diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-12-12 14:34:00 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2018-12-29 10:40:16 +0000 |
commit | ac58eafa3223ef40b9b60765b0b3d118f338fffc (patch) | |
tree | 8403b9749b31cd0f3a1baab3f5dac1072980f1ae /CMakeLists.txt | |
parent | 53d8e6dcf8c639a13f8c52a11df829b854c1b9ac (diff) |
Add support for RSA decryption using PKCS #11 tokens
Add support for loading RSA private key files from PKCS #11 tokens,
identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can
dynamically load PKCS #11 provider libraries that are not found by
p11-kit.
The configuration GUI will need additional code to discover available
PKCS #11 tokens and will be added later.
This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows,
macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7.
Currently macOS via official packages disables PKCS #11 support, so that
will also not work.
Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66
Reviewed-on: https://code.wireshark.org/review/30855
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r-- | CMakeLists.txt | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index a228d3bbcf..e175bc6177 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -990,7 +990,7 @@ if(ENABLE_SMI) set(PACKAGELIST ${PACKAGELIST} SMI) endif() -# GNU SSL/TLS support +# Support for TLS decryption using RSA private keys. if(ENABLE_GNUTLS) set(PACKAGELIST ${PACKAGELIST} GNUTLS) # Minimum version needed. @@ -1167,6 +1167,22 @@ if(HAVE_LIBLUA) set(HAVE_LUA_H 1) set(HAVE_LUA 1) endif() +if(GNUTLS_FOUND AND NOT GNUTLS_VERSION VERSION_LESS "3.4.0") + # While all Linux and Windows builds have PKCS #11 support enabled, + # macos-setup.sh explicitly disables it using --without-p11-kit. + # + # Require at least GnuTLS 3.4.0 such that public keys can be calculated + # from PKCS #11 private keys. + include(CheckSymbolExists) + cmake_push_check_state() + if(WIN32) + set(CMAKE_REQUIRED_DEFINITIONS -Dssize_t=int) + endif() + set(CMAKE_REQUIRED_INCLUDES ${GNUTLS_INCLUDE_DIRS}) + set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES}) + check_symbol_exists(gnutls_pkcs11_obj_list_import_url4 gnutls/pkcs11.h HAVE_GNUTLS_PKCS11) + cmake_pop_check_state() +endif() if(HAVE_LIBKERBEROS) set(HAVE_KERBEROS 1) endif() |