Linux: allow using GnuTLS instead of OpenSSL for computing SHA256 hashes

Prevents issues with often changing OpenSSL ABI.

Ref #429

debian/control

@@ -2,8 +2,8 @@ Source: rpi-imager
 Section: admin
 Priority: optional
 Maintainer: Floris Bos <bos@je-eigen-domein.nl>
-Build-Depends: debhelper (>= 10), cmake, libarchive-dev, libcurl4-openssl-dev | libcurl4-gnutls-dev,  
+Build-Depends: debhelper (>= 10), cmake, libarchive-dev, libcurl4-gnutls-dev | libcurl4-openssl-dev,
- qtbase5-dev, qtbase5-dev-tools, qtdeclarative5-dev, libqt5svg5-dev, qttools5-dev, libssl-dev,
+ qtbase5-dev, qtbase5-dev-tools, qtdeclarative5-dev, libqt5svg5-dev, qttools5-dev, libgnutls28-dev,
  qml-module-qtquick2, qml-module-qtquick-controls2, qml-module-qtquick-layouts, qml-module-qtquick-templates2, qml-module-qtquick-window2, qml-module-qtgraphicaleffects
 Standards-Version: 4.1.2
 Homepage: https://www.raspberrypi.org/

src/CMakeLists.txt

@@ -32,7 +32,7 @@ if (APPLE)
         dependencies/drivelist/src/darwin/list.mm dependencies/drivelist/src/darwin/REDiskList.m icons/rpi-imager.icns)
     enable_language(OBJC C)
 elseif (UNIX)
-    set(DEPENDENCIES acceleratedcryptographichash.cpp dependencies/mountutils/src/linux/functions.cpp linux/linuxdrivelist.cpp)
+    set(DEPENDENCIES dependencies/mountutils/src/linux/functions.cpp linux/linuxdrivelist.cpp)
     find_package(Qt5DBus)
     if(Qt5DBus_FOUND)
         set(DEPENDENCIES ${DEPENDENCIES} linux/udisks2api.cpp linux/udisks2api.h)
@@ -49,6 +49,15 @@ elseif (UNIX)
     if(LIBLZMA_FOUND)
         set(EXTRALIBS ${EXTRALIBS} LibLZMA::LibLZMA)
     endif()
+    find_package(GnuTLS)
+    if (GnuTLS_FOUND)
+        set(DEPENDENCIES ${DEPENDENCIES} acceleratedcryptographichash_gnutls.cpp)
+        set(EXTRALIBS ${EXTRALIBS} GnuTLS::GnuTLS)
+        add_definitions(-DHAVE_GNUTLS)
+    else()
+        find_package(OpenSSL REQUIRED)
+        set(DEPENDENCIES ${DEPENDENCIES} acceleratedcryptographichash.cpp)
+    endif()
 elseif (WIN32)
     set(DEPENDENCIES acceleratedcryptographichash.cpp dependencies/mountutils/src/windows/functions.cpp dependencies/drivelist/src/windows/list.cpp
         windows/winfile.cpp windows/winfile.h
@@ -272,7 +281,7 @@ elseif(APPLE)
 else()
     find_package(CURL 7.32.0 REQUIRED)
     find_package(LibArchive 3.2.0 REQUIRED)
-    find_package(OpenSSL REQUIRED)
+
     if (NOT CMAKE_CROSSCOMPILING)
         find_program(LSBLK "lsblk")
         if (NOT LSBLK)

src/acceleratedcryptographichash.h

@@ -16,8 +16,12 @@
 #define SHA256_Update CC_SHA256_Update
 #define SHA256_Final  CC_SHA256_Final
 #else
+#ifdef HAVE_GNUTLS
+#include "gnutls/crypto.h"
+#else
 #include "openssl/sha.h"
 #endif
+#endif
 
 class AcceleratedCryptographicHash
 {
@@ -29,7 +33,11 @@ public:
     QByteArray result();
 
 protected:
+#ifdef HAVE_GNUTLS
+    gnutls_hash_hd_t _sha256;
+#else
     SHA256_CTX _sha256;
+#endif
 };
 
 #endif // ACCELERATEDCRYPTOGRAPHICHASH_H

src/acceleratedcryptographichash_gnutls.cpp

@@ -0,0 +1,39 @@
+/*
+ * Use GnuTLS for hashing as their code is more optimized than Qt's
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (C) 2022 Raspberry Pi Ltd
+ */
+
+#include "acceleratedcryptographichash.h"
+
+AcceleratedCryptographicHash::AcceleratedCryptographicHash(QCryptographicHash::Algorithm method)
+{
+    if (method != QCryptographicHash::Sha256)
+        throw std::runtime_error("Only sha256 implemented");
+
+    gnutls_hash_init(&_sha256, GNUTLS_DIG_SHA256);
+
+}
+
+AcceleratedCryptographicHash::~AcceleratedCryptographicHash()
+{
+    gnutls_hash_deinit(_sha256, NULL);
+}
+
+void AcceleratedCryptographicHash::addData(const char *data, int length)
+{
+    gnutls_hash(_sha256, data, length);
+}
+
+void AcceleratedCryptographicHash::addData(const QByteArray &data)
+{
+    addData(data.constData(), data.size());
+}
+
+QByteArray AcceleratedCryptographicHash::result()
+{
+    unsigned char binhash[gnutls_hash_get_len(GNUTLS_DIG_SHA256)];
+    gnutls_hash_output(_sha256, binhash);
+    return QByteArray((char *) binhash, sizeof binhash);
+}

src/imagewriter.cpp

@@ -31,12 +31,12 @@
 #include <QDateTime>
 #include <QDebug>
 #include <QVersionNumber>
+#include <QtNetwork>
 #ifndef QT_NO_WIDGETS
 #include <QFileDialog>
 #include <QApplication>
 #endif
 #ifdef Q_OS_DARWIN
-#include <QtNetwork>
 #include <QMessageBox>
 #include <security/security.h>
 #else
@@ -1049,18 +1049,7 @@ QString ImageWriter::crypt(const QByteArray &password)
 
 QString ImageWriter::pbkdf2(const QByteArray &psk, const QByteArray &ssid)
 {
-    /* Qt has support for calculating Pbkdf2 starting from Qt 5.12 but
-     * older Linux distributions may not have that.
-     * We can use OpenSSL instead on platforms that have that.
-     * But Mac OS X lacks that, so do use Qt there */
-
-#ifdef Q_OS_DARWIN
     return QPasswordDigestor::deriveKeyPbkdf2(QCryptographicHash::Sha1, psk, ssid, 4096, 32).toHex();
-#else
-    QByteArray digest(32, 0);
-    PKCS5_PBKDF2_HMAC_SHA1(psk.constData(), psk.length(), (const unsigned char*) ssid.constData(), ssid.length(), 4096, digest.length(), (unsigned char *) digest.data());
-    return digest.toHex();
-#endif
 }
 
 void ImageWriter::setSavedCustomizationSettings(const QVariantMap &map)