Some places lacked #ifndef OPENSSL_NO_SHA256 wrapping
Signed-off-by: Joakim Tjernlund <[email protected]>
---
crypto/dsa/dsa_gen.c | 6 ++++--
ssl/s3_cbc.c | 4 ++++
ssl/s3_clnt.c | 8 +++++++-
ssl/ssl_algs.c | 2 ++
ssl/ssl_locl.h | 5 ++++-
ssl/t1_lib.c | 2 ++
6 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3879067..e29d878 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,11 +80,13 @@ DSA_generate_parameters_ex(DSA *ret, int bits, const
unsigned char *seed_in,
else {
const EVP_MD *evpmd;
size_t qbits;
-
+#ifndef OPENSSL_NO_SHA256
if (bits >= 2048) {
qbits = 256;
evpmd = EVP_sha256();
- } else {
+ } else
+#endif
+ {
qbits = 160;
evpmd = EVP_sha1();
}
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 5b41722..bdd03e9 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -353,6 +353,7 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
}
#define LARGEST_DIGEST_CTX SHA_CTX
+#ifndef OPENSSL_NO_SHA256
static void
tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
@@ -365,6 +366,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
}
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA256_CTX
+#endif
#ifndef OPENSSL_NO_SHA512
static void
@@ -464,6 +466,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned
char* md_out,
md_transform = (void(*)(void *ctx, const unsigned char *block))
SHA1_Transform;
md_size = 20;
break;
+#ifndef OPENSSL_NO_SHA256
case NID_sha224:
SHA224_Init((SHA256_CTX*)md_state.c);
md_final_raw = tls1_sha256_final_raw;
@@ -476,6 +479,7 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned
char* md_out,
md_transform = (void(*)(void *ctx, const unsigned char *block))
SHA256_Transform;
md_size = 32;
break;
+#endif
#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX*)md_state.c);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 14d91cf..6678c63 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1823,7 +1823,13 @@ ssl3_get_new_session_ticket(SSL *s)
* ticket.
*/
EVP_Digest(p, ticklen, s->session->session_id,
- &s->session->session_id_length, EVP_sha256(), NULL);
+ &s->session->session_id_length,
+#ifndef OPENSSL_NO_SHA512
+ EVP_sha256(),
+#else
+ EVP_sha1(),
+#endif
+ NULL);
ret = 1;
return (ret);
f_err:
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 04010a8..b292ff9 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -103,8 +103,10 @@ SSL_library_init(void)
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
+#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 963388f..38b7493 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -820,8 +820,11 @@ int ssl_prepare_serverhello_tlsext(SSL *s);
int ssl_check_clienthello_tlsext_early(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
-
+#ifndef OPENSSL_NO_SHA256
#define tlsext_tick_md EVP_sha256
+#else
+#define tlsext_tick_md EVP_sha1
+#endif
int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
const unsigned char *limit, SSL_SESSION **ret);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d336473..6cb785f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2015,10 +2015,12 @@ tls12_get_hash(unsigned char hash_alg)
switch (hash_alg) {
case TLSEXT_hash_sha1:
return EVP_sha1();
+#ifndef OPENSSL_NO_SHA256
case TLSEXT_hash_sha224:
return EVP_sha224();
case TLSEXT_hash_sha256:
return EVP_sha256();
+#endif
#ifndef OPENSSL_NO_SHA512
case TLSEXT_hash_sha384:
return EVP_sha384();
--
1.8.5.5
