Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EVP_sha256() does not appear in OpenSSL until 0.9.7h, not available by default until 0.9.8 #8464

Closed
wants to merge 1 commit into from

Conversation

asedeno
Copy link
Contributor

@asedeno asedeno commented Feb 16, 2022

We can't use OpenSSL's SHA256 implementation in versions that predate it, and the EVP_sha256() function does not appear until OpenSSL 0.9.7h. It is possible it was not enabled by default until later, and someone else can propose moving this threshold up further, but this is the minimum lower bound for this to work.

@bagder
Copy link
Member

@bagder bagder commented Feb 16, 2022

Does it really appear in 0.9.7h? this email seems to suggest that it might not. I presume you're using a version older than 0.9.7h yourself? (I also presume you're fully aware that you really should upgrade to a more modern version)

@bagder bagder added the TLS label Feb 16, 2022
@asedeno
Copy link
Contributor Author

@asedeno asedeno commented Feb 16, 2022

My determination was made using a git checkout of the openssl repo, checking out the various tags, and grepping for EVP_sha256. There were zero results before 0.9.7h, and consistent results from 0.9.7h to 0.9.7m, which is why I say 0.9.7h is a lower bound below which it will definitely not work.

I saw that thread, but it was not clear to me in the changelogs from 0.9.7h to 0.9.7m when something relevant may have changed.

The ancient platform I'm building git (and for git, curl) for is an old Solaris installation with a bunch of packages installed at /usr/athena/ and OpenSSL 0.9.7d. It's not mine to upgrade.

@asedeno
Copy link
Contributor Author

@asedeno asedeno commented Feb 16, 2022

You know, building these versions won't take that long. I'll try to pin it down better.

@asedeno
Copy link
Contributor Author

@asedeno asedeno commented Feb 17, 2022

Okay, I tested with a tiny program,

#include <stdio.h>
#include <openssl/evp.h>

int main(char* argv, int argc) {
     printf("%p\n", EVP_sha256);
     return 0;
}

and compiled and it, statically linking against libssl.a and libcrypto.a from builds of OpenSSL 0.9.7h-0.9.7m and 0.9.8 with default config (no-asm for 0.9.8, because I needed it to build). Only 0.9.8 worked.

$ cc -I./openssl-0.9.7m/include sha256.c ./openssl-0.9.7m/libcrypto.a ./openssl-0.9.7m/libssl.a && ldd ./a.out && ./a.out 
sha256.c: In function ‘main’:
sha256.c:5:21: error: ‘EVP_sha256’ undeclared (first use in this function); did you mean ‘EVP_sha1’?
      printf("%p\n", EVP_sha256);
                     ^~~~~~~~~~
                     EVP_sha1
sha256.c:5:21: note: each undeclared identifier is reported only once for each function it appears in
 $ cc -I./openssl-0.9.8/include sha256.c ./openssl-0.9.8/libcrypto.a ./openssl-0.9.8/libssl.a && ldd ./a.out && ./a.out 
        linux-vdso.so.1 (0x00007fff165a2000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f123f311000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f123f55f000)
0x556722efc4a0

So I think we want to push that back up to 0.9.8 and will update the patch accordingly.

EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and
does not get built by default until 0.9.8, so trying to use it for all
0.9.7 is wrong, and before 0.9.8 is unreliable.
@asedeno asedeno force-pushed the sha256_and_old_openssl branch from ecbdbcf to 0546028 Compare Feb 17, 2022
@asedeno asedeno changed the title EVP_sha256() does not appear in OpenSSL until 0.9.7h EVP_sha256() does not appear in OpenSSL until 0.9.7h, not available by default until 0.9.8 Feb 17, 2022
@jay
Copy link
Member

@jay jay commented Feb 17, 2022

Thanks

@asedeno asedeno deleted the sha256_and_old_openssl branch Feb 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants