diff options
author | Keith Packard <keithp@keithp.com> | 2009-10-28 10:54:13 -0700 |
---|---|---|
committer | Keith Packard <keithp@keithp.com> | 2009-10-28 10:54:13 -0700 |
commit | deb72fc61464250af8185dab2da8ee09f13c55d8 (patch) | |
tree | 476702f62c8b69bd5a52f4ba0f3df1897bbd65db | |
parent | 55f4c80a4c891b355a99e6a05978ca945397c5cc (diff) | |
parent | a60e676f1fd243c78859440b87652f523d3f2ec1 (diff) |
Merge remote branch 'jcristau/sha1'
-rw-r--r-- | configure.ac | 73 | ||||
-rw-r--r-- | include/Makefile.am | 3 | ||||
-rw-r--r-- | include/dix-config.h.in | 5 | ||||
-rw-r--r-- | include/xsha1.h | 19 | ||||
-rw-r--r-- | os/Makefile.am | 4 | ||||
-rw-r--r-- | os/xsha1.c | 113 | ||||
-rw-r--r-- | render/glyph.c | 36 |
7 files changed, 202 insertions, 51 deletions
diff --git a/configure.ac b/configure.ac index d85b8ebec..e7d8a4bb8 100644 --- a/configure.ac +++ b/configure.ac @@ -1284,26 +1284,57 @@ MIEXT_SHADOW_INC='-I$(top_srcdir)/miext/shadow' MIEXT_SHADOW_LIB='$(top_builddir)/miext/shadow/libshadow.la' CORE_INCS='-I$(top_srcdir)/include -I$(top_builddir)/include' -# OpenSSL used for SHA1 hashing in render/glyph.c, but we don't need all of -# the OpenSSL libraries, just libcrypto -# Some systems have matching functionality in the smaller/simpler libmd -# Builders who want to force a choice can set SHA1_LIB and SHA1_CFLAGS -if test "x$SHA1_LIB" = "x" ; then - AC_CHECK_LIB([md], [SHA1Init], [SHA1_LIB="-lmd" - AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1], - [Use libmd SHA1 functions instead of OpenSSL libcrypto])]) -fi - -if test "x$SHA1_LIB" = "x" ; then - PKG_CHECK_EXISTS([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes], - [HAVE_OPENSSL_PKC=no]) - if test "x$HAVE_OPENSSL_PKC" = xyes; then - REQUIRED_LIBS="$REQUIRED_LIBS openssl" - else - AC_CHECK_LIB([crypto], [SHA1_Init], [SHA1_LIB="-lcrypto"], - [AC_MSG_ERROR([OpenSSL must be installed in order to build the X server.])]) - fi +# SHA1 hashing +AC_ARG_WITH([sha1], + [AS_HELP_STRING([--with-sha1=libmd|libgcrypt|libcrypto], + [choose SHA1 implementation])]) +AC_CHECK_LIB([md], [SHA1Init], [HAVE_LIBMD=yes]) +if test "x$with_sha1" = x && test "x$HAVE_LIBMD" = xyes; then + with_sha1=libmd +fi +if test "x$with_sha1" = xlibmd && test "x$HAVE_LIBMD" != xyes; then + AC_MSG_ERROR([libmd requested but not found]) +fi +if test "x$with_sha1" = xlibmd; then + AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1], + [Use libmd SHA1 functions]) + SHA1_LIBS=-lmd +fi +AC_CHECK_LIB([gcrypt], [gcry_md_open], [HAVE_LIBGCRYPT=yes]) +if test "x$with_sha1" = x && test "x$HAVE_LIBGCRYPT" = xyes; then + with_sha1=libgcrypt +fi +if test "x$with_sha1" = xlibgcrypt; then + AC_DEFINE([HAVE_SHA1_IN_LIBGCRYPT], [1], + [Use libgcrypt SHA1 functions]) + SHA1_LIBS=-lgcrypt +fi +# We don't need all of the OpenSSL libraries, just libcrypto +AC_CHECK_LIB([crypto], [SHA1_Init], [HAVE_LIBCRYPTO=yes]) +PKG_CHECK_MODULES([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes], + [HAVE_OPENSSL_PKC=no]) +if test "x$HAVE_LIBCRYPTO" = xyes || test "x$HAVE_OPENSSL_PKC" = xyes; then + if test "x$with_sha1" = x; then + with_sha1=libcrypto + fi +else + if test "x$with_sha1" = xlibcrypto; then + AC_MSG_ERROR([OpenSSL libcrypto requested but not found]) + fi +fi +if test "x$with_sha1" = xlibcrypto; then + if test "x$HAVE_LIBCRYPTO" = xyes; then + SHA1_LIBS=-lcrypto + else + SHA1_LIBS="$OPENSSL_LIBS" + SHA1_CFLAGS="$OPENSSL_CFLAGS" + fi +fi +if test "x$with_sha1" = x; then + AC_MSG_ERROR([No suitable SHA1 implementation found]) fi +AC_SUBST(SHA1_LIBS) +AC_SUBST(SHA1_CFLAGS) PKG_CHECK_MODULES([XSERVERCFLAGS], [$REQUIRED_MODULES $REQUIRED_LIBS]) PKG_CHECK_MODULES([XSERVERLIBS], [$REQUIRED_LIBS]) @@ -1323,9 +1354,9 @@ PKG_CHECK_MODULES([XSERVERLIBS], [$REQUIRED_LIBS]) # XSERVER_SYS_LIBS is the set of out-of-tree libraries which all servers # require. # -XSERVER_CFLAGS="${XSERVER_CFLAGS} ${XSERVERCFLAGS_CFLAGS} ${SHA1_CFLAGS}" +XSERVER_CFLAGS="${XSERVER_CFLAGS} ${XSERVERCFLAGS_CFLAGS}" XSERVER_LIBS="$DIX_LIB $CONFIG_LIB $MI_LIB $OS_LIB" -XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS} ${SHA1_LIB}" +XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS}" AC_SUBST([XSERVER_LIBS]) AC_SUBST([XSERVER_SYS_LIBS]) diff --git a/include/Makefile.am b/include/Makefile.am index aa5db7d5f..d684f9c2b 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -66,4 +66,5 @@ AM_CFLAGS = $(DIX_CFLAGS) EXTRA_DIST = \ dix-config-apple-verbatim.h \ eventconvert.h eventstr.h \ - protocol-versions.h + protocol-versions.h \ + xsha1.h diff --git a/include/dix-config.h.in b/include/dix-config.h.in index 798d9e73c..7f1fb1836 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -160,9 +160,12 @@ /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */ #undef HAVE_RPCSVC_DBM_H -/* Define to use libmd SHA1 functions instead of OpenSSL libcrypto */ +/* Define to use libmd SHA1 functions */ #undef HAVE_SHA1_IN_LIBMD +/* Define to use libgcrypt SHA1 functions */ +#undef HAVE_SHA1_IN_LIBGCRYPT + /* Define to 1 if you have the `shmctl64' function. */ #undef HAVE_SHMCTL64 diff --git a/include/xsha1.h b/include/xsha1.h new file mode 100644 index 000000000..aab71067a --- /dev/null +++ b/include/xsha1.h @@ -0,0 +1,19 @@ +#ifndef XSHA1_H +#define XSHA1_H + +/* Initialize SHA1 computation. Returns NULL on error. */ +void *x_sha1_init(void); + +/* + * Add some data to be hashed. ctx is the value returned by x_sha1_init() + * Returns 0 on error, 1 on success. + */ +int x_sha1_update(void *ctx, void *data, int size); + +/* + * Place the hash in result, and free ctx. + * Returns 0 on error, 1 on success. + */ +int x_sha1_final(void *ctx, unsigned char result[20]); + +#endif diff --git a/os/Makefile.am b/os/Makefile.am index a7f34a5b8..9902f045c 100644 --- a/os/Makefile.am +++ b/os/Makefile.am @@ -1,6 +1,6 @@ noinst_LTLIBRARIES = libos.la -AM_CFLAGS = $(DIX_CFLAGS) +AM_CFLAGS = $(DIX_CFLAGS) $(SHA1_CFLAGS) SECURERPC_SRCS = rpcauth.c XDMCP_SRCS = xdmcp.c @@ -22,9 +22,11 @@ libos_la_SOURCES = \ strcasecmp.c \ strcasestr.c \ xdmauth.c \ + xsha1.c \ xstrans.c \ xprintf.c \ $(XORG_SRCS) +libos_la_LIBADD = @SHA1_LIBS@ if SECURE_RPC libos_la_SOURCES += $(SECURERPC_SRCS) diff --git a/os/xsha1.c b/os/xsha1.c new file mode 100644 index 000000000..723521e05 --- /dev/null +++ b/os/xsha1.c @@ -0,0 +1,113 @@ +#ifdef HAVE_DIX_CONFIG_H +#include <dix-config.h> +#endif + +#include "os.h" +#include "xsha1.h" + +#ifdef HAVE_SHA1_IN_LIBMD /* Use libmd for SHA1 */ + +# include <sha1.h> + +void *x_sha1_init(void) +{ + SHA1_CTX *ctx = xalloc(sizeof(*ctx)); + if (!ctx) + return NULL; + SHA1Init(ctx); + return ctx; +} + +int x_sha1_update(void *ctx, void *data, int size) +{ + SHA1_CTX *sha1_ctx = ctx; + SHA1Update(sha1_ctx, data, size); + return 1; +} + +int x_sha1_final(void *ctx, unsigned char result[20]) +{ + SHA1_CTX *sha1_ctx = ctx; + SHA1Final(result, sha1_ctx); + xfree(sha1_ctx); + return 1; +} + +#elif defined(HAVE_SHA1_IN_LIBGCRYPT) /* Use libgcrypt for SHA1 */ + +# include <gcrypt.h> + +void *x_sha1_init(void) +{ + static int init; + gcry_md_hd_t h; + gcry_error_t err; + + if (!init) { + if (!gcry_check_version(NULL)) + return NULL; + gcry_control(GCRYCTL_DISABLE_SECMEM, 0); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + init = 1; + } + + err = gcry_md_open(&h, GCRY_MD_SHA1, 0); + if (err) + return NULL; + return h; +} + +int x_sha1_update(void *ctx, void *data, int size) +{ + gcry_md_hd_t h = ctx; + gcry_md_write(h, data, size); + return 1; +} + +int x_sha1_final(void *ctx, unsigned char result[20]) +{ + gcry_md_hd_t h = ctx; + memcpy(result, gcry_md_read(h, GCRY_MD_SHA1), 20); + gcry_md_close(h); + return 1; +} + +#else /* Use OpenSSL's libcrypto */ + +# include <stddef.h> /* buggy openssl/sha.h wants size_t */ +# include <openssl/sha.h> + +void *x_sha1_init(void) +{ + int ret; + SHA_CTX *ctx = xalloc(sizeof(*ctx)); + if (!ctx) + return NULL; + ret = SHA1_Init(ctx); + if (!ret) { + xfree(ctx); + return NULL; + } + return ctx; +} + +int x_sha1_update(void *ctx, void *data, int size) +{ + int ret; + SHA_CTX *sha_ctx = ctx; + ret = SHA1_Update(sha_ctx, data, size); + if (!ret) + xfree(sha_ctx); + return ret; +} + +int x_sha1_final(void *ctx, unsigned char result[20]) +{ + int ret; + SHA_CTX *sha_ctx = ctx; + ret = SHA1_Final(result, sha_ctx); + xfree(sha_ctx); + return ret; +} + +#endif diff --git a/render/glyph.c b/render/glyph.c index 7fcdfd9d1..0b864ad4d 100644 --- a/render/glyph.c +++ b/render/glyph.c @@ -26,12 +26,7 @@ #include <dix-config.h> #endif -#ifdef HAVE_SHA1_IN_LIBMD /* Use libmd for SHA1 */ -# include <sha1.h> -#else /* Use OpenSSL's libcrypto */ -# include <stddef.h> /* buggy openssl/sha.h wants size_t */ -# include <openssl/sha.h> -#endif +#include "xsha1.h" #include "misc.h" #include "scrnintstr.h" @@ -198,34 +193,21 @@ HashGlyph (xGlyphInfo *gi, unsigned long size, unsigned char sha1[20]) { -#ifdef HAVE_SHA1_IN_LIBMD /* Use libmd for SHA1 */ - SHA1_CTX ctx; - - SHA1Init (&ctx); - SHA1Update (&ctx, gi, sizeof (xGlyphInfo)); - SHA1Update (&ctx, bits, size); - SHA1Final (sha1, &ctx); -#else /* Use OpenSSL's libcrypto */ - SHA_CTX ctx; + void *ctx = x_sha1_init(); int success; - success = SHA1_Init (&ctx); - if (! success) + if (!ctx) return BadAlloc; - success = SHA1_Update (&ctx, gi, sizeof (xGlyphInfo)); - if (! success) + success = x_sha1_update(ctx, gi, sizeof(xGlyphInfo)); + if (!success) return BadAlloc; - - success = SHA1_Update (&ctx, bits, size); - if (! success) + success = x_sha1_update(ctx, bits, size); + if (!success) return BadAlloc; - - success = SHA1_Final (sha1, &ctx); - if (! success) + success = x_sha1_final(ctx, sha1); + if (!success) return BadAlloc; -#endif - return Success; } |