crypto: Don't compile SHA1 support when Websockets are disabled

jadahl · jadahl · commit 5ebac6aecdd6 · 2025-09-16T23:35:16.000+02:00
SHA1 is not ideal, security wise. Let's make sure we don't even have it
compiled when nothing depends on it, e.g. Websockets.
diff --git a/src/common/crypto.h b/src/common/crypto.h
@@ -11,7 +11,9 @@
 int hash_md5(void *out, const void *in, const size_t in_len);
 
 /* Generates an SHA1 hash of 'in' and writes it to 'out', which must be 20 bytes in size. */
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len);
+#endif
 
 /* Fill 'out' with 'len' random bytes. */
 void random_bytes(void *out, size_t len);
diff --git a/src/common/crypto_included.c b/src/common/crypto_included.c
@@ -33,6 +33,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return 0;
 }
 
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     SHA1Context sha1;
@@ -45,6 +46,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
 
     return 1;
 }
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 
 void random_bytes(void *out, size_t len)
 {
diff --git a/src/common/crypto_libgcrypt.c b/src/common/crypto_libgcrypt.c
@@ -74,6 +74,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return result;
 }
 
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     int result = 0;
@@ -98,6 +99,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
     gcry_md_close(sha1);
     return result;
 }
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 
 void random_bytes(void *out, size_t len)
 {
diff --git a/src/common/crypto_openssl.c b/src/common/crypto_openssl.c
@@ -52,6 +52,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
     return 1;
 }
 
+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
 int hash_sha1(void *out, const void *in, const size_t in_len)
 {
     SHA_CTX sha1;
@@ -63,6 +64,7 @@ int hash_sha1(void *out, const void *in, const size_t in_len)
 	return 0;
     return 1;
 }
+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */
 
 void random_bytes(void *out, size_t len)
 {

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ int hash_md5(void out, const void in, const size_t in_len)`
`33`	`33`	`return 0;`
`34`	`34`	`}`
`35`	`35`
	`36`	`+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS`
`36`	`37`	`int hash_sha1(void out, const void in, const size_t in_len)`
`37`	`38`	`{`
`38`	`39`	`SHA1Context sha1;`
`@@ -45,6 +46,7 @@ int hash_sha1(void out, const void in, const size_t in_len)`
`45`	`46`
`46`	`47`	`return 1;`
`47`	`48`	`}`
	`49`	`+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */`
`48`	`50`
`49`	`51`	`void random_bytes(void *out, size_t len)`
`50`	`52`	`{`
Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,7 @@ int hash_md5(void out, const void in, const size_t in_len)`
`74`	`74`	`return result;`
`75`	`75`	`}`
`76`	`76`
	`77`	`+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS`
`77`	`78`	`int hash_sha1(void out, const void in, const size_t in_len)`
`78`	`79`	`{`
`79`	`80`	`int result = 0;`
`@@ -98,6 +99,7 @@ int hash_sha1(void out, const void in, const size_t in_len)`
`98`	`99`	`gcry_md_close(sha1);`
`99`	`100`	`return result;`
`100`	`101`	`}`
	`102`	`+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */`
`101`	`103`
`102`	`104`	`void random_bytes(void *out, size_t len)`
`103`	`105`	`{`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ int hash_md5(void out, const void in, const size_t in_len)`
`52`	`52`	`return 1;`
`53`	`53`	`}`
`54`	`54`
	`55`	`+#ifdef LIBVNCSERVER_WITH_WEBSOCKETS`
`55`	`56`	`int hash_sha1(void out, const void in, const size_t in_len)`
`56`	`57`	`{`
`57`	`58`	`SHA_CTX sha1;`
`@@ -63,6 +64,7 @@ int hash_sha1(void out, const void in, const size_t in_len)`
`63`	`64`	`return 0;`
`64`	`65`	`return 1;`
`65`	`66`	`}`
	`67`	`+#endif /* LIBVNCSERVER_WITH_WEBSOCKETS */`
`66`	`68`
`67`	`69`	`void random_bytes(void *out, size_t len)`
`68`	`70`	`{`