lib: Add a lighter weight internal checksum wrapper

The faster (OpenSSL/GnuTLS) code lived in a `GInputStream` wrapper, and that
adds a lot of weight (GObject + vtable calls). Move it into a simple
autoptr-struct wrapper, and use it in the metadata path, so we're
now using the faster checksums there too.

This also drops a malloc there as the new API does hexdigest in place to a
buffer.

Prep for more work in the commit path to avoid `GInputStream` for local file
commits, and ["adopting" files](ostreedev#1255).

src/libostree/ostree-repo-commit.c

@@ -811,14 +811,19 @@ write_metadata_object (OstreeRepo         *self,
    * *original* sha256 to say what commit was being killed.
    */
   const gboolean is_tombstone = (objtype == OSTREE_OBJECT_TYPE_TOMBSTONE_COMMIT);
-  g_autofree char *actual_checksum = NULL;
+  char actual_checksum[OSTREE_SHA256_STRING_LEN+1];
   if (is_tombstone)
     {
-      actual_checksum = g_strdup (expected_checksum);
+      strncpy (actual_checksum, expected_checksum, sizeof (actual_checksum));
     }
   else
     {
-      actual_checksum = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, buf);
+      OtChecksum checksum = {0,};
+      ot_checksum_init (&checksum);
+      gsize len;
+      const guint8*bufdata = g_bytes_get_data (buf, &len);
+      ot_checksum_update (&checksum, bufdata, len);
+      ot_checksum_get_hexdigest (&checksum, actual_checksum, sizeof(actual_checksum));
       gboolean have_obj;
       if (!_ostree_repo_has_loose_object (self, actual_checksum, objtype, &have_obj,
                                           cancellable, error))

src/libotutil/ot-checksum-instream.c

@@ -22,25 +22,10 @@
 #include "ot-checksum-instream.h"
 #include "ot-checksum-utils.h"
 
-#if defined(HAVE_OPENSSL)
-#include <openssl/evp.h>
-#elif defined(HAVE_GNUTLS)
-#include <gnutls/gnutls.h>
-#include <gnutls/crypto.h>
-#endif
-
 G_DEFINE_TYPE (OtChecksumInstream, ot_checksum_instream, G_TYPE_FILTER_INPUT_STREAM)
 
 struct _OtChecksumInstreamPrivate {
-#if defined(HAVE_OPENSSL)
-  EVP_MD_CTX *checksum;
-#elif defined(HAVE_GNUTLS)
-  gnutls_digest_algorithm_t checksum_type;
-  gnutls_hash_hd_t checksum;
-#else
-  GChecksumType checksum_type;
-  GChecksum *checksum;
-#endif
+  OtChecksum checksum;
 };
 
 static gssize   ot_checksum_instream_read         (GInputStream         *stream,
@@ -54,13 +39,7 @@ ot_checksum_instream_finalize (GObject *object)
 {
   OtChecksumInstream *self = (OtChecksumInstream*)object;
 
-#if defined(HAVE_OPENSSL)
-  EVP_MD_CTX_destroy (self->priv->checksum);
-#elif defined(HAVE_GNUTLS)
-  gnutls_hash_deinit (self->priv->checksum, NULL);
-#else
-  g_checksum_free (self->priv->checksum);
-#endif
+  ot_checksum_clear (&self->priv->checksum);
 
   G_OBJECT_CLASS (ot_checksum_instream_parent_class)->finalize (object);
 }
@@ -83,33 +62,6 @@ ot_checksum_instream_init (OtChecksumInstream *self)
   self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, OT_TYPE_CHECKSUM_INSTREAM, OtChecksumInstreamPrivate);
 }
 
-#if defined(HAVE_OPENSSL)
-static const EVP_MD *
-gchecksum_type_to_openssl (GChecksumType checksum_type)
-{
-  switch (checksum_type)
-    {
-    case G_CHECKSUM_SHA256:
-      return EVP_sha256 ();
-    default:
-      /* If there's something else, fill in here */
-      g_assert_not_reached ();
-    }
-}
-#elif defined(HAVE_GNUTLS)
-static gnutls_digest_algorithm_t
-gchecksum_type_to_gnutls (GChecksumType checksum_type)
-{
-  switch (checksum_type)
-    {
-    case G_CHECKSUM_SHA256:
-      return GNUTLS_DIG_SHA256;
-    default:
-      g_assert_not_reached ();
-    }
-}
-#endif
-
 OtChecksumInstream *
 ot_checksum_instream_new (GInputStream    *base,
                           GChecksumType    checksum_type)
@@ -124,18 +76,7 @@ ot_checksum_instream_new (GInputStream    *base,
 
   /* For now */
   g_assert (checksum_type == G_CHECKSUM_SHA256);
-
-#if defined(HAVE_OPENSSL)
-  stream->priv->checksum = EVP_MD_CTX_create ();
-  g_assert (stream->priv->checksum);
-  g_assert (EVP_DigestInit_ex (stream->priv->checksum, gchecksum_type_to_openssl (checksum_type), NULL));
-#elif defined(HAVE_GNUTLS)
-  stream->priv->checksum_type = gchecksum_type_to_gnutls (checksum_type);
-  g_assert (!gnutls_hash_init (&stream->priv->checksum, stream->priv->checksum_type));
-#else
-  stream->priv->checksum = g_checksum_new (checksum_type);
-  stream->priv->checksum_type = checksum_type;
-#endif
+  ot_checksum_init (&stream->priv->checksum);
 
   return (OtChecksumInstream*) (stream);
 }
@@ -157,78 +98,15 @@ ot_checksum_instream_read (GInputStream  *stream,
                              cancellable,
                              error);
   if (res > 0)
-    {
-#if defined(HAVE_OPENSSL)
-      g_assert (EVP_DigestUpdate (self->priv->checksum, buffer, res));
-#elif defined(HAVE_GNUTLS)
-      g_assert (!gnutls_hash (self->priv->checksum, buffer, res));
-#else
-      g_checksum_update (self->priv->checksum, buffer, res);
-#endif
-    }
+    ot_checksum_update (&self->priv->checksum, buffer, count);
 
   return res;
 }
 
-void
-ot_checksum_instream_get_digest (OtChecksumInstream *stream,
-                                 guint8          *buffer,
-                                 gsize           *digest_len)
-{
-#if defined(HAVE_OPENSSL)
-  unsigned len;
-  EVP_DigestFinal_ex (stream->priv->checksum, buffer, &len);
-  if (digest_len)
-    *digest_len = len;
-#elif defined(HAVE_GNUTLS)
-  gnutls_hash_output (stream->priv->checksum, buffer);
-  if (digest_len)
-    *digest_len = gnutls_hash_get_len (stream->priv->checksum_type);
-#else
-  g_checksum_get_digest (stream->priv->checksum, buffer, digest_len);
-#endif
-}
-
-guint8*
-ot_checksum_instream_dup_digest (OtChecksumInstream *stream,
-                                 gsize              *ret_len)
-{
-#if defined(HAVE_OPENSSL)
-  guint len;
-  guchar *ret = g_malloc0 (EVP_MAX_MD_SIZE);
-  g_assert (EVP_DigestFinal_ex (stream->priv->checksum, ret, &len));
-#elif defined(HAVE_GNUTLS)
-  guint len = gnutls_hash_get_len (stream->priv->checksum_type);
-  guchar *ret = g_malloc0 (len);
-  gnutls_hash_output (stream->priv->checksum, ret);
-#else
-  gsize len = g_checksum_type_get_length (stream->priv->checksum_type);
-  guchar *ret = g_malloc (len);
-  g_checksum_get_digest (stream->priv->checksum, ret, &len);
-#endif
-  if (ret_len)
-    *ret_len = len;
-  return ret;
-}
-
 char *
 ot_checksum_instream_get_string (OtChecksumInstream *stream)
 {
-#if defined(HAVE_OPENSSL)
-  unsigned len;
-  guint8 csum[EVP_MAX_MD_SIZE];
-  g_assert (EVP_DigestFinal_ex (stream->priv->checksum, csum, &len));
-  char *buf = g_malloc (len * 2 + 1);
-  ot_bin2hex (buf, (guint8*)csum, len);
-  return buf;
-#elif defined(HAVE_GNUTLS)
-  gsize len;
-  guint8 *csum = ot_checksum_instream_dup_digest(stream, &len);
-  char *buf = g_malloc0 (len * 2 + 1);
-  ot_bin2hex (buf, csum, len);
-  g_free (csum);
-  return buf;
-#else
-  return g_strdup (g_checksum_get_string (stream->priv->checksum));
-#endif
+  char buf[_OSTREE_SHA256_STRING_LEN+1];
+  ot_checksum_get_hexdigest (&stream->priv->checksum, buf, sizeof(buf));
+  return g_strndup (buf, sizeof(buf));
 }

src/libotutil/ot-checksum-instream.h

@@ -52,12 +52,6 @@ GType          ot_checksum_instream_get_type     (void) G_GNUC_CONST;
 
 OtChecksumInstream * ot_checksum_instream_new          (GInputStream   *stream, GChecksumType   checksum);
 
-void   ot_checksum_instream_get_digest (OtChecksumInstream *stream,
-                                        guint8          *buffer,
-                                        gsize           *digest_len);
-
-guint8* ot_checksum_instream_dup_digest (OtChecksumInstream *stream,
-                                         gsize              *ret_len);
 char * ot_checksum_instream_get_string (OtChecksumInstream *stream);
 
 G_END_DECLS

src/libotutil/ot-checksum-utils.c

@@ -22,10 +22,15 @@
 #include "config.h"
 
 #include "otutil.h"
+#if defined(HAVE_OPENSSL)
+#include <openssl/evp.h>
+#elif defined(HAVE_GNUTLS)
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#endif
 
 #include <string.h>
 
-
 void
 ot_bin2hex (char *out_buf, const guint8 *inbuf, gsize len)
 {
@@ -41,6 +46,93 @@ ot_bin2hex (char *out_buf, const guint8 *inbuf, gsize len)
   out_buf[j] = '\0';
 }
 
+/* I like to think of this as AbstractChecksumProxyFactoryBean. In homage to
+ * https://news.ycombinator.com/item?id=4549544
+ * aka http://static.springsource.org/spring/docs/2.5.x/api/org/springframework/aop/framework/AbstractSingletonProxyFactoryBean.html
+ */
+typedef struct {
+#if defined(HAVE_OPENSSL)
+  EVP_MD_CTX *checksum;
+#elif defined(HAVE_GNUTLS)
+  gnutls_hash_hd_t checksum;
+  guint digest_len;
+#else
+  GChecksum *checksum;
+  guint digest_len;
+#endif
+} OtRealChecksum;
+
+G_STATIC_ASSERT (sizeof(OtChecksum) >= sizeof(OtRealChecksum));
+
+void
+ot_checksum_init (OtChecksum *checksum)
+{
+  OtRealChecksum *real = (OtRealChecksum*)checksum;
+#if defined(HAVE_OPENSSL)
+  real->checksum = EVP_MD_CTX_create ();
+  g_assert (real->checksum);
+  g_assert (EVP_DigestInit_ex (real->checksum, EVP_sha256 (), NULL));
+#elif defined(HAVE_GNUTLS)
+  g_assert (!gnutls_hash_init (&real->checksum, GNUTLS_DIG_SHA256));
+  real->digest_len = gnutls_hash_get_len (GNUTLS_DIG_SHA256);
+#else
+  real->checksum = g_checksum_new (G_CHECKSUM_SHA256);
+  real->digest_len = g_checksum_type_get_length (G_CHECKSUM_SHA256);
+#endif
+}
+
+void
+ot_checksum_update (OtChecksum *checksum,
+                    const guint8   *buf,
+                    size_t          len)
+{
+  OtRealChecksum *real = (OtRealChecksum*)checksum;
+#if defined(HAVE_OPENSSL)
+  g_assert (EVP_DigestUpdate (real->checksum, buf, len));
+#elif defined(HAVE_GNUTLS)
+  g_assert (!gnutls_hash (real->checksum, buf, len));
+#else
+  g_checksum_update (real->checksum, buf, len);
+#endif
+}
+
+void
+ot_checksum_get_hexdigest (OtChecksum *checksum,
+                           char           *buf,
+                           size_t          buflen)
+{
+  OtRealChecksum *real = (OtRealChecksum*)checksum;
+  /* OSTREE_SHA256_STRING_LEN */
+  g_assert_cmpint (buflen, ==, _OSTREE_SHA256_STRING_LEN+1);
+#if defined(HAVE_OPENSSL)
+  guint digest_len;
+  guint8 digest_buf[EVP_MAX_MD_SIZE];
+  g_assert (EVP_DigestFinal_ex (real->checksum, digest_buf, &digest_len));
+#elif defined(HAVE_GNUTLS)
+  const guint digest_len = real->digest_len;
+  guint8 digest_buf[digest_len];
+  gnutls_hash_output (real->checksum, digest_buf);
+#else
+  gsize digest_len = real->digest_len;
+  guint8 digest_buf[digest_len];
+  g_checksum_get_digest (real->checksum, digest_buf, &digest_len);
+#endif
+  ot_bin2hex (buf, (guint8*)digest_buf, digest_len);
+}
+
+void
+ot_checksum_clear (OtChecksum *checksum)
+{
+  OtRealChecksum *real = (OtRealChecksum*)checksum;
+#if defined(HAVE_OPENSSL)
+  EVP_MD_CTX_destroy (real->checksum);
+#elif defined(HAVE_GNUTLS)
+  gnutls_hash_deinit (real->checksum, NULL);
+#else
+  g_checksum_free (real->checksum);
+#endif
+}
+
 guchar *
 ot_csum_from_gchecksum (GChecksum  *checksum)
 {

src/libotutil/ot-checksum-utils.h

@@ -29,6 +29,25 @@ void ot_bin2hex (char *out_buf, const guint8 *inbuf, gsize len);
 
 guchar *ot_csum_from_gchecksum (GChecksum *checksum);
 
+struct OtChecksum {
+  gpointer data[2];
+  guint uints[2];
+};
+typedef struct OtChecksum OtChecksum;
+
+/* Same as OSTREE_SHA256_STRING_LEN, but this header can't depend on that */
+#define _OSTREE_SHA256_STRING_LEN (64)
+
+void ot_checksum_init (OtChecksum *checksum);
+void ot_checksum_update (OtChecksum *checksum,
+                         const guint8   *buf,
+                         size_t          len);
+void ot_checksum_get_hexdigest (OtChecksum *checksum,
+                                char           *buf,
+                                size_t          buflen);
+void ot_checksum_clear (OtChecksum *checksum);
+G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(OtChecksum, ot_checksum_clear)
+
 gboolean ot_gio_write_update_checksum (GOutputStream  *out,
                                        gconstpointer   data,
                                        gsize           len,