b65
+void
2d3b65
+g_hmac_update (GHmac        *hmac,
2d3b65
+               const guchar *data,
2d3b65
+               gssize        length)
2d3b65
+{
2d3b65
+  g_return_if_fail (hmac != NULL);
2d3b65
+  g_return_if_fail (length == 0 || data != NULL);
2d3b65
+
2d3b65
+  gnutls_hmac (hmac->hmac, data, length);
2d3b65
+}
2d3b65
+
2d3b65
+const gchar *
2d3b65
+g_hmac_get_string (GHmac *hmac)
2d3b65
+{
2d3b65
+  guint8 *buffer;
2d3b65
+  gsize digest_len;
2d3b65
+
2d3b65
+  g_return_val_if_fail (hmac != NULL, NULL);
2d3b65
+
2d3b65
+  if (hmac->digest_str)
2d3b65
+    return hmac->digest_str;
2d3b65
+
2d3b65
+  digest_len = g_checksum_type_get_length (hmac->digest_type);
2d3b65
+  buffer = g_alloca (digest_len);
2d3b65
+
2d3b65
+  gnutls_hmac_output (hmac->hmac, buffer);
2d3b65
+  hmac->digest_str = gchecksum_digest_to_string (buffer, digest_len);
2d3b65
+  return hmac->digest_str;
2d3b65
+}
2d3b65
+
2d3b65
+
2d3b65
+void
2d3b65
+g_hmac_get_digest (GHmac  *hmac,
2d3b65
+                   guint8 *buffer,
2d3b65
+                   gsize  *digest_len)
2d3b65
+{
2d3b65
+  g_return_if_fail (hmac != NULL);
2d3b65
+
2d3b65
+  gnutls_hmac_output (hmac->hmac, buffer);
2d3b65
+  *digest_len = g_checksum_type_get_length (hmac->digest_type);
2d3b65
+}
2d3b65
diff --git a/glib/ghmac.c b/glib/ghmac.c
2d3b65
index 7db38e34a..b12eb07c4 100644
2d3b65
--- a/glib/ghmac.c
2d3b65
+++ b/glib/ghmac.c
2d3b65
@@ -33,6 +33,7 @@
2d3b65
 #include "gtypes.h"
2d3b65
 #include "glibintl.h"
2d3b65
 
2d3b65
+#error "build configuration error"
2d3b65
 
2d3b65
 /**
2d3b65
  * SECTION:hmac
2d3b65
diff --git a/glib/meson.build b/glib/meson.build
2d3b65
index c7f28b5b6..a2f9da81c 100644
2d3b65
--- a/glib/meson.build
2d3b65
+++ b/glib/meson.build
2d3b65
@@ -137,7 +137,6 @@ glib_sources = files(
2d3b65
   'gfileutils.c',
2d3b65
   'ggettext.c',
2d3b65
   'ghash.c',
2d3b65
-  'ghmac.c',
2d3b65
   'ghmac-utils.c',
2d3b65
   'ghook.c',
2d3b65
   'ghostutils.c',
2d3b65
@@ -185,6 +184,7 @@ glib_sources = files(
2d3b65
   'gunidecomp.c',
2d3b65
   'gurifuncs.c',
2d3b65
   'gutils.c',
2d3b65
+  'gchecksumprivate.h',
2d3b65
   'guuid.c',
2d3b65
   'gvariant.c',
2d3b65
   'gvariant-core.c',
2d3b65
@@ -222,6 +222,12 @@ else
2d3b65
   glib_dtrace_hdr = []
2d3b65
 endif
2d3b65
 
2d3b65
+if get_option('gnutls')
2d3b65
+  glib_sources += files('ghmac-gnutls.c')
2d3b65
+else
2d3b65
+  glib_sources += files('ghmac.c')
2d3b65
+endif
2d3b65
+
2d3b65
 pcre_static_args = []
2d3b65
 
2d3b65
 if use_pcre_static_flag
2d3b65
@@ -238,7 +244,7 @@ libglib = library('glib-2.0',
2d3b65
   link_args : platform_ldflags + noseh_link_args,
2d3b65
   include_directories : configinc,
2d3b65
   link_with : [charset_lib, gnulib_lib],
2d3b65
-  dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps,
2d3b65
+  dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps + libgnutls_dep,
2d3b65
   c_args : ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre_static_args + glib_hidden_visibility_args
2d3b65
 )
2d3b65
 
2d3b65
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
2d3b65
index 3ac3206df..5212c2523 100644
2d3b65
--- a/glib/tests/hmac.c
2d3b65
+++ b/glib/tests/hmac.c
2d3b65
@@ -1,3 +1,5 @@
2d3b65
+#include "config.h"
2d3b65
+
2d3b65
 #include <glib.h>
2d3b65
 #include <string.h>
2d3b65
 #include <stdlib.h>
2d3b65
@@ -427,6 +429,9 @@ test_hmac_ref_unref (void)
2d3b65
 static void
2d3b65
 test_hmac_copy (void)
2d3b65
 {
2d3b65
+#ifdef HAVE_GNUTLS
2d3b65
+  g_test_skip ("No g_hmac_copy with gnutls");
2d3b65
+#else
2d3b65
   GHmac *hmac, *check;
2d3b65
 
2d3b65
   hmac = g_hmac_new (G_CHECKSUM_SHA256, (guchar*)"aaa", 3);
2d3b65
@@ -435,6 +440,7 @@ test_hmac_copy (void)
2d3b65
   g_assert_cmpstr (g_hmac_get_string (hmac), ==, g_hmac_get_string (check));
2d3b65
   g_hmac_unref (check);
2d3b65
   g_hmac_unref (hmac);
2d3b65
+#endif
2d3b65
 }
2d3b65
 
2d3b65
 static void
2d3b65
diff --git a/meson.build b/meson.build
2d3b65
index 0cefee51d..81b16b004 100644
2d3b65
--- a/meson.build
2d3b65
+++ b/meson.build
2d3b65
@@ -1596,6 +1596,13 @@ if host_system == 'linux' and get_option('libmount')
2d3b65
   libmount_dep = [dependency('mount', version : '>=2.23', required : true)]
2d3b65
 endif
2d3b65
 
2d3b65
+# gnutls is used optionally by ghmac
2d3b65
+libgnutls_dep = []
2d3b65
+if get_option('gnutls')
2d3b65
+  libgnutls_dep = [dependency('gnutls', version : '>=3.6.7', required : true)]
2d3b65
+  glib_conf.set('HAVE_GNUTLS', 1)
2d3b65
+endif
2d3b65
+
2d3b65
 if host_system == 'windows'
2d3b65
   winsock2 = cc.find_library('ws2_32')
2d3b65
 endif
2d3b65
diff --git a/meson_options.txt b/meson_options.txt
2d3b65
index 4504c6858..d18c42a36 100644
2d3b65
--- a/meson_options.txt
2d3b65
+++ b/meson_options.txt
2d3b65
@@ -34,6 +34,11 @@ option('libmount',
2d3b65
        value : true,
2d3b65
        description : 'build with libmount support')
2d3b65
 
2d3b65
+option('gnutls',
2d3b65
+       type : 'boolean',
2d3b65
+       value : false,
2d3b65
+       description : 'build with gnutls support')
2d3b65
+
2d3b65
 option('internal_pcre',
2d3b65
        type : 'boolean',
2d3b65
        value : false,
2d3b65
-- 
2d3b65
2.21.0
2d3b65