Build: Avoid SHA256_Init on FreeBSD and MINIX 3.
On FreeBSD 10 and older, SHA256_Init from libmd conflicts with libcrypto from OpenSSL. The OpenSSL version has different sizeof(SHA256_CTX) and it can cause weird problems if wrong SHA256_Init gets used. Looking at the source, MINIX 3 seems to have a similar issue but I'm not sure. To be safe, I disabled SHA256_Init on MINIX 3 too. NetBSD has SHA256_Init in libc and they had a similar problem, but they already fixed it in 2009. Thanks to Jim Wilcoxson for the bug report that helped in finding the problem.
This commit is contained in:
parent
5daae12391
commit
d0e018016b
25
configure.ac
25
configure.ac
|
@ -645,17 +645,31 @@ TUKLIB_PHYSMEM
|
||||||
TUKLIB_CPUCORES
|
TUKLIB_CPUCORES
|
||||||
TUKLIB_MBSTR
|
TUKLIB_MBSTR
|
||||||
|
|
||||||
# Check for system-provided SHA-256. At least the following is supported:
|
# Check for system-provided SHA-256. The supported implementations are listed
|
||||||
|
# below. The detection for the ones marked with [*] has been intentionally
|
||||||
|
# disabled because they have symbol name conflicts with OpenSSL's libcrypto
|
||||||
|
# which can cause weird problems (clean namespaces would make things too
|
||||||
|
# boring, I guess).
|
||||||
#
|
#
|
||||||
# OS Headers Library Type Function
|
# OS Headers Library Type Function
|
||||||
# FreeBSD sys/types.h + sha256.h libmd SHA256_CTX SHA256_Init
|
# FreeBSD sys/types.h + sha256.h libmd SHA256_CTX SHA256_Init [*]
|
||||||
# NetBSD sys/types.h + sha2.h SHA256_CTX SHA256_Init
|
# NetBSD sys/types.h + sha2.h SHA256_CTX SHA256_Init
|
||||||
# OpenBSD sys/types.h + sha2.h SHA2_CTX SHA256Init
|
# OpenBSD sys/types.h + sha2.h SHA2_CTX SHA256Init
|
||||||
# Solaris sys/types.h + sha2.h libmd SHA256_CTX SHA256Init
|
# Solaris sys/types.h + sha2.h libmd SHA256_CTX SHA256Init
|
||||||
# MINIX 3 sys/types.h + minix/sha2.h libutil SHA256_CTX SHA256_Init
|
# MINIX 3 sys/types.h + minix/sha2.h libutil SHA256_CTX SHA256_Init [*]
|
||||||
# Darwin CommonCrypto/CommonDigest.h CC_SHA256_CTX CC_SHA256_Init
|
# Darwin CommonCrypto/CommonDigest.h CC_SHA256_CTX CC_SHA256_Init
|
||||||
#
|
#
|
||||||
# Note that Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
|
# Notes:
|
||||||
|
#
|
||||||
|
# - NetBSD's SHA256_Init doesn't conflict with libcrypto because
|
||||||
|
# libcrypto on NetBSD was made to use the libc implementation to avoid
|
||||||
|
# this exact symbol conflict problem:
|
||||||
|
# http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-012.txt.asc
|
||||||
|
#
|
||||||
|
# - As of 2016-03-10, FreeBSD seems to have the issue fixed in SVN head
|
||||||
|
# but not in the FreeBSD 10 branch.
|
||||||
|
#
|
||||||
|
# - Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
|
||||||
# of size_t.
|
# of size_t.
|
||||||
#
|
#
|
||||||
# We don't check for e.g. OpenSSL or libgcrypt because we don't want
|
# We don't check for e.g. OpenSSL or libgcrypt because we don't want
|
||||||
|
@ -688,7 +702,8 @@ if test "x$enable_check_sha256" = "xyes"; then
|
||||||
#ifdef HAVE_MINIX_SHA2_H
|
#ifdef HAVE_MINIX_SHA2_H
|
||||||
# include <minix/sha2.h>
|
# include <minix/sha2.h>
|
||||||
#endif]])
|
#endif]])
|
||||||
AC_SEARCH_LIBS([SHA256_Init], [md util])
|
dnl Omit detection of the FreeBSD and MINIX 3 versions:
|
||||||
|
dnl AC_SEARCH_LIBS([SHA256_Init], [md util])
|
||||||
AC_SEARCH_LIBS([SHA256Init], [md])
|
AC_SEARCH_LIBS([SHA256Init], [md])
|
||||||
AC_CHECK_FUNCS([CC_SHA256_Init SHA256_Init SHA256Init],
|
AC_CHECK_FUNCS([CC_SHA256_Init SHA256_Init SHA256Init],
|
||||||
[break])
|
[break])
|
||||||
|
|
Loading…
Reference in New Issue