rhbz#1618703: Allow to use OpenSSL as backend for rtl/cipher.h

...with new configuration option --enable-cipher-openssl-backend

rtl/cipher.h (which is part of the stable URE interface) offers functionality to
en-/decrypt data with Blowfish in ECB, CBC, and streaming CFB mode, and with RC4
(aka ARCFOUR; which is a stream cipher).  LO itself only uses Blowfish CFB and
RC4, so only those are wired to OpenSSL for now, for simplicity.  Using Blowfish
ECB and CBC, or Blowfish CFB in DirectionBoth mode would cause failures for now
(cf. sal/qa/rtl/cipher/rtl_cipher.cxx); the assumption is that no external code
actually makes use of this functionality.

Using NSS instead of OpenSSL could be an alternative, but there appears to be no
support in NSS for Blowfish in streaming CFB mode, only CKM_BLOWFISH_CBC for
CBC mode.

Change-Id: I0bc042961539ed46844c96cb1c808209578528a0
Reviewed-on: https://gerrit.libreoffice.org/59428
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/sal/Library_sal.mk b/sal/Library_sal.mk
index 9d5822e36256..868d9f8dd23d 100644
--- a/sal/Library_sal.mk
+++ b/sal/Library_sal.mk
@@ -254,4 +254,12 @@ $(eval $(call gb_Library_add_exception_objects,sal,\
 
 endif # ifneq ($(OS),WNT)
 
+ifeq ($(ENABLE_CIPHER_OPENSSL_BACKEND),TRUE)
+$(eval $(call gb_Library_add_defs,sal,-DLIBO_CIPHER_OPENSSL_BACKEND))
+$(eval $(call gb_Library_use_externals,sal, \
+    openssl \
+    openssl_headers \
+))
+endif
+
 # vim: set noet sw=4 ts=4: