mirror of
https://github.com/morgan9e/systemd
synced 2026-04-15 08:56:15 +09:00
cd7c207795
Use 'recommended' priority for the default compression library, to indicate that it should be prioritized over the other ones, as it will be used to compress journals/core files. Also use 'recommended' for kmod, as systems will likely fail to boot if it's missing from the initrd. Use 'suggested' for everything else. There is one dlopen'ed TPM library that has the name generated at runtime (depending on the driver), so that cannot be added, as it needs to be known at build time. Also when we support multiple ABI versions list them all, as for the same reason we cannot know which one will be used at build time. $ dlopen-notes.py build/libsystemd.so.0.39.0 build/src/shared/libsystemd-shared-256.so libarchive.so.13 suggested libbpf.so.0 suggested libbpf.so.1 suggested libcryptsetup.so.12 suggested libdw.so.1 suggested libelf.so.1 suggested libfido2.so.1 suggested libgcrypt.so.20 suggested libidn2.so.0 suggested libip4tc.so.2 suggested libkmod.so.2 recommended liblz4.so.1 suggested liblzma.so.5 suggested libp11-kit.so.0 suggested libpcre2-8.so.0 suggested libpwquality.so.1 suggested libqrencode.so.3 suggested libqrencode.so.4 suggested libtss2-esys.so.0 suggested libtss2-mu.so.0 suggested libtss2-rc.so.0 suggested libzstd.so.1 recommended Co-authored-by: Luca Boccassi <bluca@debian.org>
144 lines
4.6 KiB
C
144 lines
4.6 KiB
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
|
|
#if HAVE_GCRYPT
|
|
|
|
#include "gcrypt-util.h"
|
|
#include "hexdecoct.h"
|
|
|
|
static void *gcrypt_dl = NULL;
|
|
|
|
static DLSYM_FUNCTION(gcry_control);
|
|
static DLSYM_FUNCTION(gcry_check_version);
|
|
DLSYM_FUNCTION(gcry_md_close);
|
|
DLSYM_FUNCTION(gcry_md_copy);
|
|
DLSYM_FUNCTION(gcry_md_ctl);
|
|
DLSYM_FUNCTION(gcry_md_get_algo_dlen);
|
|
DLSYM_FUNCTION(gcry_md_open);
|
|
DLSYM_FUNCTION(gcry_md_read);
|
|
DLSYM_FUNCTION(gcry_md_reset);
|
|
DLSYM_FUNCTION(gcry_md_setkey);
|
|
DLSYM_FUNCTION(gcry_md_write);
|
|
DLSYM_FUNCTION(gcry_mpi_add);
|
|
DLSYM_FUNCTION(gcry_mpi_add_ui);
|
|
DLSYM_FUNCTION(gcry_mpi_cmp);
|
|
DLSYM_FUNCTION(gcry_mpi_cmp_ui);
|
|
DLSYM_FUNCTION(gcry_mpi_get_nbits);
|
|
DLSYM_FUNCTION(gcry_mpi_invm);
|
|
DLSYM_FUNCTION(gcry_mpi_mod);
|
|
DLSYM_FUNCTION(gcry_mpi_mul);
|
|
DLSYM_FUNCTION(gcry_mpi_mulm);
|
|
DLSYM_FUNCTION(gcry_mpi_new);
|
|
DLSYM_FUNCTION(gcry_mpi_powm);
|
|
DLSYM_FUNCTION(gcry_mpi_print);
|
|
DLSYM_FUNCTION(gcry_mpi_release);
|
|
DLSYM_FUNCTION(gcry_mpi_scan);
|
|
DLSYM_FUNCTION(gcry_mpi_set_ui);
|
|
DLSYM_FUNCTION(gcry_mpi_sub);
|
|
DLSYM_FUNCTION(gcry_mpi_subm);
|
|
DLSYM_FUNCTION(gcry_mpi_sub_ui);
|
|
DLSYM_FUNCTION(gcry_prime_check);
|
|
DLSYM_FUNCTION(gcry_randomize);
|
|
DLSYM_FUNCTION(gcry_strerror);
|
|
|
|
static int dlopen_gcrypt(void) {
|
|
ELF_NOTE_DLOPEN("gcrypt",
|
|
"Support for journald forward-sealing",
|
|
ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED,
|
|
"libgcrypt.so.20");
|
|
|
|
return dlopen_many_sym_or_warn(
|
|
&gcrypt_dl,
|
|
"libgcrypt.so.20", LOG_DEBUG,
|
|
DLSYM_ARG(gcry_control),
|
|
DLSYM_ARG(gcry_check_version),
|
|
DLSYM_ARG(gcry_md_close),
|
|
DLSYM_ARG(gcry_md_copy),
|
|
DLSYM_ARG(gcry_md_ctl),
|
|
DLSYM_ARG(gcry_md_get_algo_dlen),
|
|
DLSYM_ARG(gcry_md_open),
|
|
DLSYM_ARG(gcry_md_read),
|
|
DLSYM_ARG(gcry_md_reset),
|
|
DLSYM_ARG(gcry_md_setkey),
|
|
DLSYM_ARG(gcry_md_write),
|
|
DLSYM_ARG(gcry_mpi_add),
|
|
DLSYM_ARG(gcry_mpi_add_ui),
|
|
DLSYM_ARG(gcry_mpi_cmp),
|
|
DLSYM_ARG(gcry_mpi_cmp_ui),
|
|
DLSYM_ARG(gcry_mpi_get_nbits),
|
|
DLSYM_ARG(gcry_mpi_invm),
|
|
DLSYM_ARG(gcry_mpi_mod),
|
|
DLSYM_ARG(gcry_mpi_mul),
|
|
DLSYM_ARG(gcry_mpi_mulm),
|
|
DLSYM_ARG(gcry_mpi_new),
|
|
DLSYM_ARG(gcry_mpi_powm),
|
|
DLSYM_ARG(gcry_mpi_print),
|
|
DLSYM_ARG(gcry_mpi_release),
|
|
DLSYM_ARG(gcry_mpi_scan),
|
|
DLSYM_ARG(gcry_mpi_set_ui),
|
|
DLSYM_ARG(gcry_mpi_sub),
|
|
DLSYM_ARG(gcry_mpi_subm),
|
|
DLSYM_ARG(gcry_mpi_sub_ui),
|
|
DLSYM_ARG(gcry_prime_check),
|
|
DLSYM_ARG(gcry_randomize),
|
|
DLSYM_ARG(gcry_strerror));
|
|
}
|
|
|
|
int initialize_libgcrypt(bool secmem) {
|
|
int r;
|
|
|
|
r = dlopen_gcrypt();
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (sym_gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
|
|
return 0;
|
|
|
|
sym_gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
|
|
assert_se(sym_gcry_check_version("1.4.5"));
|
|
|
|
/* Turn off "secmem". Clients which wish to make use of this
|
|
* feature should initialize the library manually */
|
|
if (!secmem)
|
|
sym_gcry_control(GCRYCTL_DISABLE_SECMEM);
|
|
|
|
sym_gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
|
|
return 0;
|
|
}
|
|
|
|
# if !PREFER_OPENSSL
|
|
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
|
|
_cleanup_(sym_gcry_md_closep) gcry_md_hd_t md = NULL;
|
|
gcry_error_t err;
|
|
size_t hash_size;
|
|
void *hash;
|
|
char *enc;
|
|
int r;
|
|
|
|
r = initialize_libgcrypt(false);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
hash_size = sym_gcry_md_get_algo_dlen(md_algorithm);
|
|
assert(hash_size > 0);
|
|
|
|
err = sym_gcry_md_open(&md, md_algorithm, 0);
|
|
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
|
|
return -EIO;
|
|
|
|
sym_gcry_md_write(md, s, len);
|
|
|
|
hash = sym_gcry_md_read(md, 0);
|
|
if (!hash)
|
|
return -EIO;
|
|
|
|
enc = hexmem(hash, hash_size);
|
|
if (!enc)
|
|
return -ENOMEM;
|
|
|
|
*out = enc;
|
|
return 0;
|
|
}
|
|
# endif
|
|
#endif
|