diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2018-08-22 09:49:25 +0200 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2018-08-28 17:07:58 +0200 |
| commit | 062ac27d7052bcdf0bdd5db978e041d4c614fd6b (patch) | |
| tree | 597fbde7625dc802bf18543651357286da430d65 /configure.ac | |
| parent | 03fe0c36fccc7f2a9d0962dd8ed3d731c9f0d408 (diff) | |
rhbz#1618703: Allow to use OpenSSL as backend for rtl/cipher.h
...with new configuration option --enable-cipher-openssl-backend
rtl/cipher.h (which is part of the stable URE interface) offers functionality to
en-/decrypt data with Blowfish in ECB, CBC, and streaming CFB mode, and with RC4
(aka ARCFOUR; which is a stream cipher). LO itself only uses Blowfish CFB and
RC4, so only those are wired to OpenSSL for now, for simplicity. Using Blowfish
ECB and CBC, or Blowfish CFB in DirectionBoth mode would cause failures for now
(cf. sal/qa/rtl/cipher/rtl_cipher.cxx); the assumption is that no external code
actually makes use of this functionality.
Using NSS instead of OpenSSL could be an alternative, but there appears to be no
support in NSS for Blowfish in streaming CFB mode, only CKM_BLOWFISH_CBC for
CBC mode.
Change-Id: I0bc042961539ed46844c96cb1c808209578528a0
Reviewed-on: https://gerrit.libreoffice.org/59428
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 4bc16aeb73c1201f187742e0fefe35521fae77ac)
Reviewed-on: https://gerrit.libreoffice.org/59575
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 8de3b8bf4365..735ebf2e360a 100644 --- a/configure.ac +++ b/configure.ac @@ -1455,6 +1455,11 @@ AC_ARG_ENABLE(openssl, use only if you are hacking on it.]), ,enable_openssl=yes) +libo_FUZZ_ARG_ENABLE(cipher-openssl-backend, + AS_HELP_STRING([--enable-cipher-openssl-backend], + [Enable using OpenSSL as the actual implementation of the rtl/cipher.h functionality. + Requires --enable-openssl.])) + AC_ARG_ENABLE(library-bin-tar, AS_HELP_STRING([--enable-library-bin-tar], [Enable the building and reused of tarball of binary build for some 'external' libraries. @@ -9451,6 +9456,24 @@ fi AC_SUBST([DISABLE_OPENSSL]) +if test "$enable_cipher_openssl_backend" = yes && test "$DISABLE_OPENSSL" = TRUE; then + if test "$libo_fuzzed_enable_cipher_openssl_backend" = yes; then + AC_MSG_NOTICE([Resetting --enable-cipher-openssl-backend=no]) + enable_cipher_openssl_backend=no + else + AC_MSG_ERROR([--enable-cipher-openssl-backend needs OpenSSL, but --disable-openssl was given.]) + fi +fi +AC_MSG_CHECKING([whether to enable the OpenSSL backend for rtl/cipher.h]) +ENABLE_CIPHER_OPENSSL_BACKEND= +if test "$enable_cipher_openssl_backend" = yes; then + AC_MSG_RESULT([yes]) + ENABLE_CIPHER_OPENSSL_BACKEND=TRUE +else + AC_MSG_RESULT([no]) +fi +AC_SUBST([ENABLE_CIPHER_OPENSSL_BACKEND]) + dnl =================================================================== dnl Check for building gnutls dnl =================================================================== |