mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-02-23 18:52:09 +01:00
3befcf1eb3
For RHEL we want apps to use FIPS-certified crypto libraries, and HMAC apparently counts as "keyed" and hence needs to be validated. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1630260 Replaces: https://gitlab.gnome.org/GNOME/glib/merge_requests/897 This is a build-time option that backs the GHmac API with GnuTLS. Most distributors ship glib-networking built with GnuTLS, and most apps use glib-networking, so this isn't a net-new library in most cases. ======================================================================= mcatanzaro note: I've updated Colin's original patch with several enhancements: Implement g_hmac_copy() using gnutls_hmac_copy(), which didn't exist when Colin developed this patch. Removed use of GSlice Better error checking in g_hmac_new(). It is possible for gnutls_hmac_init() to fail if running in FIPS mode and an MD5 digest is requested. In this case, we should return NULL rather than returning a broken GHmac with a NULL gnutls_hmac_hd_t. This was leading to a later null pointer dereference inside gnutls_hmac_update(). Applications are responsible for checking to ensure the return value of g_hmac_new() is not NULL since it is annotated as nullable. Added documentation to indicate this possibility. Properly handle length -1 in g_hmac_update(). This means we've been given a NUL-terminated string and should use strlen(). GnuTLS doesn't accept -1, so let's call strlen() ourselves. Crash the application with g_error() if gnutls_hmac() fails for any reason. This is necessary because g_hmac_update() is not fallible, so we have no way to indicate error. Crashing seems better than returning the wrong result later when g_hmac_get_string() or g_hmac_get_digest() is later called. (Those functions are also not fallible.) Fortunately, I don't think this error should actually be hit in practice. https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903
71 lines
1.9 KiB
Meson
71 lines
1.9 KiB
Meson
option('runtime_libdir',
|
|
type : 'string',
|
|
value : '',
|
|
description : 'install runtime libraries relative to libdir')
|
|
|
|
option('iconv',
|
|
type : 'combo',
|
|
choices : ['libc', 'gnu', 'native'],
|
|
value : 'libc',
|
|
description : 'iconv implementation to use (\'libc\' = \'Part of the C stdlib\'; \'gnu\' = \'GNU\'s iconv\'; \'native\' = \'A separate iconv\')')
|
|
|
|
option('charsetalias_dir',
|
|
type : 'string',
|
|
value : '',
|
|
description : 'directory for charset.alias dir (default to \'libdir\' if unset)')
|
|
|
|
option('gio_module_dir',
|
|
type : 'string',
|
|
value : '',
|
|
description : 'load gio modules from this directory (default to \'libdir/gio/modules\' if unset)')
|
|
|
|
option('selinux',
|
|
type : 'boolean',
|
|
value : true,
|
|
description : 'build with selinux support')
|
|
|
|
option('xattr',
|
|
type : 'boolean',
|
|
value : true,
|
|
description : 'build with xattr support')
|
|
|
|
option('libmount',
|
|
type : 'boolean',
|
|
value : true,
|
|
description : 'build with libmount support')
|
|
|
|
option('gnutls',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'build with gnutls support')
|
|
|
|
option('internal_pcre',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'whether to use internal PCRE')
|
|
|
|
option('man',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'generate man pages (requires xsltproc)')
|
|
|
|
option('dtrace',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'include tracing support for dtrace')
|
|
|
|
option('systemtap',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'include tracing support for systemtap')
|
|
|
|
option('tapset_install_dir',
|
|
type : 'string',
|
|
value : '',
|
|
description : 'path where systemtap tapsets are installed')
|
|
|
|
option('gtk_doc',
|
|
type : 'boolean',
|
|
value : false,
|
|
description : 'use gtk-doc to build documentation')
|