File 0665-crypto-DISABLE_EVP_HMAC-flag.patch of Package erlang
From c868617924bba522bbd1c6da37102544ec5af89f Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Thu, 19 Nov 2020 15:06:02 +0100
Subject: [PATCH 1/4] crypto: DISABLE_EVP_HMAC flag
---
lib/crypto/c_src/Makefile.in | 2 +-
lib/crypto/c_src/hmac.c | 2 +-
lib/crypto/c_src/hmac.h | 2 +-
lib/crypto/c_src/mac.c | 4 ++--
lib/crypto/configure.in | 10 ++++++++++
5 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in
index 786fbc1031..e2b89129c1 100644
--- a/lib/crypto/c_src/Makefile.in
+++ b/lib/crypto/c_src/Makefile.in
@@ -142,7 +142,7 @@ ifndef RANLIB
RANLIB=true
endif
-CONFIGURE_ARGS = -DDISABLE_EVP_DH=@DISABLE_EVP_DH@
+CONFIGURE_ARGS = -DDISABLE_EVP_DH=@DISABLE_EVP_DH@ -DDISABLE_EVP_HMAC=@DISABLE_EVP_HMAC@
ALL_CFLAGS = $(TYPE_FLAGS) $(EXTRA_FLAGS) $(CONFIGURE_ARGS) $(INCLUDES)
ALL_STATIC_CFLAGS = @DED_STATIC_CFLAGS@ $(CONFIGURE_ARGS) $(INCLUDES)
diff --git a/lib/crypto/c_src/hmac.c b/lib/crypto/c_src/hmac.c
index 3b3e0bf894..193902c481 100644
--- a/lib/crypto/c_src/hmac.c
+++ b/lib/crypto/c_src/hmac.c
@@ -28,7 +28,7 @@
*
****************************************************************/
-#ifndef HAS_EVP_PKEY_CTX
+#if !defined(HAS_EVP_PKEY_CTX) || DISABLE_EVP_HMAC
#include "hmac.h"
#include "digest.h"
diff --git a/lib/crypto/c_src/hmac.h b/lib/crypto/c_src/hmac.h
index deeab168a9..df432512f3 100644
--- a/lib/crypto/c_src/hmac.h
+++ b/lib/crypto/c_src/hmac.h
@@ -21,7 +21,7 @@
#ifndef E_HMAC_H__
#define E_HMAC_H__ 1
-#ifndef HAS_EVP_PKEY_CTX
+#if !defined(HAS_EVP_PKEY_CTX) || DISABLE_EVP_HMAC
#include "common.h"
diff --git a/lib/crypto/c_src/mac.c b/lib/crypto/c_src/mac.c
index 149975ba9d..8735158a01 100644
--- a/lib/crypto/c_src/mac.c
+++ b/lib/crypto/c_src/mac.c
@@ -62,7 +62,7 @@ static struct mac_type_t mac_types[] =
},
{{"hmac"}, 0,
-#ifdef HAS_EVP_PKEY_CTX
+#if defined(HAS_EVP_PKEY_CTX) && (! DISABLE_EVP_HMAC)
{EVP_PKEY_HMAC}, HMAC_mac, 0
#else
/* HMAC is always supported, but possibly with low-level routines */
@@ -271,7 +271,7 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
}
md = digp->md.p;
-#ifdef HAS_EVP_PKEY_CTX
+#if defined(HAS_EVP_PKEY_CTX) && (! DISABLE_EVP_HMAC)
# ifdef HAVE_PKEY_new_raw_private_key
/* Prefered for new applications according to EVP_PKEY_new_mac_key(3) */
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, /*engine*/ NULL, key_bin.data, key_bin.size);
diff --git a/lib/crypto/configure.in b/lib/crypto/configure.in
index 71324c0685..d9e431a61f 100644
--- a/lib/crypto/configure.in
+++ b/lib/crypto/configure.in
@@ -186,6 +186,15 @@ AS_HELP_STRING([--disable-evp-dh],
esac ], DISABLE_EVP_DH=0)
+AC_ARG_ENABLE(evp-hmac,
+AS_HELP_STRING([--disable-evp-hmac],
+ [intentionally undocumented workaround]),
+[ case "$enableval" in
+ no) DISABLE_EVP_HMAC=1;;
+ *) DISABLE_EVP_HMAC=0;;
+ esac ], DISABLE_EVP_HMAC=0)
+
+
#----------------------------------------------------------------------
# We actually might do the SSL tests twice due to late discovery of
# kerberos problems with static linking, in case we redo it all trying
@@ -788,6 +797,7 @@ AC_SUBST(STATIC_KERBEROS_LIBS)
AC_SUBST(SSL_LINK_WITH_ZLIB)
AC_SUBST(STATIC_ZLIB_LIBS)
AC_SUBST(DISABLE_EVP_DH)
+AC_SUBST(DISABLE_EVP_HMAC)
AC_OUTPUT(c_src/$host/Makefile:c_src/Makefile.in)
--
2.26.2
