Add --with-sha1={libmd,libgcrypt,libcrypto} configure option to select
between the different implementations.Signed-off-by: Julien Cristau <[email protected]> --- On Sun, Oct 4, 2009 at 11:53:49 +1100, Daniel Stone wrote: > On Thu, Sep 24, 2009 at 01:41:31PM +0200, Julien Cristau wrote: > > Signed-off-by: Julien Cristau <[email protected]> > > --- > > We've been using that in Debian since April (to avoid openssl's > > gpl-incompatible license, and because gcrypt is already in our base > > system). One thing I'm not sure about is in what order to check for > > things in configure, or whether we need something like > > --with-sha1={libmd,libcrypto,libgcrypt}. > > Hi, > --with-sha1={libmd,libgcrypt,libcrypto} sounds ideal. > How about this one then? configure.ac | 74 +++++++++++++++++++++++++++++++++++------------ include/dix-config.h.in | 5 ++- render/glyph.c | 22 ++++++++++++++ 3 files changed, 81 insertions(+), 20 deletions(-) diff --git a/configure.ac b/configure.ac index 46421fd..1cc9256 100644 --- a/configure.ac +++ b/configure.ac @@ -1266,25 +1266,61 @@ MIEXT_SHADOW_INC='-I$(top_srcdir)/miext/shadow' MIEXT_SHADOW_LIB='$(top_builddir)/miext/shadow/libshadow.la' CORE_INCS='-I$(top_srcdir)/include -I$(top_builddir)/include' -# OpenSSL used for SHA1 hashing in render/glyph.c, but we don't need all of -# the OpenSSL libraries, just libcrypto -# Some systems have matching functionality in the smaller/simpler libmd -# Builders who want to force a choice can set SHA1_LIB and SHA1_CFLAGS -if test "x$SHA1_LIB" = "x" ; then - AC_CHECK_LIB([md], [SHA1Init], [SHA1_LIB="-lmd" - AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1], - [Use libmd SHA1 functions instead of OpenSSL libcrypto])]) -fi - -if test "x$SHA1_LIB" = "x" ; then - PKG_CHECK_EXISTS([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes], - [HAVE_OPENSSL_PKC=no]) - if test "x$HAVE_OPENSSL_PKC" = xyes; then - REQUIRED_LIBS="$REQUIRED_LIBS openssl" - else - AC_CHECK_LIB([crypto], [SHA1_Init], [SHA1_LIB="-lcrypto"], - [AC_MSG_ERROR([OpenSSL must be installed in order to build the X server.])]) - fi +# SHA1 hashing in render/glyph.c +AC_ARG_WITH([sha1], + [AS_HELP_STRING([--with-sha1=[libmd|libgcrypt|libcrypto]], + [choose SHA1 implementation])]) + +AC_CHECK_LIB([md], [SHA1Init], [HAVE_LIBMD=yes]) +if test "x$with_sha1" = x && test "x$HAVE_LIBMD" = xyes; then + with_sha1=libmd +fi +if test "x$with_sha1" = xlibmd && test "x$HAVE_LIBMD" != xyes; then + AC_MSG_ERROR([libmd requested but not found]) +fi +if test "x$with_sha1" = xlibmd; then + AC_DEFINE([HAVE_SHA1_IN_LIBMD], [1], + [Use libmd SHA1 functions]) + SHA1_LIB=-lmd +fi + +AC_CHECK_LIB([gcrypt], [gcry_md_open], [HAVE_LIBGCRYPT=yes]) +if test "x$with_sha1" = x && test "x$HAVE_LIBGCRYPT" = xyes; then + with_sha1=libgcrypt +fi +if test "x$with_sha1" = xlibgcrypt && test "x$HAVE_LIBGCRYPT" != xyes; then + AC_MSG_ERROR([libgcrypt requested but not found]) +fi +if test "x$with_sha1" = xlibgcrypt; then + AC_DEFINE([HAVE_SHA1_IN_LIBGCRYPT], [1], + [Use libgcrypt SHA1 functions]) + SHA1_LIB=-lgcrypt +fi + +# We don't need all of the OpenSSL libraries, just libcrypto +AC_CHECK_LIB([crypto], [SHA1_Init], [HAVE_LIBCRYPTO=yes]) +PKG_CHECK_MODULES([OPENSSL], [openssl], [HAVE_OPENSSL_PKC=yes], + [HAVE_OPENSSL_PKC=no]) +if test "x$HAVE_LIBCRYPTO" = xyes || test "x$HAVE_OPENSSL_PKC" = xyes; then + if test "x$with_sha1" = x; then + with_sha1=libcrypto + fi +else + if test "x$with_sha1" = xlibcrypto; then + AC_MSG_ERROR([OpenSSL libcrypto requested but not found]) + fi +fi +if test "x$with_sha1" = xlibcrypto; then + if test "x$HAVE_LIBCRYPTO" = xyes; then + SHA1_LIB=-lcrypto + else + SHA1_LIB="$OPENSSL_LIBS" + SHA1_CFLAGS="$OPENSSL_CFLAGS" + fi +fi + +if test -z "$SHA1_LIB"; then + AC_MSG_ERROR([No suitable SHA1 implementation found]) fi PKG_CHECK_MODULES([XSERVERCFLAGS], [$REQUIRED_MODULES $REQUIRED_LIBS]) diff --git a/include/dix-config.h.in b/include/dix-config.h.in index 798d9e7..7f1fb18 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -160,9 +160,12 @@ /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */ #undef HAVE_RPCSVC_DBM_H -/* Define to use libmd SHA1 functions instead of OpenSSL libcrypto */ +/* Define to use libmd SHA1 functions */ #undef HAVE_SHA1_IN_LIBMD +/* Define to use libgcrypt SHA1 functions */ +#undef HAVE_SHA1_IN_LIBGCRYPT + /* Define to 1 if you have the `shmctl64' function. */ #undef HAVE_SHMCTL64 diff --git a/render/glyph.c b/render/glyph.c index 7fcdfd9..973c6c3 100644 --- a/render/glyph.c +++ b/render/glyph.c @@ -28,6 +28,8 @@ #ifdef HAVE_SHA1_IN_LIBMD /* Use libmd for SHA1 */ # include <sha1.h> +#elif defined(HAVE_SHA1_IN_LIBGCRYPT) +# include <gcrypt.h> #else /* Use OpenSSL's libcrypto */ # include <stddef.h> /* buggy openssl/sha.h wants size_t */ # include <openssl/sha.h> @@ -205,6 +207,26 @@ HashGlyph (xGlyphInfo *gi, SHA1Update (&ctx, gi, sizeof (xGlyphInfo)); SHA1Update (&ctx, bits, size); SHA1Final (sha1, &ctx); +#elif defined(HAVE_SHA1_IN_LIBGCRYPT) /* Use libgcrypt for SHA1 */ + static int init; + gcry_md_hd_t h; + gcry_error_t err; + + if (!init) { + if (!gcry_check_version(NULL)) + return BadAlloc; + gcry_control(GCRYCTL_DISABLE_SECMEM, 0); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + init = 1; + } + + err = gcry_md_open(&h, GCRY_MD_SHA1, 0); + if (err) + return BadAlloc; + gcry_md_write(h, gi, sizeof (xGlyphInfo)); + gcry_md_write(h, bits, size); + memcpy(sha1, gcry_md_read(h, GCRY_MD_SHA1), 20); + gcry_md_close(h); #else /* Use OpenSSL's libcrypto */ SHA_CTX ctx; int success; -- 1.6.4.3 _______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
