Add openssl for hashing, as an option

To: debian-dpkg@lists.debian.org
Subject: Add openssl for hashing, as an option
From: Adam Majer <adamm@zombino.com>
Date: Thu, 20 Jul 2023 16:58:32 +0200
Message-id: <[🔎] ZLlLmFpZHblm9L9y@adams>

Hi all,

This seems to be related to
https://lists.debian.org/debian-dpkg/2023/06/msg00059.html
which I've found after I've created this patch already. The motivation
is not to use openssl instead of libmd, but to have the option to use it
in addition to.

For openSUSE, we have dpkg in Ring0 rebuild set. It means, this set of
packages is rebuild quite often and is always consistent. Adding
additional dependencies, even small ones like libmd, increases the load
that is placed on our infrastructure.

So the purpose here is to add support for OpenSSL while keeping libmd as
the primary source of the hashing function.

For the record, I do agree with the initial rationale of replacing the
in-tree implementation with libmd.

- Adam

PS. Please CC me in replies as I'm not on this list.


>From da3057e9c050f4b831c448d80510b51f5d4f1d50 Mon Sep 17 00:00:00 2001
From: Adam Majer <adamm@zombino.com>
Date: Thu, 20 Jul 2023 16:01:06 +0200
Subject: [PATCH] build: add support for OpenSSL for hashing

In 2767801430de3c6d4ec7394e286fc261a8180feb dpkg fully switched
to libmd for hasing instead of in-tree version. For distributions
like openSUSE Tumbleweed, this adds additional dependencies in
the rebuild set. Using library like OpenSSL that is already
in this rebuild set, doesn't add additional dependencies.

This patch adds support for using OpenSSL for hash calculation.

Signed-off-by: Adam Majer <adamm@zombino.com>
---
 configure.ac         |  8 ++++++++
 lib/dpkg/Makefile.am |  2 +-
 lib/dpkg/buffer.c    | 10 +++++++++-
 m4/dpkg-libs.m4      | 21 ++++++++++++++++++---
 4 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index d1fa8357d..f8b8f4eae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,6 +97,13 @@ AC_SYS_LARGEFILE
 # Checks for libraries.
 DPKG_LIB_RT
 DPKG_LIB_MD
+AS_IF([test "x$have_libmd" = "xno"], [
+  DPKG_LIB_OPENSSL
+  AS_IF([test "x$have_crypto" = "xno"], [
+    AC_MSG_FAILURE([md5 digest functions not found in libmd or openssl])
+  ])
+])
+
 DPKG_LIB_Z
 DPKG_LIB_BZ2
 DPKG_LIB_LZMA
@@ -308,6 +315,7 @@ Configuration:
     libkvm  . . . . . . . . . . . : ${have_libkvm:-no}
     libselinux  . . . . . . . . . : $have_libselinux
     libmd . . . . . . . . . . . . : $have_libmd
+    libcryto  . . . . . . . . . . : $have_libcrypto
     libz  . . . . . . . . . . . . : $have_libz_impl
     liblzma . . . . . . . . . . . : $have_liblzma
     libzstd . . . . . . . . . . . : $have_libzstd
diff --git a/lib/dpkg/Makefile.am b/lib/dpkg/Makefile.am
index 3403338ce..96c4a4cbf 100644
--- a/lib/dpkg/Makefile.am
+++ b/lib/dpkg/Makefile.am
@@ -50,7 +50,7 @@ EXTRA_libdpkg_la_DEPENDENCIES += \
 	libdpkg.sym \
 	# EOL
 endif
-libdpkg_la_LDFLAGS += $(MD_LIBS)
+libdpkg_la_LDFLAGS += $(MD_LIBS) $(OPENSSL_LIBS)
 libdpkg_la_LIBADD = \
 	../compat/libcompat.la \
 	# EOL
diff --git a/lib/dpkg/buffer.c b/lib/dpkg/buffer.c
index ed05f4b4a..bf6f7d1f7 100644
--- a/lib/dpkg/buffer.c
+++ b/lib/dpkg/buffer.c
@@ -23,10 +23,18 @@
 #include <config.h>
 #include <compat.h>
 
+#ifdef HAVE_MD5_H
+#include <md5.h>
+#elif HAVE_OPENSSL_MD5_H
+#include <openssl/md5.h>
+#define MD5Init MD5_Init
+#define MD5Update MD5_Update
+#define MD5Final MD5_Final
+#endif
+
 #include <sys/types.h>
 
 #include <errno.h>
-#include <md5.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdlib.h>
diff --git a/m4/dpkg-libs.m4 b/m4/dpkg-libs.m4
index f1eba330b..2196be457 100644
--- a/m4/dpkg-libs.m4
+++ b/m4/dpkg-libs.m4
@@ -20,11 +20,26 @@ AC_DEFUN([DPKG_LIB_MD], [
       MD_LIBS="$ac_cv_search_MD5Init"
     ])
   ])
-  AS_IF([test "x$have_libmd" = "xno"], [
-    AC_MSG_FAILURE([md5 digest functions not found])
-  ])
 ])# DPKG_LIB_MD
 
+# DPKG_LIB_OPENSSL
+# -----------
+# Check for the digests support in openssl library.
+AC_DEFUN([DPKG_LIB_OPENSSL], [
+  AC_ARG_VAR([OPENSSL_LIBS], [linker flags for openssl library])
+  have_libcryto="no"
+  AC_CHECK_HEADERS([openssl/md5.h], [
+    dpkg_save_libcrypto_LIBS=$LIBS
+    AC_SEARCH_LIBS([MD5_Init], [crypto])
+    LIBS=$dpkg_save_libcrypto_LIBS
+    AS_IF([test "x$ac_cv_search_MD5_Init" != "xno"], [
+      have_libcrypto="yes"
+      OPENSSL_LIBS="$ac_cv_search_MD5_Init"
+    ])
+  ])
+])# DPKG_LIB_OPENSSL
+
+
 # DPKG_WITH_COMPRESS_LIB(NAME, HEADER, FUNC)
 # -------------------------------------------------
 # Check for availability of a compression library.
-- 
2.41.0

Reply to:

Follow-Ups:
- Re: Add openssl for hashing, as an option
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Prevent dpkg-buildflags from overwriting any (or at least some) flags during compilation
Next by Date: Re: Add openssl for hashing, as an option
Previous by thread: Re: Prevent dpkg-buildflags from overwriting any (or at least some) flags during compilation
Next by thread: Re: Add openssl for hashing, as an option
Index(es):
- Date
- Thread