I discovered that when OPENSSL_NO_SHA512 is defined, the openssl_1_0_2 stable
branch build fails during the link step with unresolved symbol EVP_sha384. The
attached patch fixes this issue.
[email protected]
>From 235d61e3b8d1c0635d18216384c72cdeded3c961 Mon Sep 17 00:00:00 2001
From: John Peck <[email protected]>
Date: Fri, 9 Oct 2015 09:29:08 -0700
Subject: [PATCH] Fixed compile error when OPENSSL_NO_SHA512 is defined
---
ssl/t1_lib.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 210a5e8..8db3b93 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -886,8 +886,10 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
/* Check to see we have necessary signing algorithm */
if (curve_id[1] == TLSEXT_curve_P_256)
check_md = NID_ecdsa_with_SHA256;
+# ifndef OPENSSL_NO_SHA512
else if (curve_id[1] == TLSEXT_curve_P_384)
check_md = NID_ecdsa_with_SHA384;
+# endif
else
return 0; /* Should never happen */
for (i = 0; i < c->shared_sigalgslen; i++)
@@ -899,7 +901,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
if (check_md == NID_ecdsa_with_SHA256)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha256();
else
+# ifndef OPENSSL_NO_SHA512
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha384();
+# else
+ return 0; /* Should never happen */
+# endif
}
}
return rv;
--
1.9.1
_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
