mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

meson: make the CSPRNG backend configurable

Browse Source 
The CSPRNG backend is not configurable in Meson and isn't quite
discoverable, either. Make it configurable and add the actual backend
used to the summary.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Patrick Steinhardt
2025-01-22 13:05:51 +01:00
committed by Junio C Hamano
parent 28911f7dca
commit ef8c3a1b8a
2 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
meson.build
View File

@ -1332,6 +1332,7 @@ if not meson.is_cross_build() and fs.exists('/dev/tty')
libgit_c_args += '-DHAVE_DEV_TTY'
endif
csprng_backend = get_option('csprng_backend')
https_backend = get_option('https_backend')
sha1_backend = get_option('sha1_backend')
sha1_unsafe_backend = get_option('sha1_unsafe_backend')
@ -1343,7 +1344,7 @@ if https_backend == 'auto' and security_framework.found()
https_backend = 'CommonCrypto'
endif
openssl_required = 'openssl' in [https_backend, sha1_backend, sha1_unsafe_backend, sha256_backend]
openssl_required = 'openssl' in [csprng_backend, https_backend, sha1_backend, sha1_unsafe_backend, sha256_backend]
openssl = dependency('openssl', required: openssl_required, default_options: ['default_library=static'])
if https_backend == 'auto' and openssl.found()
https_backend = 'openssl'
@ -1428,18 +1429,30 @@ else
error('Unhandled SHA256 backend ' + sha256_backend)
endif
if compiler.has_header_symbol('stdlib.h', 'arc4random_buf')
# Backends are ordered to reflect our preference for more secure and faster
# ones over the ones that are less so.
if csprng_backend in ['auto', 'arc4random'] and compiler.has_header_symbol('stdlib.h', 'arc4random_buf', required: csprng_backend == 'arc4random')
libgit_c_args += '-DHAVE_ARC4RANDOM'
elif compiler.has_header_symbol('bsd/stdlib.h', 'arc4random_buf')
csprng_backend = 'arc4random'
elif csprng_backend in ['auto', 'arc4random_bsd'] and compiler.has_header_symbol('bsd/stdlib.h', 'arc4random_buf', required: csprng_backend == 'arc4random_bsd')
libgit_c_args += '-DHAVE_ARC4RANDOM_BSD'
elif compiler.has_function('getrandom', prefix: '#include <sys/random.h>')
csprng_backend = 'arc4random_bsd'
elif csprng_backend in ['auto', 'getrandom'] and compiler.has_header_symbol('sys/random.h', 'getrandom', required: csprng_backend == 'getrandom')
libgit_c_args += '-DHAVE_GETRANDOM'
elif compiler.has_function('getentropy', prefix: '#include <unistd.h>')
csprng_backend = 'getrandom'
elif csprng_backend in ['auto', 'getentropy'] and compiler.has_header_symbol('unistd.h', 'getentropy', required: csprng_backend == 'getentropy')
libgit_c_args += '-DHAVE_GETENTROPY'
elif compiler.has_function('RtlGenRandom', prefix: '#include <windows.h>\n#include <ntsecapi.h>')
csprng_backend = 'getentropy'
elif csprng_backend in ['auto', 'rtlgenrandom'] and compiler.has_header_symbol('ntsecapi.h', 'RtlGenRandom', prefix: '#include <windows.h>', required: csprng_backend == 'rtlgenrandom')
libgit_c_args += '-DHAVE_RTLGENRANDOM'
elif openssl.found()
csprng_backend = 'rtlgenrandom'
elif csprng_backend in ['auto', 'openssl'] and openssl.found()
libgit_c_args += '-DHAVE_OPENSSL_CSPRNG'
csprng_backend = 'openssl'
elif csprng_backend in ['auto', 'urandom']
csprng_backend = 'urandom'
else
error('Unsupported CSPRNG backend: ' + csprng_backend)
endif
if get_option('runtime_prefix')
@ -1977,6 +1990,7 @@ summary({
}, section: 'Auto-detected features')
summary({
'csprng': csprng_backend,
'https': https_backend,
'sha1': sha1_backend,
'sha1_unsafe': sha1_unsafe_backend,

2
meson_options.txt
View File

@ -47,6 +47,8 @@ option('regex', type: 'feature', value: 'auto',
description: 'Use the system-provided regex library instead of the bundled one.')
# Backends.
option('csprng_backend', type: 'combo', value: 'auto', choices: ['auto', 'arc4random', 'arc4random_bsd', 'getrandom', 'getentropy', 'rtlgenrandom', 'openssl', 'urandom'],
description: 'The backend to use for generating cryptographically-secure pseudo-random numbers.')
option('https_backend', type: 'combo', value: 'auto', choices: ['auto', 'openssl', 'CommonCrypto', 'none'],
description: 'The HTTPS backend to use when connecting to remotes.')
option('sha1_backend', type: 'combo', choices: ['openssl', 'block', 'sha1dc', 'CommonCrypto'], value: 'sha1dc',