Fix symbol name collision with systems that have their own sha2

implementation.  This can result in PAM using the wrong sha2
implementation on Solaris systems configured to use SHA512 for
passwords.

configure

@@ -19826,7 +19826,7 @@ if test X"$FOUND_SHA2" = X"no"; then
 esac
 
 
-    for _sym in SHA224Final SHA224Init SHA224Pad SHA224Transform SHA224Update SHA256Final SHA256Init SHA256Pad SHA256Transform SHA256Update SHA384Final SHA384Init SHA384Pad SHA384Transform SHA384Update SHA512Final SHA512Init SHA512Pad SHA512Transform SHA512Update; do
+    for _sym in sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update; do
 	COMPAT_EXP="${COMPAT_EXP}${_sym}
 "
     done

configure.ac

@@ -2609,7 +2609,7 @@ AC_CHECK_HEADER([sha2.h], [
 ])
 if test X"$FOUND_SHA2" = X"no"; then
     AC_LIBOBJ(sha2)
-    SUDO_APPEND_COMPAT_EXP(SHA224Final SHA224Init SHA224Pad SHA224Transform SHA224Update SHA256Final SHA256Init SHA256Pad SHA256Transform SHA256Update SHA384Final SHA384Init SHA384Pad SHA384Transform SHA384Update SHA512Final SHA512Init SHA512Pad SHA512Transform SHA512Update)
+    SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update)
 fi
 dnl
 dnl Function checks for sudo_noexec

include/compat/sha2.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2014 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -47,28 +47,52 @@ typedef struct {
     uint8_t buffer[SHA512_BLOCK_LENGTH];
 } SHA2_CTX;
 
-__dso_public void SHA224Init(SHA2_CTX *ctx);
+__dso_public void sudo_SHA224Init(SHA2_CTX *ctx);
-__dso_public void SHA224Pad(SHA2_CTX *ctx);
+__dso_public void sudo_SHA224Pad(SHA2_CTX *ctx);
-__dso_public void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]);
+__dso_public void sudo_SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]);
-__dso_public void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+__dso_public void sudo_SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-__dso_public void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx);
+__dso_public void sudo_SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx);
 
-__dso_public void SHA256Init(SHA2_CTX *ctx);
+#define SHA224Init		sudo_SHA224Init
-__dso_public void SHA256Pad(SHA2_CTX *ctx);
+#define SHA224Pad		sudo_SHA224Pad
-__dso_public void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]);
+#define SHA224Transform		sudo_SHA224Transform
-__dso_public void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+#define SHA224Update		sudo_SHA224Update
-__dso_public void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx);
+#define SHA224Final		sudo_SHA224Final
 
-__dso_public void SHA384Init(SHA2_CTX *ctx);
+__dso_public void sudo_SHA256Init(SHA2_CTX *ctx);
-__dso_public void SHA384Pad(SHA2_CTX *ctx);
+__dso_public void sudo_SHA256Pad(SHA2_CTX *ctx);
-__dso_public void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]);
+__dso_public void sudo_SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]);
-__dso_public void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+__dso_public void sudo_SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
-__dso_public void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx);
+__dso_public void sudo_SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx);
 
-__dso_public void SHA512Init(SHA2_CTX *ctx);
+#define SHA256Init		sudo_SHA256Init
-__dso_public void SHA512Pad(SHA2_CTX *ctx);
+#define SHA256Pad		sudo_SHA256Pad
-__dso_public void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]);
+#define SHA256Transform		sudo_SHA256Transform
-__dso_public void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+#define SHA256Update		sudo_SHA256Update
-__dso_public void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx);
+#define SHA256Final		sudo_SHA256Final
+
+__dso_public void sudo_SHA384Init(SHA2_CTX *ctx);
+__dso_public void sudo_SHA384Pad(SHA2_CTX *ctx);
+__dso_public void sudo_SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]);
+__dso_public void sudo_SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+__dso_public void sudo_SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+#define SHA384Init		sudo_SHA384Init
+#define SHA384Pad		sudo_SHA384Pad
+#define SHA384Transform		sudo_SHA384Transform
+#define SHA384Update		sudo_SHA384Update
+#define SHA384Final		sudo_SHA384Final
+
+__dso_public void sudo_SHA512Init(SHA2_CTX *ctx);
+__dso_public void sudo_SHA512Pad(SHA2_CTX *ctx);
+__dso_public void sudo_SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]);
+__dso_public void sudo_SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+__dso_public void sudo_SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+#define SHA512Init		sudo_SHA512Init
+#define SHA512Pad		sudo_SHA512Pad
+#define SHA512Transform		sudo_SHA512Transform
+#define SHA512Update		sudo_SHA512Update
+#define SHA512Final		sudo_SHA512Final
 
 #endif /* _SUDOERS_SHA2_H */