[PATCH v2] Add libgcrypt as an option for sha1

Julien Cristau jcristau at debian.org
Sun Oct 4 04:51:38 PDT 2009 

Add --with-sha1={libmd,libgcrypt,libcrypto} configure option to select
between the different implementations.

Signed-off-by: Julien Cristau <jcristau at debian.org>
---
On Sun, Oct  4, 2009 at 11:53:49 +1100, Daniel Stone wrote:

> On Thu, Sep 24, 2009 at 01:41:31PM +0200, Julien Cristau wrote:
> > Signed-off-by: Julien Cristau <jcristau at debian.org>
> > ---
> > We've been using that in Debian since April (to avoid openssl's
> > gpl-incompatible license, and because gcrypt is already in our base
> > system).  One thing I'm not sure about is in what order to check for
> > things in configure, or whether we need something like
> > --with-sha1={libmd,libcrypto,libgcrypt}.
> 
> Hi,
> --with-sha1={libmd,libgcrypt,libcrypto} sounds ideal.
> 
How about this one then?

 configure.ac            |   74 +++++++++++++++++++++++++++++++++++------------
 include/dix-config.h.in |    5 ++-
 render/glyph.c          |   22 ++++++++++++++
 3 files changed, 81 insertions(+), 20 deletions(-)

diff --git a/configure.ac b/configure.ac
index 46421fd..1cc9256 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1266,25 +1266,61 @@ MIEXT_SHADOW_INC='-I$(top_srcdir)/miext/shadow'
 MIEXT_SHADOW_LIB='$(top_builddir)/miext/shadow/libshadow.la'
 CORE_INCS='-I$(top_srcdir)/include -I$(top_builddir)/include'
 
-# OpenSSL used for SHA1 hashing in render/glyph.c, but we don't need all of
-# the OpenSSL libraries, just libcrypto
-# Some systems have matching functionality in the smaller/simpler libmd
-# Builders who want to force a choice can set SHA1_LIB and SHA1_CFLAGS
-if test "x$SHA1_LIB" = "x" ; then
-  AC_CHECK_LIB([md], [SHA1Init], [SHA1_LIB="-lmd"
-            AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1],
-            [Use libmd SHA1 functions instead of OpenSSL libcrypto])])
-fi
-
-if test "x$SHA1_LIB" = "x" ; then
-  PKG_CHECK_EXISTS([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes],
-                    [HAVE_OPENSSL_PKC=no])
-  if test "x$HAVE_OPENSSL_PKC" = xyes; then
-    REQUIRED_LIBS="$REQUIRED_LIBS openssl"
-  else
-    AC_CHECK_LIB([crypto], [SHA1_Init], [SHA1_LIB="-lcrypto"],
-                 [AC_MSG_ERROR([OpenSSL must be installed in order to build the X server.])])
-  fi
+# SHA1 hashing in render/glyph.c
+AC_ARG_WITH([sha1],
+            [AS_HELP_STRING([--with-sha1=[libmd|libgcrypt|libcrypto]],
+                            [choose SHA1 implementation])])
+
+AC_CHECK_LIB([md], [SHA1Init], [HAVE_LIBMD=yes])
+if test "x$with_sha1" = x && test "x$HAVE_LIBMD" = xyes; then
+	with_sha1=libmd
+fi
+if test "x$with_sha1" = xlibmd && test "x$HAVE_LIBMD" != xyes; then
+	AC_MSG_ERROR([libmd requested but not found])
+fi
+if test "x$with_sha1" = xlibmd; then
+	AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1],
+	          [Use libmd SHA1 functions])
+	SHA1_LIB=-lmd
+fi
+
+AC_CHECK_LIB([gcrypt], [gcry_md_open], [HAVE_LIBGCRYPT=yes])
+if test "x$with_sha1" = x && test "x$HAVE_LIBGCRYPT" = xyes; then
+	with_sha1=libgcrypt
+fi
+if test "x$with_sha1" = xlibgcrypt && test "x$HAVE_LIBGCRYPT" != xyes; then
+	AC_MSG_ERROR([libgcrypt requested but not found])
+fi
+if test "x$with_sha1" = xlibgcrypt; then
+	AC_DEFINE([HAVE_SHA1_IN_LIBGCRYPT], [1],
+	          [Use libgcrypt SHA1 functions])
+	SHA1_LIB=-lgcrypt
+fi
+
+# We don't need all of the OpenSSL libraries, just libcrypto
+AC_CHECK_LIB([crypto], [SHA1_Init], [HAVE_LIBCRYPTO=yes])
+PKG_CHECK_MODULES([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes],
+                  [HAVE_OPENSSL_PKC=no])
+if test "x$HAVE_LIBCRYPTO" = xyes || test "x$HAVE_OPENSSL_PKC" = xyes; then
+	if test "x$with_sha1" = x; then
+		with_sha1=libcrypto
+	fi
+else
+	if test "x$with_sha1" = xlibcrypto; then
+		AC_MSG_ERROR([OpenSSL libcrypto requested but not found])
+	fi
+fi
+if test "x$with_sha1" = xlibcrypto; then
+	if test "x$HAVE_LIBCRYPTO" = xyes; then
+		SHA1_LIB=-lcrypto
+	else
+		SHA1_LIB="$OPENSSL_LIBS"
+		SHA1_CFLAGS="$OPENSSL_CFLAGS"
+	fi
+fi
+
+if test -z "$SHA1_LIB"; then
+	AC_MSG_ERROR([No suitable SHA1 implementation found])
 fi
 
 PKG_CHECK_MODULES([XSERVERCFLAGS], [$REQUIRED_MODULES $REQUIRED_LIBS])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 798d9e7..7f1fb18 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -160,9 +160,12 @@
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 #undef HAVE_RPCSVC_DBM_H
 
-/* Define to use libmd SHA1 functions instead of OpenSSL libcrypto */
+/* Define to use libmd SHA1 functions */
 #undef HAVE_SHA1_IN_LIBMD
 
+/* Define to use libgcrypt SHA1 functions */
+#undef HAVE_SHA1_IN_LIBGCRYPT
+
 /* Define to 1 if you have the `shmctl64' function. */
 #undef HAVE_SHMCTL64
 
diff --git a/render/glyph.c b/render/glyph.c
index 7fcdfd9..973c6c3 100644
--- a/render/glyph.c
+++ b/render/glyph.c
@@ -28,6 +28,8 @@
 
 #ifdef HAVE_SHA1_IN_LIBMD /* Use libmd for SHA1 */
 # include <sha1.h>
+#elif defined(HAVE_SHA1_IN_LIBGCRYPT)
+# include <gcrypt.h>
 #else /* Use OpenSSL's libcrypto */
 # include <stddef.h>  /* buggy openssl/sha.h wants size_t */
 # include <openssl/sha.h>
@@ -205,6 +207,26 @@ HashGlyph (xGlyphInfo    *gi,
     SHA1Update (&ctx, gi, sizeof (xGlyphInfo));
     SHA1Update (&ctx, bits, size);
     SHA1Final (sha1, &ctx);
+#elif defined(HAVE_SHA1_IN_LIBGCRYPT) /* Use libgcrypt for SHA1 */
+    static int init;
+    gcry_md_hd_t h;
+    gcry_error_t err;
+
+    if (!init) {
+	if (!gcry_check_version(NULL))
+	    return BadAlloc;
+	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+	init = 1;
+    }
+
+    err = gcry_md_open(&h, GCRY_MD_SHA1, 0);
+    if (err)
+	return BadAlloc;
+    gcry_md_write(h, gi, sizeof (xGlyphInfo));
+    gcry_md_write(h, bits, size);
+    memcpy(sha1, gcry_md_read(h, GCRY_MD_SHA1), 20);
+    gcry_md_close(h);
 #else /* Use OpenSSL's libcrypto */
     SHA_CTX ctx;
     int success;
-- 
1.6.4.3

More information about the xorg-devel mailing list