[vlc-devel] [PATCH v2 1/2] contrib: libssp: build libssp on Win32 so we can patch it to use bcrypt

Steve Lhomme robux4 at ycbcr.xyz
Thu Apr 9 10:27:19 CEST 2020 

---
 ...r-wincrypt-for-the-random-generator-.patch | 93 +++++++++++++++++++
 ...low-building-outside-of-the-gcc-tree.patch | 57 ++++++++++++
 contrib/src/libssp/SHA512SUMS                 |  1 +
 contrib/src/libssp/rules.mak                  | 29 ++++++
 4 files changed, 180 insertions(+)
 create mode 100644 contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
 create mode 100644 contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
 create mode 100644 contrib/src/libssp/SHA512SUMS
 create mode 100644 contrib/src/libssp/rules.mak

diff --git a/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch b/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
new file mode 100644
index 00000000000..182c013a5c1
--- /dev/null
+++ b/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
@@ -0,0 +1,93 @@
+From 5013a7dd9e75c18346b56b2765afaf0658637203 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Tue, 7 Apr 2020 13:14:52 +0200
+Subject: [PATCH 1/2] favor bcrypt over wincrypt for the random generator on
+ Windows
+
+BCrypt is more modern and supported in Universal Apps, Wincrypt is not and
+CryptGenRandom is deprecated:
+https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom
+
+BCrypt is available since Vista
+https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptopenalgorithmprovider
+
+It requires linking with bcrypt rather than advapi32 for wincrypt.
+---
+ configure.ac | 14 ++++++++++++++
+ ssp.c        | 20 ++++++++++++++++++++
+ 2 files changed, 34 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index f30f81c54f6..c97cf61b0dc 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -158,6 +158,20 @@ else
+ fi
+ AC_SUBST(ssp_have_usable_vsnprintf)
+ 
++AC_ARG_ENABLE(bcrypt,
++AS_HELP_STRING([--disable-bcrypt],
++  [use bcrypt for random generator on Windows (otherwise wincrypt)]),
++  use_win_bcrypt=$enableval,
++  use_win_bcrypt=yes)
++if test "x$use_win_bcrypt" != xno; then
++  case "$target_os" in
++    win32 | pe | mingw32*)
++      AC_CHECK_TYPES([BCRYPT_ALG_HANDLE],[],[],[#include <windows.h>
++#include <bcrypt.h>])
++    ;;
++  esac
++fi
++
+ AM_PROG_LIBTOOL
+ ACX_LT_HOST_FLAGS
+ AC_SUBST(enable_shared)
+diff --git a/ssp.c b/ssp.c
+index 28f3e9cc64a..f07cc41fd4f 100644
+--- a/ssp.c
++++ b/ssp.c
+@@ -56,7 +56,11 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+    to the console using  "CONOUT$"   */
+ #if defined (_WIN32) && !defined (__CYGWIN__)
+ #include <windows.h>
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++#include <bcrypt.h>
++#else
+ #include <wincrypt.h>
++#endif
+ # define _PATH_TTY "CONOUT$"
+ #else
+ # define _PATH_TTY "/dev/tty"
+@@ -77,6 +81,21 @@ __guard_setup (void)
+     return;
+ 
+ #if defined (_WIN32) && !defined (__CYGWIN__)
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++  BCRYPT_ALG_HANDLE algo = 0;
++  NTSTATUS err = BCryptOpenAlgorithmProvider(&algo, BCRYPT_RNG_ALGORITHM, 
++                                             NULL, 0);
++  if (BCRYPT_SUCCESS(err))
++    {
++      if (BCryptGenRandom(algo, (BYTE *)&__stack_chk_guard,
++                          sizeof (__stack_chk_guard), 0) && __stack_chk_guard != 0)
++        {
++           BCryptCloseAlgorithmProvider(algo, 0);
++           return;
++        }
++      BCryptCloseAlgorithmProvider(algo, 0);
++    }
++#else /* !HAVE_BCRYPT_ALG_HANDLE */
+   HCRYPTPROV hprovider = 0;
+   if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
+                           CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+@@ -89,6 +108,7 @@ __guard_setup (void)
+         }
+       CryptReleaseContext(hprovider, 0);
+     }
++#endif /* !HAVE_BCRYPT_ALG_HANDLE */
+ #else
+   int fd = open ("/dev/urandom", O_RDONLY);
+   if (fd != -1)
+-- 
+2.26.0.windows.1
+
diff --git a/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch b/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
new file mode 100644
index 00000000000..1c7e01a9beb
--- /dev/null
+++ b/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
@@ -0,0 +1,57 @@
+From 5c27a95874d03ccc3ad297ae04b04734d83e20e9 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Tue, 7 Apr 2020 13:56:58 +0200
+Subject: [PATCH 2/2] allow building outside of the gcc tree
+
+DO NOT MERGE
+---
+ Makefile.am  | 4 ----
+ configure.ac | 6 ++----
+ 2 files changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 45fee02da4f..5384077f5b8 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -4,7 +4,6 @@
+ ##
+ 
+ AUTOMAKE_OPTIONS = foreign
+-ACLOCAL_AMFLAGS = -I .. -I ../config
+ MAINT_CHARSET = latin1
+ 
+ # May be used by various substitution variables.
+@@ -105,6 +104,3 @@ AM_MAKEFLAGS = \
+ 
+ MAKEOVERRIDES=
+ 
+-## ################################################################
+-
+-include $(top_srcdir)/../multilib.am
+diff --git a/configure.ac b/configure.ac
+index c97cf61b0dc..53c6402bac7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -24,8 +24,6 @@ AM_MAINTAINER_MODE
+ 
+ GCC_NO_EXECUTABLES
+ 
+-AM_ENABLE_MULTILIB(, ..)
+-
+ target_alias=${target_alias-$host_alias}
+ AC_SUBST(target_alias)
+ 
+@@ -62,8 +60,8 @@ void __attribute__((noinline)) bar (char *x)
+ CFLAGS="$save_CFLAGS"
+ 
+ # Add CET specific flags if CET is enabled
+-GCC_CET_FLAGS(CET_FLAGS)
+-XCFLAGS="$XCFLAGS $CET_FLAGS"
++# GCC_CET_FLAGS(CET_FLAGS)
++# XCFLAGS="$XCFLAGS $CET_FLAGS"
+ AC_SUBST(XCFLAGS)
+ 
+ AC_MSG_CHECKING([whether hidden visibility is supported])
+-- 
+2.26.0.windows.1
+
diff --git a/contrib/src/libssp/SHA512SUMS b/contrib/src/libssp/SHA512SUMS
new file mode 100644
index 00000000000..f750660d9cb
--- /dev/null
+++ b/contrib/src/libssp/SHA512SUMS
@@ -0,0 +1 @@
+40a2ee4fb42fc6474a0fbde208bfff310e160fcb1b015c09f50e7bb7f6039e5b0f81048fc09b239a1e2f03a67b7d8bfe37e64b1683105d2c1ff0af662a65262e  libssp-9_2_0.tar.gz
diff --git a/contrib/src/libssp/rules.mak b/contrib/src/libssp/rules.mak
new file mode 100644
index 00000000000..28c85a6cc22
--- /dev/null
+++ b/contrib/src/libssp/rules.mak
@@ -0,0 +1,29 @@
+# libssp
+LIBSSP_VERSION := 9_2_0
+LIBSSP_SVNURL := svn://gcc.gnu.org/svn/gcc/tags/gcc_$(LIBSSP_VERSION)_release/libssp
+
+ifdef HAVE_WINSTORE
+# the original libssp uses wincrypt which is forbidden in winstore apps
+PKGS += libssp
+endif
+
+$(TARBALLS)/libssp-$(LIBSSP_VERSION).tar.gz:
+	rm -rf libssp-$(LIBSSP_VERSION) libssp
+	$(SVN) checkout -q $(LIBSSP_SVNURL)
+	rm -rf libssp/.svn
+	mv libssp libssp-$(LIBSSP_VERSION)
+	tar czf $@ libssp-$(LIBSSP_VERSION)
+
+.sum-libssp: libssp-$(LIBSSP_VERSION).tar.gz
+
+libssp: libssp-$(LIBSSP_VERSION).tar.gz .sum-libssp
+	$(UNPACK)
+	$(APPLY) $(SRC)/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
+	$(APPLY) $(SRC)/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
+	$(MOVE)
+
+.libssp: libssp
+	$(RECONF)
+	cd $< && $(HOSTVARS) ./configure $(HOSTCONF)
+	cd $< && $(MAKE) install
+	touch $@
-- 
2.17.1

More information about the vlc-devel mailing list