Bug 200723 - security/libressl fails to statically link
Summary: security/libressl fails to statically link
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernard Spil
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-09 03:06 UTC by Axel Gonzalez
Modified: 2018-02-25 22:13 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (vsevolod)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Axel Gonzalez 2015-06-09 03:06:50 UTC 
This is a sample program:

#include <stdlib.h>
#include <openssl/ssl.h>
#include <curl/curl.h>

int main()
{
    SSL_library_init();
    arc4random();
    curl_easy_init();

    return (0);
}

% clang -I /usr/local/include -L /usr/local/lib arc.c -o arc -static -l curl -l z -l cares -l ssl -l crypto
/usr/lib/libc.a(arc4random.o): In function `arc4random':
/usr/src/lib/libc/gen/arc4random.c:(.text+0x350): multiple definition of `arc4random'
/usr/local/lib/libcrypto.a(libcompat_la-arc4random.o):(.text+0x0): first defined here
/usr/lib/libc.a(arc4random.o): In function `arc4random_buf':
/usr/src/lib/libc/gen/arc4random.c:(.text+0x4c0): multiple definition of `arc4random_buf'
/usr/local/lib/libcrypto.a(libcompat_la-arc4random.o):(.text+0xa0): first defined here
clang: error: linker command failed with exit code 1 (use -v to see invocation


curl is linked to libressl

Now a simple patch that makes the above program link:

cat /usr/ports/security/libressl/files/patch-crypto-compat-arc4random.c
--- crypto/compat/arc4random.c.orig     2015-06-08 21:06:50.000000000 -0500
+++ crypto/compat/arc4random.c  2015-06-08 21:07:03.000000000 -0500
@@ -176,7 +176,7 @@
 }
 
 uint32_t
-arc4random(void)
+arc4random_(void)
 {
        uint32_t val;
 
@@ -187,7 +187,7 @@
 }
 
 void
-arc4random_buf(void *buf, size_t n)
+arc4random_buf_(void *buf, size_t n)
 {
        _ARC4_LOCK();
        _rs_random_buf(buf, n);


With this, the program links correctly.

The configure of the port:

checking dependency style of cc... gcc3
checking for arc4random_buf... (cached) yes
checking for asprintf... (cached) yes


And that file is compiled:

--- compat/libcompat_la-timingsafe_bcmp.lo ---
  CC       compat/libcompat_la-timingsafe_bcmp.lo
--- compat/libcompat_la-arc4random.lo ---
  CC       compat/libcompat_la-arc4random.lo
--- compat/libcompat_la-getentropy_freebsd.lo ---
  CC       compat/libcompat_la-getentropy_freebsd.lo


For what I can see, this shouldn't be compiled if arc4random_buf is detected.
Comment 1 Xin LI freebsd_committer freebsd_triage 2015-06-10 18:17:31 UTC 
(In reply to loox from comment #0)
The proposed patch killed bundled arc4random implementation and therefore should not be committed.

Perhaps libressl can be compiled with -Darc4random=libressl_arc4random -Darc4random_buf=libressl_arc4random_buf.
Comment 2 Walter Schwarzenfeld freebsd_triage 2018-01-12 06:51:02 UTC 
Maintainer feedback, please or close if overcome by events.
Comment 3 Bernard Spil freebsd_committer freebsd_triage 2018-01-12 13:19:30 UTC 
This was an overlap in arc4random that has been solved by additional checks in LibreSSL.

Axel (Submitter), can you please confirm?