aboutsummaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2016-03-10 20:26:49 +0200
committerLasse Collin <lasse.collin@tukaani.org>2016-03-10 20:26:49 +0200
commit473ef0dc69a30e64d5fa0d34aca02f7309faa3e9 (patch)
treea7937f02b4ce873d3d9f8ac65df53aeda4e7a6a5 /configure.ac
parenttuklib_physmem: Hopefully silence a warning on Windows. (diff)
downloadxz-473ef0dc69a30e64d5fa0d34aca02f7309faa3e9.tar.xz
Build: Avoid SHA256_Init on FreeBSD and MINIX 3.
On FreeBSD 10 and older, SHA256_Init from libmd conflicts with libcrypto from OpenSSL. The OpenSSL version has different sizeof(SHA256_CTX) and it can cause weird problems if wrong SHA256_Init gets used. Looking at the source, MINIX 3 seems to have a similar issue but I'm not sure. To be safe, I disabled SHA256_Init on MINIX 3 too. NetBSD has SHA256_Init in libc and they had a similar problem, but they already fixed it in 2009. Thanks to Jim Wilcoxson for the bug report that helped in finding the problem.
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac27
1 files changed, 21 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac
index d64b0e08..32e68efa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -669,18 +669,32 @@ TUKLIB_PHYSMEM
TUKLIB_CPUCORES
TUKLIB_MBSTR
-# Check for system-provided SHA-256. At least the following is supported:
+# Check for system-provided SHA-256. The supported implementations are listed
+# below. The detection for the ones marked with [*] has been intentionally
+# disabled because they have symbol name conflicts with OpenSSL's libcrypto
+# which can cause weird problems (clean namespaces would make things too
+# boring, I guess).
#
# OS Headers Library Type Function
-# FreeBSD sys/types.h + sha256.h libmd SHA256_CTX SHA256_Init
+# FreeBSD sys/types.h + sha256.h libmd SHA256_CTX SHA256_Init [*]
# NetBSD sys/types.h + sha2.h SHA256_CTX SHA256_Init
# OpenBSD sys/types.h + sha2.h SHA2_CTX SHA256Init
# Solaris sys/types.h + sha2.h libmd SHA256_CTX SHA256Init
-# MINIX 3 sys/types.h + minix/sha2.h libutil SHA256_CTX SHA256_Init
+# MINIX 3 sys/types.h + minix/sha2.h libutil SHA256_CTX SHA256_Init [*]
# Darwin CommonCrypto/CommonDigest.h CC_SHA256_CTX CC_SHA256_Init
#
-# Note that Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
-# of size_t.
+# Notes:
+#
+# - NetBSD's SHA256_Init doesn't conflict with libcrypto because
+# libcrypto on NetBSD was made to use the libc implementation to avoid
+# this exact symbol conflict problem:
+# http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-012.txt.asc
+#
+# - As of 2016-03-10, FreeBSD seems to have the issue fixed in SVN head
+# but not in the FreeBSD 10 branch.
+#
+# - Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
+# of size_t.
#
# We don't check for e.g. OpenSSL or libgcrypt because we don't want
# to introduce dependencies to other packages by default. Maybe such
@@ -712,7 +726,8 @@ if test "x$enable_check_sha256" = "xyes"; then
#ifdef HAVE_MINIX_SHA2_H
# include <minix/sha2.h>
#endif]])
- AC_SEARCH_LIBS([SHA256_Init], [md util])
+ dnl Omit detection of the FreeBSD and MINIX 3 versions:
+ dnl AC_SEARCH_LIBS([SHA256_Init], [md util])
AC_SEARCH_LIBS([SHA256Init], [md])
AC_CHECK_FUNCS([CC_SHA256_Init SHA256_Init SHA256Init],
[break])