diff options
| -rw-r--r-- | autoconf.mk.in | 1 | ||||
| -rw-r--r-- | autofiles.sums | 4 | ||||
| -rwxr-xr-x | configure | 91 | ||||
| -rw-r--r-- | configure.ac | 72 | ||||
| -rw-r--r-- | libqpdf/QPDFCryptoProvider.cc | 9 | ||||
| -rw-r--r-- | libqpdf/build.mk | 2 | ||||
| -rw-r--r-- | libqpdf/qpdf/qpdf-config.h.in | 6 |
7 files changed, 181 insertions, 4 deletions
diff --git a/autoconf.mk.in b/autoconf.mk.in index a443e1ac..85a97aa8 100644 --- a/autoconf.mk.in +++ b/autoconf.mk.in @@ -30,6 +30,7 @@ STRIP=@STRIP@ OBJDUMP=@OBJDUMP@ GENDEPS=@GENDEPS@ LIBTOOL=@LIBTOOL@ +USE_CRYPTO_NATIVE=@USE_CRYPTO_NATIVE@ DOCBOOKX_DTD=@DOCBOOKX_DTD@ FOP=@FOP@ XSLTPROC=@XSLTPROC@ diff --git a/autofiles.sums b/autofiles.sums index 55627bee..74ee4f26 100644 --- a/autofiles.sums +++ b/autofiles.sums @@ -1,6 +1,6 @@ -0e7c13071bce1494783a7da2be2b8805a9c03118e62126162ae551034882d420 configure.ac +2b5c5a808c353b8df9e28e8cfb1e7d37114a2cad37eaede5bfe4354acae804d0 configure.ac d3f9ee6f6f0846888d9a10fd3dad2e4b1258be84205426cf04d7cef02d61dad7 aclocal.m4 -39b7c25e5553cb231b408de5f22b86386e96fb109e2c44371f57c33d4d285725 libqpdf/qpdf/qpdf-config.h.in +7fc840fce5d372e92aa676e0040213a0f239cc8c01b6d6ef53c82043ceda571a libqpdf/qpdf/qpdf-config.h.in 5297971a0ef90bcd5563eb3f7127a032bb76d3ae2af7258bf13479caf8983a60 m4/ax_cxx_compile_stdcxx.m4 35bc5c645dc42d47f2daeea06f8f3e767c8a1aee6a35eb2b4854fd2ce66c3413 m4/ax_random_device.m4 37f8897d5f68d7d484e5457832a8f190ddb7507fa2a467cb7ee2be40a4364643 m4/libtool.m4 @@ -642,6 +642,8 @@ DOCBOOK_FO DOCBOOK_XHTML SHOW_FAILED_TEST_OUTPUT QPDF_SKIP_TEST_COMPARE_IMAGES +DEFAULT_CRYPTO +USE_CRYPTO_NATIVE CXXWFLAGS WFLAGS BUILDRULES @@ -776,6 +778,9 @@ enable_ld_version_script with_buildrules enable_werror enable_int_warnings +enable_implicit_crypto +enable_crypto_native +with_default_crypto enable_test_compare_images enable_show_failed_test_output with_docbook_xsl @@ -1456,6 +1461,11 @@ Optional Features: --enable-werror whether to treat warnings as errors (default is no) --enable-int-warnings whether to turn on integer type warnings (default is yes) + --enable-implicit-crypto + whether to enable available crypto providers that + are not explicitly requested; true by default + --enable-crypto-native whether to include support for native crypto + provider --enable-test-compare-images whether to compare images in test suite; disabled by default, enabling requires ghostscript and tiffcmp @@ -1491,6 +1501,9 @@ Optional Packages: QPDF_LARGE_FILE_TEST_PATH environment variable to the path before running the test suite. --with-buildrules=rules which build rules to use; see README.md + --with-default-crypto=provider + which crypto provider to use by default; see + README.md --with-docbook-xsl=DIR location of docbook 4.x xml stylesheets --with-docbookx-dtd=FILE location of docbook 4.x xml DTD @@ -17569,6 +17582,84 @@ $as_echo "no" >&6; } fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for whether to use implicit crypto" >&5 +$as_echo_n "checking for whether to use implicit crypto... " >&6; } +# Check whether --enable-implicit-crypto was given. +if test "${enable_implicit_crypto+set}" = set; then : + enableval=$enable_implicit_crypto; if test "$enableval" = "yes"; then + IMPLICIT_CRYPTO=1 + else + IMPLICIT_CRYPTO=0 + fi +else + IMPLICIT_CRYPTO=1 +fi + +if test "$IMPLICIT_CRYPTO" = "1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + +# Check whether --enable-crypto-native was given. +if test "${enable_crypto_native+set}" = set; then : + enableval=$enable_crypto_native; if test "$enableval" = "yes"; then + USE_CRYPTO_NATIVE=1 + else + USE_CRYPTO_NATIVE=0 + fi +else + USE_CRYPTO_NATIVE=$IMPLICIT_CRYPTO +fi + +if test "$USE_CRYPTO_NATIVE" = "1"; then + +$as_echo "#define USE_CRYPTO_NATIVE 1" >>confdefs.h + + DEFAULT_CRYPTO=native +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which crypto to use by default" >&5 +$as_echo_n "checking which crypto to use by default... " >&6; } + + +# Check whether --with-default-crypto was given. +if test "${with_default_crypto+set}" = set; then : + withval=$with_default_crypto; DEFAULT_CRYPTO=$withval +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $DEFAULT_CRYPTO" >&5 +$as_echo "$DEFAULT_CRYPTO" >&6; } + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_CRYPTO "$DEFAULT_CRYPTO" +_ACEOF + + + +bad_crypto=0 +case "$DEFAULT_CRYPTO" in + "native") + if test "$USE_CRYPTO_NATIVE" != "1"; then + bad_crypto=1 + fi + ;; + *) + bad_crypto=1 + ;; +esac +if test "$bad_crypto" = "1"; then + as_fn_error $? "Unsupported default crypto: $DEFAULT_CRYPTO" "$LINENO" 5 +fi + + + # Check whether --enable-test-compare-images was given. if test "${enable_test_compare_images+set}" = set; then : enableval=$enable_test_compare_images; if test "$enableval" = "no"; then diff --git a/configure.ac b/configure.ac index c934b31a..d7223d06 100644 --- a/configure.ac +++ b/configure.ac @@ -465,6 +465,78 @@ else AC_MSG_RESULT(no) fi +dnl BEGIN CRYPTO + +dnl By default, we build in support for every crypto provider that we +dnl can. If implicit crypto is disabled, we don't build support for +dnl any crypto that is not explicitly enabled. Test for various crypto +dnl providers in increasing order of priority. The last one found +dnl becomes the default unless a default is explicitly specified. + +AC_MSG_CHECKING(for whether to use implicit crypto) +AC_ARG_ENABLE(implicit-crypto, + AS_HELP_STRING([--enable-implicit-crypto], + [whether to enable available crypto providers that are not explicitly requested; true by default]), + [if test "$enableval" = "yes"; then + IMPLICIT_CRYPTO=1 + else + IMPLICIT_CRYPTO=0 + fi], + [IMPLICIT_CRYPTO=1]) +if test "$IMPLICIT_CRYPTO" = "1"; then + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +dnl Native crypto is always available unless explicitly disabled. + +AC_SUBST(USE_CRYPTO_NATIVE) +AC_ARG_ENABLE(crypto-native, + AS_HELP_STRING([--enable-crypto-native], + [whether to include support for native crypto provider]), + [if test "$enableval" = "yes"; then + USE_CRYPTO_NATIVE=1 + else + USE_CRYPTO_NATIVE=0 + fi], + [USE_CRYPTO_NATIVE=$IMPLICIT_CRYPTO]) +if test "$USE_CRYPTO_NATIVE" = "1"; then + AC_DEFINE([USE_CRYPTO_NATIVE], 1, [Whether to use the native crypto provider]) + DEFAULT_CRYPTO=native +fi + +dnl Allow the default crypto provider to be specified explicitly. + +AC_MSG_CHECKING(which crypto to use by default) +AC_SUBST(DEFAULT_CRYPTO) +AC_ARG_WITH(default-crypto, + AS_HELP_STRING([--with-default-crypto=provider], + [which crypto provider to use by default; see README.md]), + [DEFAULT_CRYPTO=$withval], + []) +AC_MSG_RESULT($DEFAULT_CRYPTO) +AC_DEFINE_UNQUOTED([DEFAULT_CRYPTO], "$DEFAULT_CRYPTO", [Default crypto provider]) + +dnl Make sure the default crypto provider is actually being built. + +bad_crypto=0 +case "$DEFAULT_CRYPTO" in + "native") + if test "$USE_CRYPTO_NATIVE" != "1"; then + bad_crypto=1 + fi + ;; + *) + bad_crypto=1 + ;; +esac +if test "$bad_crypto" = "1"; then + AC_MSG_ERROR(Unsupported default crypto: $DEFAULT_CRYPTO) +fi + +dnl END CRYPTO + AC_SUBST(QPDF_SKIP_TEST_COMPARE_IMAGES) AC_ARG_ENABLE(test-compare-images, AS_HELP_STRING([--enable-test-compare-images], diff --git a/libqpdf/QPDFCryptoProvider.cc b/libqpdf/QPDFCryptoProvider.cc index 8d795534..58712f54 100644 --- a/libqpdf/QPDFCryptoProvider.cc +++ b/libqpdf/QPDFCryptoProvider.cc @@ -1,7 +1,10 @@ #include <qpdf/QPDFCryptoProvider.hh> +#include <qpdf/qpdf-config.h> #include <stdexcept> -#include <qpdf/QPDFCrypto_native.hh> +#ifdef USE_CRYPTO_NATIVE +# include <qpdf/QPDFCrypto_native.hh> +#endif std::shared_ptr<QPDFCryptoImpl> QPDFCryptoProvider::getImpl() @@ -37,8 +40,10 @@ QPDFCryptoProvider::setDefaultProvider(std::string const& name) QPDFCryptoProvider::QPDFCryptoProvider() : m(std::make_shared<Members>()) { +#ifdef USE_CRYPTO_NATIVE registerImpl_internal<QPDFCrypto_native>("native"); - setDefaultProvider_internal("native"); +#endif + setDefaultProvider_internal(DEFAULT_CRYPTO); } QPDFCryptoProvider& diff --git a/libqpdf/build.mk b/libqpdf/build.mk index 24ff682d..7e5f4aa3 100644 --- a/libqpdf/build.mk +++ b/libqpdf/build.mk @@ -90,7 +90,9 @@ SRCS_libqpdf = \ libqpdf/SparseOHArray.cc \ libqpdf/qpdf-c.cc +ifeq ($(USE_CRYPTO_NATIVE), 1) SRCS_libqpdf += $(CRYPTO_NATIVE) +endif # ----- diff --git a/libqpdf/qpdf/qpdf-config.h.in b/libqpdf/qpdf/qpdf-config.h.in index 4eeff555..20441efd 100644 --- a/libqpdf/qpdf/qpdf-config.h.in +++ b/libqpdf/qpdf/qpdf-config.h.in @@ -3,6 +3,9 @@ /* Whether to avoid use of HANDLE in Windows */ #undef AVOID_WINDOWS_HANDLE +/* Default crypto provider */ +#undef DEFAULT_CRYPTO + /* define if the compiler supports basic C++11 syntax */ #undef HAVE_CXX11 @@ -81,6 +84,9 @@ /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Whether to use the native crypto provider */ +#undef USE_CRYPTO_NATIVE + /* Whether to use insecure random numbers */ #undef USE_INSECURE_RANDOM |