Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 13 Apr 2013 00:37:46 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: jumbo pull request #255 (trouble with static builds)

On Fri, Apr 12, 2013 at 01:03:51AM +0200, John Spencer wrote:
> basically the makefile currently links to -lssl -lcrypto unconditionally.
> when static linking this leads to duplicate symbols from builtin sources
> i.e. MD5_Init, MD4_Init. those are in libcrypto and in jtr source files 
> md5.c and md4.c.
> both files have checks for HAVE_OPENSSL in them.
> so defining these at build time makes them omit their content, i.e. 
> empty object files.
> 
> thus i've added the CFLAG -DHAVE_OPENSSL unconditionally as well.
> this fixes the problem.

Yes, this is a known issue and adding -DHAVE_OPENSSL is a known
workaround for static linking.  This was brought up in here before.

I am not sure if we want to add -DHAVE_OPENSSL.  Since jumbo requires
OpenSSL anyway, a cleaner fix would be to drop our own OpenSSL-style
non-SIMD MD4 and MD5 interfaces entirely.  However, our code may be a
bit faster since it omits the zeroization on MD[45]_Final().

> this is one of two possible fixes, the alternative is that a proper 
> check for an installed openssl is done (or the user can choose) and if 
> so add both -DHAVE_OPENSSL to CFLAGS and -lssl -lcrypto to LDFLAGS.

A better fix may be to rename our interfaces and thus avoid the clash
with OpenSSL's.  As an option, we could add some #define's renaming the
interfaces (e.g. adding leading "john_") to the start of md[45].h.  We
already use this approach for "int64".

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ