If running ./config no-cms make
then there's multiple problems with new code that adds new CMS functionality that was not properly protected by #ifndef OPENSSL_NO_CMS I've attaching a patch file that I've done over 1.0.2. It compiles with the patch. The changes are fairly simple in all files except dh_pmeth.c which you should probably reconsider. In dh_pmeth.c, pkey_dh_ctrl(), the change is a bit ugly, especially if there's a plan to make more types of kdf_type in addition to the two existing ones. I've done it like so to minimize the change. Perhaps changes this to a switch would make it more elegant and future-proof. In dh_pmeth.c, pkey_dh_derive - apart from the reasonable change of putting the whole "else if" under a #ifndef, I've also changed the default return value of the function to 0. If the "if" and the "else if" don't recognize the kdf_type, I think it's much more reasonable for the function to indicate a failure, instead of the original code.
openssl_no_cms.patch
Description: Binary data
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
