Also invent OPENSSL_NO_ENTROPY_FALLBACK as it uses SHA512.
Signed-off-by: Joakim Tjernlund <[email protected]>
---
crypto/compat/getentropy_linux.c | 10 ++++++++++
ssl/s3_cbc.c | 5 ++++-
ssl/ssl_algs.c | 2 ++
ssl/t1_lib.c | 2 ++
4 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/crypto/compat/getentropy_linux.c b/crypto/compat/getentropy_linux.c
index b9312ae..be8a265 100644
--- a/crypto/compat/getentropy_linux.c
+++ b/crypto/compat/getentropy_linux.c
@@ -79,8 +79,11 @@ static int getentropy_urandom(void *buf, size_t len);
#ifdef SYS__sysctl
static int getentropy_sysctl(void *buf, size_t len);
#endif
+
+#ifndef OPENSSL_NO_ENTROPY_FALLBACK
static int getentropy_fallback(void *buf, size_t len);
static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
+#endif
int
getentropy(void *buf, size_t len)
@@ -160,7 +163,10 @@ getentropy(void *buf, size_t len)
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
raise(SIGKILL);
#endif
+ ret = -1;
+#ifndef OPENSSL_NO_ENTROPY_FALLBACK
ret = getentropy_fallback(buf, len);
+#endif
if (ret != -1)
return (ret);
@@ -296,6 +302,7 @@ sysctlfailed:
}
#endif /* SYS__sysctl */
+#ifndef OPENSSL_NO_ENTROPY_FALLBACK
static int cl[] = {
CLOCK_REALTIME,
#ifdef CLOCK_MONOTONIC
@@ -320,7 +327,9 @@ static int cl[] = {
CLOCK_THREAD_CPUTIME_ID,
#endif
};
+#endif
+#ifndef OPENSSL_NO_ENTROPY_FALLBACK
static int
getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
{
@@ -542,3 +551,4 @@ getentropy_fallback(void *buf, size_t len)
errno = EIO;
return -1;
}
+#endif
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 983ac94..5b41722 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -366,6 +366,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA256_CTX
+#ifndef OPENSSL_NO_SHA512
static void
tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
{
@@ -378,7 +379,7 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
}
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
-
+#endif
/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
* which ssl3_cbc_digest_record supports. */
char
@@ -475,6 +476,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned
char* md_out,
md_transform = (void(*)(void *ctx, const unsigned char *block))
SHA256_Transform;
md_size = 32;
break;
+#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX*)md_state.c);
md_final_raw = tls1_sha512_final_raw;
@@ -491,6 +493,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned
char* md_out,
md_block_size = 128;
md_length_size = 16;
break;
+#endif
default:
/* ssl3_cbc_record_digest_supported should have been
* called first to check that the hash function is
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 935a58e..04010a8 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -105,8 +105,10 @@ SSL_library_init(void)
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
+#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
+#endif
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5bd6465..d336473 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2019,10 +2019,12 @@ tls12_get_hash(unsigned char hash_alg)
return EVP_sha224();
case TLSEXT_hash_sha256:
return EVP_sha256();
+#ifndef OPENSSL_NO_SHA512
case TLSEXT_hash_sha384:
return EVP_sha384();
case TLSEXT_hash_sha512:
return EVP_sha512();
+#endif
default:
return NULL;
}
--
1.8.5.5
