build: merge branch 'th/contrib-rpm-use-gnutls'

https://bugzilla.redhat.com/show_bug.cgi?id=1581693

configure.ac

@@ -668,12 +668,9 @@ AC_SUBST(NM_MODIFY_SYSTEM_POLICY)
 AC_ARG_WITH(crypto,
             AS_HELP_STRING([--with-crypto=nss|gnutls],
                            [Cryptography library to use for certificate and key operations]),
-            ac_crypto=$withval,
-            ac_crypto=nss)
-
-with_nss=no
-with_gnutls=no
-if test x"$ac_crypto" = xnss; then
+            with_crypto=$withval,
+            with_crypto=nss)
+if test "$with_crypto" = 'nss'; then
 	PKG_CHECK_MODULES(NSS, [nss])
 
 	# Work around a pkg-config bug (fdo #29801) where exists != usable
@@ -681,23 +678,13 @@ if test x"$ac_crypto" = xnss; then
 	if test x"$?" != "x0"; then
 		AC_MSG_ERROR([No usable NSS found])
 	fi
-
-	AC_DEFINE(HAVE_NSS, 1, [Define if you have NSS])
-	with_nss=yes
-elif test x"$ac_crypto" = xgnutls; then
+elif test "$with_crypto" = 'gnutls'; then
 	PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.12])
-	AC_DEFINE(HAVE_GNUTLS, 1, [Define if you have libgnutls])
-	with_gnutls=yes
 else
 	AC_MSG_ERROR([Please choose either 'nss' or 'gnutls' for certificate and crypto operations])
 fi
-AM_CONDITIONAL(WITH_NSS, test x"$with_nss" != xno)
-AM_CONDITIONAL(WITH_GNUTLS, test x"$with_gnutls" != xno)
-
-# Shouldn't ever trigger this, but just in case...
-if test x"$ac_nss" = xno -a x"$ac_gnutls" = xno; then
-	AC_MSG_ERROR([Could not find required development headers and libraries for '$ac_crypto'])
-fi
+AM_CONDITIONAL(WITH_NSS, test "$with_crypto" = 'nss')
+AM_CONDITIONAL(WITH_GNUTLS, test "$with_crypto" = 'gnutls')
 
 GLIB_MAKEFILE='$(top_srcdir)/Makefile.glib'
 AC_SUBST(GLIB_MAKEFILE)
@@ -1393,6 +1380,7 @@ echo "  code coverage: $enable_code_coverage"
 echo "  LTO: $enable_lto"
 echo "  linker garbage collection: $enable_ld_gc"
 echo "  JSON validation for libnm: $enable_json_validation"
+echo "  crypto: $with_crypto"
 echo "  sanitizers: $sanitizers"
 echo "  Mozilla Public Suffix List: $with_libpsl"
 echo

contrib/fedora/REQUIRED_PACKAGES

@@ -23,6 +23,7 @@ yum install \
     dhclient \
     gettext-devel \
     git \
+    gnutls-devel \
     gobject-introspection-devel \
     gtk-doc \
     intltool \

contrib/fedora/rpm/NetworkManager.spec

@@ -74,6 +74,11 @@
 %else
 %bcond_with connectivity_fedora
 %endif
+%if 0%{?fedora} > 28 || 0%{?rhel} > 7
+%bcond_without crypto_gnutls
+%else
+%bcond_with crypto_gnutls
+%endif
 
 ###############################################################################
 
@@ -141,7 +146,11 @@ BuildRequires: automake autoconf intltool libtool
 %if %{with ppp}
 BuildRequires: ppp-devel >= 2.4.5
 %endif
+%if %{with crypto_gnutls}
+BuildRequires: gnutls-devel >= 2.12
+%else
 BuildRequires: nss-devel >= 3.11.7
+%endif
 BuildRequires: dhclient
 BuildRequires: readline-devel
 BuildRequires: audit-libs-devel
@@ -419,7 +428,11 @@ intltoolize --automake --copy --force
 	--with-dhcpcd=no \
 	--with-dhcpcanon=no \
 	--with-config-dhcp-default=dhclient \
+%if %{with crypto_gnutls}
+	--with-crypto=gnutls \
+%else
 	--with-crypto=nss \
+%endif
 %if %{with sanitizer}
 	--with-address-sanitizer=exec \
 %if 0%{?fedora}

libnm-util/crypto_gnutls.c

@@ -242,15 +242,12 @@ crypto_encrypt (const char *cipher,
 	gsize padded_buf_len, pad_len, output_len;
 	char *padded_buf = NULL;
 	guint32 i;
-	gsize salt_len;
 
-	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
+	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
 		cipher_mech = GNUTLS_CIPHER_3DES_CBC;
-		salt_len = SALT_LEN;
-	} else if (!strcmp (cipher, CIPHER_AES_CBC)) {
+	else if (!strcmp (cipher, CIPHER_AES_CBC))
 		cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
-		salt_len = iv_len;
-	} else {
+	else {
 		g_set_error (error, NM_CRYPTO_ERROR,
 		             NM_CRYPTO_ERR_UNKNOWN_CIPHER,
 		             _("Private key cipher '%s' was unknown."),