From c5cc0bb6f2d6e468c7402915a0a4e6799f0febdf Mon Sep 17 00:00:00 2001

From: Colin Walters <walters@verbum.org>

Date: Fri, 7 Jun 2019 18:44:43 +0000

Subject: [PATCH 1/3] ghmac: Split off wrapper functions into ghmac-utils.c

Prep for adding a GnuTLS HMAC implementation; these are just

utility functions that call the "core" API.

---

 glib/Makefile.am   |   1 +

 glib/ghmac-utils.c | 145 +++++++++++++++++++++++++++++++++++++++++++++

 glib/ghmac.c       | 112 ----------------------------------

 glib/meson.build   |   1 +

 4 files changed, 147 insertions(+), 112 deletions(-)

 create mode 100644 glib/ghmac-utils.c

diff --git a/glib/Makefile.am b/glib/Makefile.am

index c0c3b92f0..43fa17051 100644

--- a/glib/Makefile.am

+++ b/glib/Makefile.am

@@ -126,6 +126,7 @@ libglib_2_0_la_SOURCES = 	\

 	ggettext.c		\

 	ghash.c			\

 	ghmac.c			\

+	ghmac-utils.c		\

 	ghook.c			\

 	ghostutils.c		\

 	giochannel.c    	\

diff --git a/glib/ghmac-utils.c b/glib/ghmac-utils.c

new file mode 100644

index 000000000..a17359ff1

--- /dev/null

+++ b/glib/ghmac-utils.c

@@ -0,0 +1,145 @@

+/* ghmac.h - data hashing functions

+ *

+ * Copyright (C) 2011  Collabora Ltd.

+ * Copyright (C) 2019  Red Hat, Inc.

+ *

+ * This library is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU Lesser General Public

+ * License as published by the Free Software Foundation; either

+ * version 2.1 of the License, or (at your option) any later version.

+ *

+ * This library is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+ * Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public License

+ * along with this library; if not, see <http://www.gnu.org/licenses/>.

+ */

+

+#include "config.h"

+

+#include <string.h>

+

+#include "ghmac.h"

+

+#include "glib/galloca.h"

+#include "gatomic.h"

+#include "gslice.h"

+#include "gmem.h"

+#include "gstrfuncs.h"

+#include "gtestutils.h"

+#include "gtypes.h"

+#include "glibintl.h"

+

+/**

+ * g_compute_hmac_for_data:

+ * @digest_type: a #GChecksumType to use for the HMAC

+ * @key: (array length=key_len): the key to use in the HMAC

+ * @key_len: the length of the key

+ * @data: (array length=length): binary blob to compute the HMAC of

+ * @length: length of @data

+ *

+ * Computes the HMAC for a binary @data of @length. This is a

+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()

+ * and g_hmac_unref().

+ *

+ * The hexadecimal string returned will be in lower case.

+ *

+ * Returns: the HMAC of the binary data as a string in hexadecimal.

+ *   The returned string should be freed with g_free() when done using it.

+ *

+ * Since: 2.30

+ */

+gchar *

+g_compute_hmac_for_data (GChecksumType  digest_type,

+                         const guchar  *key,

+                         gsize          key_len,

+                         const guchar  *data,

+                         gsize          length)

+{

+  GHmac *hmac;

+  gchar *retval;

+

+  g_return_val_if_fail (length == 0 || data != NULL, NULL);

+

+  hmac = g_hmac_new (digest_type, key, key_len);

+  if (!hmac)

+    return NULL;

+

+  g_hmac_update (hmac, data, length);

+  retval = g_strdup (g_hmac_get_string (hmac));

+  g_hmac_unref (hmac);

+

+  return retval;

+}

+

+/**

+ * g_compute_hmac_for_bytes:

+ * @digest_type: a #GChecksumType to use for the HMAC

+ * @key: the key to use in the HMAC

+ * @data: binary blob to compute the HMAC of

+ *

+ * Computes the HMAC for a binary @data. This is a

+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()

+ * and g_hmac_unref().

+ *

+ * The hexadecimal string returned will be in lower case.

+ *

+ * Returns: the HMAC of the binary data as a string in hexadecimal.

+ *   The returned string should be freed with g_free() when done using it.

+ *

+ * Since: 2.50

+ */

+gchar *

+g_compute_hmac_for_bytes (GChecksumType  digest_type,

+                          GBytes        *key,

+                          GBytes        *data)

+{

+  gconstpointer byte_data;

+  gsize length;

+  gconstpointer key_data;

+  gsize key_len;

+

+  g_return_val_if_fail (data != NULL, NULL);

+  g_return_val_if_fail (key != NULL, NULL);

+

+  byte_data = g_bytes_get_data (data, &length);

+  key_data = g_bytes_get_data (key, &key_len);

+  return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);

+}

+

+

+/**

+ * g_compute_hmac_for_string:

+ * @digest_type: a #GChecksumType to use for the HMAC

+ * @key: (array length=key_len): the key to use in the HMAC

+ * @key_len: the length of the key

+ * @str: the string to compute the HMAC for

+ * @length: the length of the string, or -1 if the string is nul-terminated

+ *

+ * Computes the HMAC for a string.

+ *

+ * The hexadecimal string returned will be in lower case.

+ *

+ * Returns: the HMAC as a hexadecimal string.

+ *     The returned string should be freed with g_free()

+ *     when done using it.

+ *

+ * Since: 2.30

+ */

+gchar *

+g_compute_hmac_for_string (GChecksumType  digest_type,

+                           const guchar  *key,

+                           gsize          key_len,

+                           const gchar   *str,

+                           gssize         length)

+{

+  g_return_val_if_fail (length == 0 || str != NULL, NULL);

+

+  if (length < 0)

+    length = strlen (str);

+

+  return g_compute_hmac_for_data (digest_type, key, key_len,

+                                  (const guchar *) str, length);

+}

diff --git a/glib/ghmac.c b/glib/ghmac.c

index 9b58fd81c..7db38e34a 100644

--- a/glib/ghmac.c

+++ b/glib/ghmac.c

@@ -329,115 +329,3 @@ g_hmac_get_digest (GHmac  *hmac,

   g_checksum_update (hmac->digesto, buffer, len);

   g_checksum_get_digest (hmac->digesto, buffer, digest_len);

 }

-

-/**

- * g_compute_hmac_for_data:

- * @digest_type: a #GChecksumType to use for the HMAC

- * @key: (array length=key_len): the key to use in the HMAC

- * @key_len: the length of the key

- * @data: (array length=length): binary blob to compute the HMAC of

- * @length: length of @data

- *

- * Computes the HMAC for a binary @data of @length. This is a

- * convenience wrapper for g_hmac_new(), g_hmac_get_string()

- * and g_hmac_unref().

- *

- * The hexadecimal string returned will be in lower case.

- *

- * Returns: the HMAC of the binary data as a string in hexadecimal.

- *   The returned string should be freed with g_free() when done using it.

- *

- * Since: 2.30

- */

-gchar *

-g_compute_hmac_for_data (GChecksumType  digest_type,

-                         const guchar  *key,

-                         gsize          key_len,

-                         const guchar  *data,

-                         gsize          length)

-{

-  GHmac *hmac;

-  gchar *retval;

-

-  g_return_val_if_fail (length == 0 || data != NULL, NULL);

-

-  hmac = g_hmac_new (digest_type, key, key_len);

-  if (!hmac)

-    return NULL;

-

-  g_hmac_update (hmac, data, length);

-  retval = g_strdup (g_hmac_get_string (hmac));

-  g_hmac_unref (hmac);

-

-  return retval;

-}

-

-/**

- * g_compute_hmac_for_bytes:

- * @digest_type: a #GChecksumType to use for the HMAC

- * @key: the key to use in the HMAC

- * @data: binary blob to compute the HMAC of

- *

- * Computes the HMAC for a binary @data. This is a

- * convenience wrapper for g_hmac_new(), g_hmac_get_string()

- * and g_hmac_unref().

- *

- * The hexadecimal string returned will be in lower case.

- *

- * Returns: the HMAC of the binary data as a string in hexadecimal.

- *   The returned string should be freed with g_free() when done using it.

- *

- * Since: 2.50

- */

-gchar *

-g_compute_hmac_for_bytes (GChecksumType  digest_type,

-                          GBytes        *key,

-                          GBytes        *data)

-{

-  gconstpointer byte_data;

-  gsize length;

-  gconstpointer key_data;

-  gsize key_len;

-

-  g_return_val_if_fail (data != NULL, NULL);

-  g_return_val_if_fail (key != NULL, NULL);

-

-  byte_data = g_bytes_get_data (data, &length);

-  key_data = g_bytes_get_data (key, &key_len);

-  return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);

-}

-

-

-/**

- * g_compute_hmac_for_string:

- * @digest_type: a #GChecksumType to use for the HMAC

- * @key: (array length=key_len): the key to use in the HMAC

- * @key_len: the length of the key

- * @str: the string to compute the HMAC for

- * @length: the length of the string, or -1 if the string is nul-terminated

- *

- * Computes the HMAC for a string.

- *

- * The hexadecimal string returned will be in lower case.

- *

- * Returns: the HMAC as a hexadecimal string.

- *     The returned string should be freed with g_free()

- *     when done using it.

- *

- * Since: 2.30

- */

-gchar *

-g_compute_hmac_for_string (GChecksumType  digest_type,

-                           const guchar  *key,

-                           gsize          key_len,

-                           const gchar   *str,

-                           gssize         length)

-{

-  g_return_val_if_fail (length == 0 || str != NULL, NULL);

-

-  if (length < 0)

-    length = strlen (str);

-

-  return g_compute_hmac_for_data (digest_type, key, key_len,

-                                  (const guchar *) str, length);

-}

diff --git a/glib/meson.build b/glib/meson.build

index c81e99f9c..306a67f13 100644

--- a/glib/meson.build

+++ b/glib/meson.build

@@ -138,6 +138,7 @@ glib_sources = files(

   'ggettext.c',

   'ghash.c',

   'ghmac.c',

+  'ghmac-utils.c',

   'ghook.c',

   'ghostutils.c',

   'giochannel.c',

-- 

2.31.1

From 3befcf1eb31e0fa7a988b22a9c24240218cd4744 Mon Sep 17 00:00:00 2001

From: Colin Walters <walters@verbum.org>

Date: Fri, 7 Jun 2019 19:36:54 +0000

Subject: [PATCH 2/3] Add a gnutls backend for GHmac

For RHEL we want apps to use FIPS-certified crypto libraries,

and HMAC apparently counts as "keyed" and hence needs to

be validated.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1630260

Replaces: https://gitlab.gnome.org/GNOME/glib/merge_requests/897

This is a build-time option that backs the GHmac API with GnuTLS.

Most distributors ship glib-networking built with GnuTLS, and

most apps use glib-networking, so this isn't a net-new library

in most cases.

=======================================================================

mcatanzaro note:

I've updated Colin's original patch with several enhancements:

Implement g_hmac_copy() using gnutls_hmac_copy(), which didn't exist

when Colin developed this patch.

Removed use of GSlice

Better error checking in g_hmac_new(). It is possible for

gnutls_hmac_init() to fail if running in FIPS mode and an MD5 digest is

requested. In this case, we should return NULL rather than returning a

broken GHmac with a NULL gnutls_hmac_hd_t. This was leading to a later

null pointer dereference inside gnutls_hmac_update(). Applications are

responsible for checking to ensure the return value of g_hmac_new() is

not NULL since it is annotated as nullable. Added documentation to

indicate this possibility.

Properly handle length -1 in g_hmac_update(). This means we've been

given a NUL-terminated string and should use strlen(). GnuTLS doesn't

accept -1, so let's call strlen() ourselves.

Crash the application with g_error() if gnutls_hmac() fails for any

reason. This is necessary because g_hmac_update() is not fallible, so we

have no way to indicate error. Crashing seems better than returning the

wrong result later when g_hmac_get_string() or g_hmac_get_digest() is

later called. (Those functions are also not fallible.) Fortunately, I

don't think this error should actually be hit in practice.

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903

---

 glib/Makefile.am        |   8 +-

 glib/gchecksum.c        |   9 +-

 glib/gchecksumprivate.h |  32 +++++++

 glib/ghmac-gnutls.c     | 182 ++++++++++++++++++++++++++++++++++++++++

 glib/ghmac.c            |  13 +++

 glib/meson.build        |  10 ++-

 meson.build             |   7 ++

 meson_options.txt       |   5 ++

 8 files changed, 258 insertions(+), 8 deletions(-)

 create mode 100644 glib/gchecksumprivate.h

 create mode 100644 glib/ghmac-gnutls.c

diff --git a/glib/Makefile.am b/glib/Makefile.am

index 43fa17051..1175bbe40 100644

--- a/glib/Makefile.am

+++ b/glib/Makefile.am

@@ -125,7 +125,7 @@ libglib_2_0_la_SOURCES = 	\

 	gfileutils.c		\

 	ggettext.c		\

 	ghash.c			\

-	ghmac.c			\

+	ghmac-gnutls.c		\

 	ghmac-utils.c		\

 	ghook.c			\

 	ghostutils.c		\

@@ -352,11 +352,15 @@ pcre_lib = pcre/libpcre.la

 pcre_inc =

 endif

-libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS)

+gnutls_libs = $(shell pkg-config --libs gnutls)

+gnutls_cflags = $(shell pkg-config --cflags gnutls)

+

+libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS) $(gnutls_cflags)

 libglib_2_0_la_LIBADD = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ @ICONV_LIBS@ @G_LIBS_EXTRA@ $(pcre_lib) $(G_THREAD_LIBS_EXTRA) $(G_THREAD_LIBS_FOR_GTHREAD) $(LIBSYSTEMD_LIBS)

 libglib_2_0_la_DEPENDENCIES = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ $(glib_win32_res) $(glib_def)

 libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) \

+         $(gnutls_libs) \

 	 $(glib_win32_res_ldflag) \

 	-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \

 	-export-dynamic $(no_undefined)

diff --git a/glib/gchecksum.c b/glib/gchecksum.c

index 40b1d50e2..2f59d4a66 100644

--- a/glib/gchecksum.c

+++ b/glib/gchecksum.c

@@ -20,7 +20,7 @@

 #include <string.h>

-#include "gchecksum.h"

+#include "gchecksumprivate.h"

 #include "gslice.h"

 #include "gmem.h"

@@ -173,9 +173,9 @@ sha_byte_reverse (guint32 *buffer,

 }

 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */

-static gchar *

-digest_to_string (guint8 *digest,

-                  gsize   digest_len)

+gchar *

+gchecksum_digest_to_string (guint8 *digest,

+                            gsize   digest_len)

 {

   gint len = digest_len * 2;

   gint i;

@@ -195,6 +195,7 @@ digest_to_string (guint8 *digest,

   return retval;

 }

+#define digest_to_string gchecksum_digest_to_string

 /*

  * MD5 Checksum

diff --git a/glib/gchecksumprivate.h b/glib/gchecksumprivate.h

new file mode 100644

index 000000000..86c7a3b61

--- /dev/null

+++ b/glib/gchecksumprivate.h

@@ -0,0 +1,32 @@

+/* gstdioprivate.h - Private GLib stdio functions

+ *

+ * Copyright 2017 Руслан Ижбулатов

+ *

+ * This library is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU Lesser General Public

+ * License as published by the Free Software Foundation; either

+ * version 2.1 of the License, or (at your option) any later version.

+ *

+ * This library is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+ * Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public License

+ * along with this library; if not, see <http://www.gnu.org/licenses/>.

+ */

+

+#ifndef __G_CHECKSUMPRIVATE_H__

+#define __G_CHECKSUMPRIVATE_H__

+

+#include "gchecksum.h"

+

+G_BEGIN_DECLS

+

+gchar *

+gchecksum_digest_to_string (guint8 *digest,

+                            gsize   digest_len);

+

+G_END_DECLS

+

+#endif

\ No newline at end of file

diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c

new file mode 100644

index 000000000..522b9b302

--- /dev/null

+++ b/glib/ghmac-gnutls.c

@@ -0,0 +1,182 @@

+/* ghmac.h - data hashing functions

+ *

+ * Copyright (C) 2011  Collabora Ltd.

+ * Copyright (C) 2019  Red Hat, Inc.

+ *

+ * This library is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU Lesser General Public

+ * License as published by the Free Software Foundation; either

+ * version 2.1 of the License, or (at your option) any later version.

+ *

+ * This library is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+ * Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public License

+ * along with this library; if not, see <http://www.gnu.org/licenses/>.

+ */

+

+#include "config.h"

+

+#include <string.h>

+#include <gnutls/crypto.h>

+

+#include "ghmac.h"

+

+#include "glib/galloca.h"

+#include "gatomic.h"

+#include "gslice.h"

+#include "gmem.h"

+#include "gstrfuncs.h"

+#include "gchecksumprivate.h"

+#include "gtestutils.h"

+#include "gtypes.h"

+#include "glibintl.h"

+

+struct _GHmac

+{

+  int ref_count;

+  GChecksumType digest_type;

+  gnutls_hmac_hd_t hmac;

+  gchar *digest_str;

+};

+

+GHmac *

+g_hmac_new (GChecksumType  digest_type,

+            const guchar  *key,

+            gsize          key_len)

+{

+  gnutls_mac_algorithm_t algo;

+  GHmac *hmac = g_new0 (GHmac, 1);

+  int ret;

+

+  hmac->ref_count = 1;

+  hmac->digest_type = digest_type;

+

+  switch (digest_type)

+    {

+    case G_CHECKSUM_MD5:

+      algo = GNUTLS_MAC_MD5;

+      break;

+    case G_CHECKSUM_SHA1:

+      algo = GNUTLS_MAC_SHA1;

+      break;

+    case G_CHECKSUM_SHA256:

+      algo = GNUTLS_MAC_SHA256;

+      break;

+    case G_CHECKSUM_SHA384:

+      algo = GNUTLS_MAC_SHA384;

+      break;

+    case G_CHECKSUM_SHA512:

+      algo = GNUTLS_MAC_SHA512;

+      break;

+    default:

+      g_return_val_if_reached (NULL);

+    }

+

+  ret = gnutls_hmac_init (&hmac->hmac, algo, key, key_len);

+  if (ret != 0)

+    {

+      /* There is no way to report an error here, but one possible cause of

+       * failure is that the requested digest may be disabled by FIPS mode.

+       */

+      g_free (hmac->hmac);

+      return NULL;

+    }

+

+  return hmac;

+}

+

+GHmac *

+g_hmac_copy (const GHmac *hmac)

+{

+  GHmac *copy;

+

+  g_return_val_if_fail (hmac != NULL, NULL);

+

+  copy = g_new0 (GHmac, 1);

+  copy->ref_count = 1;

+  copy->digest_type = hmac->digest_type;

+  copy->hmac = gnutls_hmac_copy (hmac->hmac);

+

+  /* g_hmac_copy is not allowed to fail, so we'll have to crash on error. */

+  if (!copy->hmac)

+    g_error ("gnutls_hmac_copy failed");

+

+  return copy;

+}

+

+GHmac *

+g_hmac_ref (GHmac *hmac)

+{

+  g_return_val_if_fail (hmac != NULL, NULL);

+

+  g_atomic_int_inc (&hmac->ref_count);

+

+  return hmac;

+}

+

+void

+g_hmac_unref (GHmac *hmac)

+{

+  g_return_if_fail (hmac != NULL);

+

+  if (g_atomic_int_dec_and_test (&hmac->ref_count))

+    {

+      gnutls_hmac_deinit (hmac->hmac, NULL);

+      g_free (hmac->digest_str);

+      g_free (hmac);

+    }

+}

+

+

+void

+g_hmac_update (GHmac        *hmac,

+               const guchar *data,

+               gssize        length)

+{

+  int ret;

+

+  g_return_if_fail (hmac != NULL);

+  g_return_if_fail (length == 0 || data != NULL);

+

+  if (length == -1)

+    length = strlen ((const char *)data);

+

+  /* g_hmac_update is not allowed to fail, so we'll have to crash on error. */

+  ret = gnutls_hmac (hmac->hmac, data, length);

+  if (ret != 0)

+    g_error ("gnutls_hmac failed: %s", gnutls_strerror (ret));

+}

+

+const gchar *

+g_hmac_get_string (GHmac *hmac)

+{

+  guint8 *buffer;

+  gsize digest_len;

+

+  g_return_val_if_fail (hmac != NULL, NULL);

+

+  if (hmac->digest_str)

+    return hmac->digest_str;

+

+  digest_len = g_checksum_type_get_length (hmac->digest_type);

+  buffer = g_alloca (digest_len);

+

+  gnutls_hmac_output (hmac->hmac, buffer);

+  hmac->digest_str = gchecksum_digest_to_string (buffer, digest_len);

+  return hmac->digest_str;

+}

+

+

+void

+g_hmac_get_digest (GHmac  *hmac,

+                   guint8 *buffer,

+                   gsize  *digest_len)

+{

+  g_return_if_fail (hmac != NULL);

+

+  gnutls_hmac_output (hmac->hmac, buffer);

+  *digest_len = g_checksum_type_get_length (hmac->digest_type);

+}

diff --git a/glib/ghmac.c b/glib/ghmac.c

index 7db38e34a..b03a5aea7 100644

--- a/glib/ghmac.c

+++ b/glib/ghmac.c

@@ -33,6 +33,7 @@

 #include "gtypes.h"

 #include "glibintl.h"

+#error "build configuration error"

 /**

  * SECTION:hmac

@@ -84,6 +85,18 @@ struct _GHmac

  * Support for digests of type %G_CHECKSUM_SHA512 has been added in GLib 2.42.

  * Support for %G_CHECKSUM_SHA384 was added in GLib 2.52.

  *

+ * Note that #GHmac creation may fail, in which case this function will

+ * return %NULL. Since there is no error parameter, it is not possible

+ * to indicate why.

+ *

+ * In Fedora, CentOS Stream, and Red Hat Enterprise Linux, GLib is

+ * configured to use GnuTLS to implement #GHmac in order to support FIPS

+ * compliance. This introduces additional failure possibilities that are

+ * not present in upstream GLib. For example, the creation of a #GHmac

+ * will fail if @digest_type is %G_CHECKSUM_MD5 and the system is

+ * running in FIPS mode. #GHmac creation may also fail if GLib is unable

+ * to load GnuTLS.

+ *

  * Returns: the newly created #GHmac, or %NULL.

  *   Use g_hmac_unref() to free the memory allocated by it.

  *

diff --git a/glib/meson.build b/glib/meson.build

index 306a67f13..07d41456d 100644

--- a/glib/meson.build

+++ b/glib/meson.build

@@ -127,6 +127,7 @@ glib_sources = files(

   'gbytes.c',

   'gcharset.c',

   'gchecksum.c',

+  'gchecksumprivate.h',

   'gconvert.c',

   'gdataset.c',

   'gdate.c',

@@ -137,7 +138,6 @@ glib_sources = files(

   'gfileutils.c',

   'ggettext.c',

   'ghash.c',

-  'ghmac.c',

   'ghmac-utils.c',

   'ghook.c',

   'ghostutils.c',

@@ -223,6 +223,12 @@ else

   glib_dtrace_hdr = []