[openssl-dev] [openssl.org #3674] Bug report - cannot compile 1.0.2 with no-cms

David Bar via RT rt at openssl.org
Mon Jan 26 18:02:51 UTC 2015


If running
./config no-cms
make


then there's multiple problems with new code that adds new CMS
functionality that was not properly protected by #ifndef OPENSSL_NO_CMS

I've attaching a patch file that I've done over 1.0.2. It compiles with the
patch.
The changes are fairly simple in all files except dh_pmeth.c which you
should probably reconsider.
In dh_pmeth.c, pkey_dh_ctrl(), the change is a bit ugly, especially if
there's a plan to make more types of kdf_type in addition to the two
existing ones. I've done it like so to minimize the change. Perhaps changes
this to a switch would make it more elegant and future-proof.
In dh_pmeth.c, pkey_dh_derive - apart from the reasonable change of putting
the whole "else if" under a #ifndef, I've also changed the default return
value of the function to 0.
If the "if" and the "else if" don't recognize the kdf_type, I think it's
much more reasonable for the function to indicate a failure, instead of the
original code.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl_no_cms.patch
Type: application/octet-stream
Size: 4853 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150126/7648ae1d/attachment.obj>


More information about the openssl-dev mailing list