Build: Avoid SHA256_Init on FreeBSD and MINIX 3.

On FreeBSD 10 and older, SHA256_Init from libmd conflicts with libcrypto from OpenSSL. The OpenSSL version has different sizeof(SHA256_CTX) and it can cause weird problems if wrong SHA256_Init gets used. Looking at the source, MINIX 3 seems to have a similar issue but I'm not sure. To be safe, I disabled SHA256_Init on MINIX 3 too. NetBSD has SHA256_Init in libc and they had a similar problem, but they already fixed it in 2009. Thanks to Jim Wilcoxson for the bug report that helped in finding the problem.

Build: Avoid SHA256_Init on FreeBSD and MINIX 3.
d99a6fba0dbf · Lasse Collin · 4238a5930cb1 · d99a6fba
Commit d99a6fba0dbf authored 9 years ago by Lasse Collin
--- a/configure.ac
+++ b/configure.ac
@@ -645,6 +645,10 @@
 TUKLIB_CPUCORES
 TUKLIB_MBSTR

-# Check for system-provided SHA-256. At least the following is supported:
+# Check for system-provided SHA-256. The supported implementations are listed
+# below. The detection for the ones marked with [*] has been intentionally
+# disabled because they have symbol name conflicts with OpenSSL's libcrypto
+# which can cause weird problems (clean namespaces would make things too
+# boring, I guess).
 #
 # OS       Headers                     Library  Type           Function
@@ -649,6 +653,6 @@
 #
 # OS       Headers                     Library  Type           Function
-# FreeBSD  sys/types.h + sha256.h      libmd    SHA256_CTX     SHA256_Init
+# FreeBSD  sys/types.h + sha256.h      libmd    SHA256_CTX     SHA256_Init [*]
 # NetBSD   sys/types.h + sha2.h                 SHA256_CTX     SHA256_Init
 # OpenBSD  sys/types.h + sha2.h                 SHA2_CTX       SHA256Init
 # Solaris  sys/types.h + sha2.h        libmd    SHA256_CTX     SHA256Init
@@ -652,6 +656,6 @@
 # NetBSD   sys/types.h + sha2.h                 SHA256_CTX     SHA256_Init
 # OpenBSD  sys/types.h + sha2.h                 SHA2_CTX       SHA256Init
 # Solaris  sys/types.h + sha2.h        libmd    SHA256_CTX     SHA256Init
-# MINIX 3  sys/types.h + minix/sha2.h  libutil  SHA256_CTX     SHA256_Init
+# MINIX 3  sys/types.h + minix/sha2.h  libutil  SHA256_CTX     SHA256_Init [*]
 # Darwin   CommonCrypto/CommonDigest.h          CC_SHA256_CTX  CC_SHA256_Init
 #
@@ -656,6 +660,16 @@
 # Darwin   CommonCrypto/CommonDigest.h          CC_SHA256_CTX  CC_SHA256_Init
 #
-# Note that Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
+# Notes:
+#
+#   - NetBSD's SHA256_Init doesn't conflict with libcrypto because
+#     libcrypto on NetBSD was made to use the libc implementation to avoid
+#     this exact symbol conflict problem:
+#     http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-012.txt.asc
+#
+#   - As of 2016-03-10, FreeBSD seems to have the issue fixed in SVN head
+#     but not in the FreeBSD 10 branch.
+#
+#   - Darwin's CC_SHA256_Update takes buffer size as uint32_t instead
 #     of size_t.
 #
 # We don't check for e.g. OpenSSL or libgcrypt because we don't want
@@ -688,7 +702,8 @@
 			  #ifdef HAVE_MINIX_SHA2_H
 			  # include <minix/sha2.h>
 			  #endif]])
-		AC_SEARCH_LIBS([SHA256_Init], [md util])
+		dnl Omit detection of the FreeBSD and MINIX 3 versions:
+		dnl AC_SEARCH_LIBS([SHA256_Init], [md util])
 		AC_SEARCH_LIBS([SHA256Init], [md])
 		AC_CHECK_FUNCS([CC_SHA256_Init SHA256_Init SHA256Init],
 			[break])