[vlc-devel] [PATCH v2 1/2] contrib: libssp: build libssp on Win32 so we can patch it to use bcrypt

Steve Lhomme robux4 at ycbcr.xyz
Thu Apr 9 10:29:22 CEST 2020 

Same patch as before except we only build it for winstore builds. The 
regular win32/win64 builds are unaffected.

On 2020-04-09 10:27, Steve Lhomme wrote:
> ---
>   ...r-wincrypt-for-the-random-generator-.patch | 93 +++++++++++++++++++
>   ...low-building-outside-of-the-gcc-tree.patch | 57 ++++++++++++
>   contrib/src/libssp/SHA512SUMS                 |  1 +
>   contrib/src/libssp/rules.mak                  | 29 ++++++
>   4 files changed, 180 insertions(+)
>   create mode 100644 contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
>   create mode 100644 contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
>   create mode 100644 contrib/src/libssp/SHA512SUMS
>   create mode 100644 contrib/src/libssp/rules.mak
> 
> diff --git a/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch b/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
> new file mode 100644
> index 00000000000..182c013a5c1
> --- /dev/null
> +++ b/contrib/src/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
> @@ -0,0 +1,93 @@
> +From 5013a7dd9e75c18346b56b2765afaf0658637203 Mon Sep 17 00:00:00 2001
> +From: Steve Lhomme <robux4 at ycbcr.xyz>
> +Date: Tue, 7 Apr 2020 13:14:52 +0200
> +Subject: [PATCH 1/2] favor bcrypt over wincrypt for the random generator on
> + Windows
> +
> +BCrypt is more modern and supported in Universal Apps, Wincrypt is not and
> +CryptGenRandom is deprecated:
> +https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom
> +
> +BCrypt is available since Vista
> +https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptopenalgorithmprovider
> +
> +It requires linking with bcrypt rather than advapi32 for wincrypt.
> +---
> + configure.ac | 14 ++++++++++++++
> + ssp.c        | 20 ++++++++++++++++++++
> + 2 files changed, 34 insertions(+)
> +
> +diff --git a/configure.ac b/configure.ac
> +index f30f81c54f6..c97cf61b0dc 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -158,6 +158,20 @@ else
> + fi
> + AC_SUBST(ssp_have_usable_vsnprintf)
> +
> ++AC_ARG_ENABLE(bcrypt,
> ++AS_HELP_STRING([--disable-bcrypt],
> ++  [use bcrypt for random generator on Windows (otherwise wincrypt)]),
> ++  use_win_bcrypt=$enableval,
> ++  use_win_bcrypt=yes)
> ++if test "x$use_win_bcrypt" != xno; then
> ++  case "$target_os" in
> ++    win32 | pe | mingw32*)
> ++      AC_CHECK_TYPES([BCRYPT_ALG_HANDLE],[],[],[#include <windows.h>
> ++#include <bcrypt.h>])
> ++    ;;
> ++  esac
> ++fi
> ++
> + AM_PROG_LIBTOOL
> + ACX_LT_HOST_FLAGS
> + AC_SUBST(enable_shared)
> +diff --git a/ssp.c b/ssp.c
> +index 28f3e9cc64a..f07cc41fd4f 100644
> +--- a/ssp.c
> ++++ b/ssp.c
> +@@ -56,7 +56,11 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
> +    to the console using  "CONOUT$"   */
> + #if defined (_WIN32) && !defined (__CYGWIN__)
> + #include <windows.h>
> ++#ifdef HAVE_BCRYPT_ALG_HANDLE
> ++#include <bcrypt.h>
> ++#else
> + #include <wincrypt.h>
> ++#endif
> + # define _PATH_TTY "CONOUT$"
> + #else
> + # define _PATH_TTY "/dev/tty"
> +@@ -77,6 +81,21 @@ __guard_setup (void)
> +     return;
> +
> + #if defined (_WIN32) && !defined (__CYGWIN__)
> ++#ifdef HAVE_BCRYPT_ALG_HANDLE
> ++  BCRYPT_ALG_HANDLE algo = 0;
> ++  NTSTATUS err = BCryptOpenAlgorithmProvider(&algo, BCRYPT_RNG_ALGORITHM,
> ++                                             NULL, 0);
> ++  if (BCRYPT_SUCCESS(err))
> ++    {
> ++      if (BCryptGenRandom(algo, (BYTE *)&__stack_chk_guard,
> ++                          sizeof (__stack_chk_guard), 0) && __stack_chk_guard != 0)
> ++        {
> ++           BCryptCloseAlgorithmProvider(algo, 0);
> ++           return;
> ++        }
> ++      BCryptCloseAlgorithmProvider(algo, 0);
> ++    }
> ++#else /* !HAVE_BCRYPT_ALG_HANDLE */
> +   HCRYPTPROV hprovider = 0;
> +   if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
> +                           CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
> +@@ -89,6 +108,7 @@ __guard_setup (void)
> +         }
> +       CryptReleaseContext(hprovider, 0);
> +     }
> ++#endif /* !HAVE_BCRYPT_ALG_HANDLE */
> + #else
> +   int fd = open ("/dev/urandom", O_RDONLY);
> +   if (fd != -1)
> +--
> +2.26.0.windows.1
> +
> diff --git a/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch b/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
> new file mode 100644
> index 00000000000..1c7e01a9beb
> --- /dev/null
> +++ b/contrib/src/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
> @@ -0,0 +1,57 @@
> +From 5c27a95874d03ccc3ad297ae04b04734d83e20e9 Mon Sep 17 00:00:00 2001
> +From: Steve Lhomme <robux4 at ycbcr.xyz>
> +Date: Tue, 7 Apr 2020 13:56:58 +0200
> +Subject: [PATCH 2/2] allow building outside of the gcc tree
> +
> +DO NOT MERGE
> +---
> + Makefile.am  | 4 ----
> + configure.ac | 6 ++----
> + 2 files changed, 2 insertions(+), 8 deletions(-)
> +
> +diff --git a/Makefile.am b/Makefile.am
> +index 45fee02da4f..5384077f5b8 100644
> +--- a/Makefile.am
> ++++ b/Makefile.am
> +@@ -4,7 +4,6 @@
> + ##
> +
> + AUTOMAKE_OPTIONS = foreign
> +-ACLOCAL_AMFLAGS = -I .. -I ../config
> + MAINT_CHARSET = latin1
> +
> + # May be used by various substitution variables.
> +@@ -105,6 +104,3 @@ AM_MAKEFLAGS = \
> +
> + MAKEOVERRIDES=
> +
> +-## ################################################################
> +-
> +-include $(top_srcdir)/../multilib.am
> +diff --git a/configure.ac b/configure.ac
> +index c97cf61b0dc..53c6402bac7 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -24,8 +24,6 @@ AM_MAINTAINER_MODE
> +
> + GCC_NO_EXECUTABLES
> +
> +-AM_ENABLE_MULTILIB(, ..)
> +-
> + target_alias=${target_alias-$host_alias}
> + AC_SUBST(target_alias)
> +
> +@@ -62,8 +60,8 @@ void __attribute__((noinline)) bar (char *x)
> + CFLAGS="$save_CFLAGS"
> +
> + # Add CET specific flags if CET is enabled
> +-GCC_CET_FLAGS(CET_FLAGS)
> +-XCFLAGS="$XCFLAGS $CET_FLAGS"
> ++# GCC_CET_FLAGS(CET_FLAGS)
> ++# XCFLAGS="$XCFLAGS $CET_FLAGS"
> + AC_SUBST(XCFLAGS)
> +
> + AC_MSG_CHECKING([whether hidden visibility is supported])
> +--
> +2.26.0.windows.1
> +
> diff --git a/contrib/src/libssp/SHA512SUMS b/contrib/src/libssp/SHA512SUMS
> new file mode 100644
> index 00000000000..f750660d9cb
> --- /dev/null
> +++ b/contrib/src/libssp/SHA512SUMS
> @@ -0,0 +1 @@
> +40a2ee4fb42fc6474a0fbde208bfff310e160fcb1b015c09f50e7bb7f6039e5b0f81048fc09b239a1e2f03a67b7d8bfe37e64b1683105d2c1ff0af662a65262e  libssp-9_2_0.tar.gz
> diff --git a/contrib/src/libssp/rules.mak b/contrib/src/libssp/rules.mak
> new file mode 100644
> index 00000000000..28c85a6cc22
> --- /dev/null
> +++ b/contrib/src/libssp/rules.mak
> @@ -0,0 +1,29 @@
> +# libssp
> +LIBSSP_VERSION := 9_2_0
> +LIBSSP_SVNURL := svn://gcc.gnu.org/svn/gcc/tags/gcc_$(LIBSSP_VERSION)_release/libssp
> +
> +ifdef HAVE_WINSTORE
> +# the original libssp uses wincrypt which is forbidden in winstore apps
> +PKGS += libssp
> +endif
> +
> +$(TARBALLS)/libssp-$(LIBSSP_VERSION).tar.gz:
> +	rm -rf libssp-$(LIBSSP_VERSION) libssp
> +	$(SVN) checkout -q $(LIBSSP_SVNURL)
> +	rm -rf libssp/.svn
> +	mv libssp libssp-$(LIBSSP_VERSION)
> +	tar czf $@ libssp-$(LIBSSP_VERSION)
> +
> +.sum-libssp: libssp-$(LIBSSP_VERSION).tar.gz
> +
> +libssp: libssp-$(LIBSSP_VERSION).tar.gz .sum-libssp
> +	$(UNPACK)
> +	$(APPLY) $(SRC)/libssp/0001-favor-bcrypt-over-wincrypt-for-the-random-generator-.patch
> +	$(APPLY) $(SRC)/libssp/0002-allow-building-outside-of-the-gcc-tree.patch
> +	$(MOVE)
> +
> +.libssp: libssp
> +	$(RECONF)
> +	cd $< && $(HOSTVARS) ./configure $(HOSTCONF)
> +	cd $< && $(MAKE) install
> +	touch $@
> -- 
> 2.17.1
> 
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
>

More information about the vlc-devel mailing list