[PATCH] os: Add CryptoAPI as a choice of SHA1 implementation

Yaakov (Cygwin/X) yselkowitz at users.sourceforge.net
Thu Apr 26 00:11:28 PDT 2012


From: Yaakov Selkowitz <yselkowitz at users.sourceforge.net>

Both Cygwin and MinGW can use Windows' native CryptoAPI for SHA1,
saving a dependency on libgcrypt or OpenSSL.  The necessary functions
are in ADVAPI32.DLL, which is among the default lib flags and is
already used in hw/xwin for accessing the registry.

Signed-off-by: Yaakov Selkowitz <yselkowitz at users.sourceforge.net>
---
Jon, Ryan, any thoughts on this?  From experience, you can tell if you mess
this up because character rendering in GTK+ depends on it.  This would
allow us to drop the libgcrypt dep, although I haven't tried to compare
performance between the implementations.

 configure.ac            |   15 ++++++++++++++-
 include/dix-config.h.in |    3 +++
 os/xsha1.c              |   42 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 1 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4afac82..5289555 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1350,7 +1350,7 @@ CORE_INCS='-I$(top_srcdir)/include -I$(top_builddir)/include'
 
 # SHA1 hashing
 AC_ARG_WITH([sha1],
-            [AS_HELP_STRING([--with-sha1=libc|libmd|libgcrypt|libcrypto|libsha1|CommonCrypto],
+            [AS_HELP_STRING([--with-sha1=libc|libmd|libgcrypt|libcrypto|libsha1|CommonCrypto|CryptoAPI],
                             [choose SHA1 implementation])])
 AC_CHECK_FUNC([SHA1Init], [HAVE_SHA1_IN_LIBC=yes])
 if test "x$with_sha1" = x && test "x$HAVE_SHA1_IN_LIBC" = xyes; then
@@ -1376,6 +1376,19 @@ if test "x$with_sha1" = xCommonCrypto; then
 		[Use CommonCrypto SHA1 functions])
 	SHA1_LIBS=""
 fi
+dnl stdcall functions cannot be tested with AC_CHECK_LIB
+AC_CHECK_HEADER([wincrypt.h], [HAVE_SHA1_IN_CRYPTOAPI=yes], [], [#include <windows.h>])
+if test "x$with_sha1" = x && test "x$HAVE_SHA1_IN_CRYPTOAPI" = xyes; then
+	with_sha1=CryptoAPI
+fi
+if test "x$with_sha1" = xCryptoAPI && test "x$HAVE_SHA1_IN_CRYPTOAPI" != xyes; then
+	AC_MSG_ERROR([CryptoAPI requested but not found])
+fi
+if test "x$with_sha1" = xCryptoAPI; then
+	AC_DEFINE([HAVE_SHA1_IN_CRYPTOAPI], [1],
+		[Use CryptoAPI SHA1 functions])
+	SHA1_LIBS=""
+fi
 AC_CHECK_LIB([md], [SHA1Init], [HAVE_LIBMD=yes])
 if test "x$with_sha1" = x && test "x$HAVE_LIBMD" = xyes; then
 	with_sha1=libmd
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 3fb6413..3c9bbaf 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -148,6 +148,9 @@
 /* Define to use CommonCrypto SHA1 functions */
 #undef HAVE_SHA1_IN_COMMONCRYPTO
 
+/* Define to use CryptoAPI SHA1 functions */
+#undef HAVE_SHA1_IN_CRYPTOAPI
+
 /* Define to use libmd SHA1 functions */
 #undef HAVE_SHA1_IN_LIBMD
 
diff --git a/os/xsha1.c b/os/xsha1.c
index dccce74..fa66c7a 100644
--- a/os/xsha1.c
+++ b/os/xsha1.c
@@ -74,6 +74,48 @@ x_sha1_final(void *ctx, unsigned char result[20])
     return 1;
 }
 
+#elif defined(HAVE_SHA1_IN_CRYPTOAPI)        /* Use CryptoAPI for SHA1 */
+
+#define WIN32_LEAN_AND_MEAN
+#include <X11/Xwindows.h>
+#include <wincrypt.h>
+
+static HCRYPTPROV hProv;
+
+void *
+x_sha1_init(void)
+{
+    HCRYPTHASH *ctx = malloc(sizeof(*ctx));
+
+    if (!ctx)
+        return NULL;
+    CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
+    CryptCreateHash(hProv, CALG_SHA1, 0, 0, ctx);
+    return ctx;
+}
+
+int
+x_sha1_update(void *ctx, void *data, int size)
+{
+    HCRYPTHASH *hHash = ctx;
+
+    CryptHashData(*hHash, data, size, 0);
+    return 1;
+}
+
+int
+x_sha1_final(void *ctx, unsigned char result[20])
+{
+    HCRYPTHASH *hHash = ctx;
+    DWORD len = 20;
+
+    CryptGetHashParam(*hHash, HP_HASHVAL, result, &len, 0);
+    CryptDestroyHash(*hHash);
+    CryptReleaseContext(hProv, 0);
+    free(ctx);
+    return 1;
+}
+
 #elif defined(HAVE_SHA1_IN_LIBGCRYPT)   /* Use libgcrypt for SHA1 */
 
 #include <gcrypt.h>
-- 
1.7.9



More information about the xorg-devel mailing list