aboutsummaryrefslogtreecommitdiffstats
path: root/CMakeLists.txt
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2018-12-12 14:34:00 +0100
committerPeter Wu <peter@lekensteyn.nl>2018-12-29 10:40:16 +0000
commitac58eafa3223ef40b9b60765b0b3d118f338fffc (patch)
tree8403b9749b31cd0f3a1baab3f5dac1072980f1ae /CMakeLists.txt
parent53d8e6dcf8c639a13f8c52a11df829b854c1b9ac (diff)
Add support for RSA decryption using PKCS #11 tokens
Add support for loading RSA private key files from PKCS #11 tokens, identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can dynamically load PKCS #11 provider libraries that are not found by p11-kit. The configuration GUI will need additional code to discover available PKCS #11 tokens and will be added later. This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows, macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7. Currently macOS via official packages disables PKCS #11 support, so that will also not work. Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66 Reviewed-on: https://code.wireshark.org/review/30855 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r--CMakeLists.txt18
1 files changed, 17 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a228d3bbcf..e175bc6177 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -990,7 +990,7 @@ if(ENABLE_SMI)
set(PACKAGELIST ${PACKAGELIST} SMI)
endif()
-# GNU SSL/TLS support
+# Support for TLS decryption using RSA private keys.
if(ENABLE_GNUTLS)
set(PACKAGELIST ${PACKAGELIST} GNUTLS)
# Minimum version needed.
@@ -1167,6 +1167,22 @@ if(HAVE_LIBLUA)
set(HAVE_LUA_H 1)
set(HAVE_LUA 1)
endif()
+if(GNUTLS_FOUND AND NOT GNUTLS_VERSION VERSION_LESS "3.4.0")
+ # While all Linux and Windows builds have PKCS #11 support enabled,
+ # macos-setup.sh explicitly disables it using --without-p11-kit.
+ #
+ # Require at least GnuTLS 3.4.0 such that public keys can be calculated
+ # from PKCS #11 private keys.
+ include(CheckSymbolExists)
+ cmake_push_check_state()
+ if(WIN32)
+ set(CMAKE_REQUIRED_DEFINITIONS -Dssize_t=int)
+ endif()
+ set(CMAKE_REQUIRED_INCLUDES ${GNUTLS_INCLUDE_DIRS})
+ set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES})
+ check_symbol_exists(gnutls_pkcs11_obj_list_import_url4 gnutls/pkcs11.h HAVE_GNUTLS_PKCS11)
+ cmake_pop_check_state()
+endif()
if(HAVE_LIBKERBEROS)
set(HAVE_KERBEROS 1)
endif()
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 04:31:40 +0000