From patchwork Mon Nov 9 10:51:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kieran Bingham X-Patchwork-Id: 10396 X-Patchwork-Delegate: kieran.bingham@ideasonboard.com Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id 95B17BE082 for ; Mon, 9 Nov 2020 10:52:11 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id 207026306B; Mon, 9 Nov 2020 11:52:11 +0100 (CET) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ideasonboard.com header.i=@ideasonboard.com header.b="Myzs/HdZ"; dkim-atps=neutral Received: from perceval.ideasonboard.com (perceval.ideasonboard.com [IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 2BB8B62D19 for ; Mon, 9 Nov 2020 11:52:09 +0100 (CET) Received: from localhost.localdomain (cpc89244-aztw30-2-0-cust3082.18-1.cable.virginm.net [86.31.172.11]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 95BADB2B; Mon, 9 Nov 2020 11:52:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1604919128; bh=pnAxxw7xsBNCNe7USE4hPMCB6X365rj9W44dAxW+TlE=; h=From:To:Cc:Subject:Date:From; b=Myzs/HdZrC7HK/dHDtdxvXrWXjJEatGeQkTi0xjOfcSV10NmkL21f9MhGcghX83nA h0Dpa8rem11XFR8lYJf9KGuyI+IupVLWYmmxFJcv5PgtG2d7fYI5dpXpFhj0Fdc0HS xIKCOd+hgoHsRAiq7bG6TK7w+rvUcWmqrlJ+tWwo= From: Kieran Bingham To: libcamera devel Date: Mon, 9 Nov 2020 10:51:59 +0000 Message-Id: <20201109105159.981412-1-kieran.bingham@ideasonboard.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [libcamera-devel] [PATCH] libcamera: pub_key: Support GNUTLS < v3 X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matti Lehtimaki , Simon Schmeisser Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" It has been reported that SailfishOS is packaged with an older GnuTLS library. Supporting GnuTLS < 3 appears to be trivial, but comes at the cost of using a #define to switch. Use a #define block to support older GnuTLS installations. Reported-by: Simon Schmeisser Suggested-by: Matti Lehtimaki Signed-off-by: Kieran Bingham --- src/libcamera/pub_key.cpp | 7 +++++++ 1 file changed, 7 insertions(+) This was reported at [0], with a fix proposed at [1] [0] https://github.com/sailfish-on-dontbeevil/droid-config-pinephone/issues/55 [1] https://git.sailfishos.org/mal/libcamera/blob/master/rpm/gnutls2.patch Alternatively we could just /require/ GnuTLS >= 3... but this seems fairly cheap. This patch is a simplified version of [1] (No need to check if we're __cplusplus, in a cpp file, but I haven't seen that this is needed either). I'd like to see Tested-by: tags on this before integration, as I have no way to verify it. -- Kieran diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp index 9bb08fda34af..857c395373ea 100644 --- a/src/libcamera/pub_key.cpp +++ b/src/libcamera/pub_key.cpp @@ -8,7 +8,9 @@ #include "libcamera/internal/pub_key.h" #if HAVE_GNUTLS +extern "C" { #include +} #endif /** @@ -87,8 +89,13 @@ bool PubKey::verify([[maybe_unused]] Span data, static_cast(sig.size()) }; +#if GNUTLS_VERSION_MAJOR >= 3 int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0, &gnuTlsData, &gnuTlsSig); +#else + int ret = gnutls_pubkey_verify_data(pubkey_, 0, &gnuTlsData, &gnuTlsSig); +#endif + return ret >= 0; #else return false;