Re: [PATCH v3 0/4] Use AF_ALG in checksum utilities

[Bruno Haible]

This patch adds the configure option.

Assaf suggested to let it turned off by default, but I prefer to turn it on
by default because
  * All known past bugs of this API are with empty inputs, and the gnulib
    code is careful to avoid this scenario.
  * The crypto code is in the kernel for quite a long time already, thus
    the likelihood of new kernel bugs is small.
  * The feature does not require linking with additional libraries.
  * It shouldn't be the business of consumers of these modules (e.g. GNU clisp)
    to think about whether it's safe to enable its use. The module itself
    (i.e. we as gnulib maintainers) should make the best choice.
  * At the end of the day, new features are there to be used, not to be ignored.


2018-05-06  Bruno Haible  <address@hidden>

        af_alg: Add configure option to enable/disable use of Linux crypto API.
        Suggested by Assaf Gordon <address@hidden>.
        * m4/af_alg.m4 (gl_AF_ALG): Add AC_ARG_WITH invocation. Define C macro
        USE_LINUX_CRYPTO_API.
        * lib/af_alg.h: Test USE_LINUX_CRYPTO_API, not HAVE_LINUX_IF_ALG_H.
        * lib/af_alg.c: Likewise.

diff --git a/lib/af_alg.c b/lib/af_alg.c
index 3b35e01..97bdff5 100644
--- a/lib/af_alg.c
+++ b/lib/af_alg.c
@@ -19,7 +19,7 @@
 
 #include <config.h>
 
-#if HAVE_LINUX_IF_ALG_H
+#if USE_LINUX_CRYPTO_API
 
 #include "af_alg.h"
 
diff --git a/lib/af_alg.h b/lib/af_alg.h
index 2545ec6..a15a956 100644
--- a/lib/af_alg.h
+++ b/lib/af_alg.h
@@ -35,7 +35,7 @@
 extern "C" {
 # endif
 
-# if HAVE_LINUX_IF_ALG_H
+# if USE_LINUX_CRYPTO_API
 
 /* Compute a message digest of the contents of a file.
    STREAM is an open file stream.  Regular files are handled more efficiently.
diff --git a/m4/af_alg.m4 b/m4/af_alg.m4
index 1c57e2c..f7176f3 100644
--- a/m4/af_alg.m4
+++ b/m4/af_alg.m4
@@ -1,6 +1,4 @@
-# af_alg.m4 serial 1
-dnl Check whether linux/if_alg.h has needed features.
-
+# af_alg.m4 serial 2
 dnl Copyright 2018 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
@@ -11,6 +9,8 @@ dnl From Matteo Croce.
 AC_DEFUN_ONCE([gl_AF_ALG],
 [
   AC_REQUIRE([gl_HEADER_SYS_SOCKET])
+
+  dnl Check whether linux/if_alg.h has needed features.
   AC_CACHE_CHECK([whether linux/if_alg.h has struct sockaddr_alg.],
     [gl_cv_header_linux_if_alg_salg],
     [AC_COMPILE_IFELSE(
@@ -27,4 +27,25 @@ AC_DEFUN_ONCE([gl_AF_ALG],
     AC_DEFINE([HAVE_LINUX_IF_ALG_H], [1],
       [Define to 1 if you have 'struct sockaddr_alg' defined.])
   fi
+
+  dnl The default is to use AF_ALG if available.
+  use_af_alg=yes
+  AC_ARG_WITH([linux-crypto],
+    [AS_HELP_STRING([[--without-linux-crypto]],
+       [Do not use Linux kernel cryptographic API (default is to use it if 
available)])
+    ],
+    [use_af_alg=$withval],
+    [use_af_alg=yes])
+  dnl We cannot use it if it is not available.
+  if test "$gl_cv_header_linux_if_alg_salg" != yes; then
+    use_af_alg=no
+  fi
+
+  if test "$use_af_alg" != no; then
+    USE_AF_ALG=1
+  else
+    USE_AF_ALG=0
+  fi
+  AC_DEFINE_UNQUOTED([USE_LINUX_CRYPTO_API], [$USE_AF_ALG],
+    [Define to 1 if you want to use the Linux kernel cryptographic API.])
 ])