[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Sep 3 18:45:30 UTC 2015


The branch master has been updated
       via  e968561d5e762e6c05e74541137916b4f20a144b (commit)
      from  231efb936548320e81c3259b41c26bb71e83720a (commit)


- Log -----------------------------------------------------------------
commit e968561d5e762e6c05e74541137916b4f20a144b
Author: David Bar <david.bar at gmail.com>
Date:   Mon Aug 3 12:45:26 2015 -0400

    RT3674: Make no-cms build work.
    
    Also has changes from from David Woodhouse <David.Woodhouse at intel.com>
    and some tweaks from me.
    
    Signed-off-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/Makefile     |  2 +-
 crypto/dh/dh_kdf.c     |  6 ++++++
 crypto/dh/dh_pmeth.c   | 12 ++++++++++--
 crypto/ec/ec_ameth.c   |  2 ++
 crypto/rsa/rsa_ameth.c |  8 ++++++++
 include/openssl/dh.h   |  4 ++++
 test/cms-test.pl       |  7 +++++++
 util/libeay.num        |  2 +-
 8 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
index f9be501..655bca0 100644
--- a/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
@@ -120,7 +120,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../include/internal/cryptlib.h dh_gen.c
-dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
 dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index b812d82..5597960 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -51,13 +51,18 @@
  * ====================================================================
  */
 
+#include <e_os.h>
+
+#ifndef OPENSSL_NO_CMS
 #include <string.h>
 #include <openssl/dh.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/cms.h>
 
+
 /* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
 
 #define DH_KDF_MAX      (1L << 30)
 
@@ -184,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     EVP_MD_CTX_cleanup(&mctx);
     return rv;
 }
+#endif
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 763e42f..751428c 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -205,7 +205,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_DH_KDF_TYPE:
         if (p1 == -2)
             return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
         if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
             return -2;
         dctx->kdf_type = p1;
         return 1;
@@ -447,7 +451,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             return ret;
         *keylen = ret;
         return 1;
-    } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
         unsigned char *Z = NULL;
         size_t Zlen = 0;
         if (!dctx->kdf_outlen || !dctx->kdf_oid)
@@ -475,7 +482,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         OPENSSL_clear_free(Z, Zlen);
         return ret;
     }
-    return 1;
+#endif
+    return 0;
 }
 
 const EVP_PKEY_METHOD dh_pkey_meth = {
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index edb68d1..e2f3287 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -67,8 +67,10 @@
 #include <openssl/asn1t.h>
 #include "internal/asn1_int.h"
 
+#ifndef OPENSSL_NO_CMS
 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
 
 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
 {
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index d409631..63f88e5 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -68,10 +68,12 @@
 #endif
 #include "internal/asn1_int.h"
 
+#ifndef OPENSSL_NO_CMS
 static int rsa_cms_sign(CMS_SignerInfo *si);
 static int rsa_cms_verify(CMS_SignerInfo *si);
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
 
 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
@@ -653,6 +655,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
     return rv;
 }
 
+#ifndef OPENSSL_NO_CMS
 static int rsa_cms_verify(CMS_SignerInfo *si)
 {
     int nid, nid2;
@@ -671,6 +674,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
     }
     return 0;
 }
+#endif
 
 /*
  * Customised RSA item verification routine. This is called when a signature
@@ -693,6 +697,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
     return -1;
 }
 
+#ifndef OPENSSL_NO_CMS
 static int rsa_cms_sign(CMS_SignerInfo *si)
 {
     int pad_mode = RSA_PKCS1_PADDING;
@@ -717,6 +722,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
     return 1;
 }
+#endif
 
 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                          X509_ALGOR *alg1, X509_ALGOR *alg2,
@@ -750,6 +756,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
     return 2;
 }
 
+#ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
                                         X509_ALGOR **pmaskHash)
 {
@@ -900,6 +907,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     ASN1_STRING_free(os);
     return rv;
 }
+#endif
 
 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
     {
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index f1de53d..f5b03d3 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -239,11 +239,13 @@ DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 
+# ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *Z, size_t Zlen,
                  ASN1_OBJECT *key_oid,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
 
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@@ -336,7 +338,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 
 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
 # define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
 
 /* BEGIN ERROR CODES */
 /*
diff --git a/test/cms-test.pl b/test/cms-test.pl
index baa3b59..1ee3f02 100644
--- a/test/cms-test.pl
+++ b/test/cms-test.pl
@@ -100,6 +100,13 @@ my $no_ec2m;
 my $no_ecdh;
 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
 
+system ("$ossl_path no-cms > $null_path");
+if ($? == 0)
+        {
+        print "CMS disabled\n";
+        exit 0;
+        }
+
 system ("$ossl_path no-ec > $null_path");
 if ($? == 0)
 	{
diff --git a/util/libeay.num b/util/libeay.num
index bfdd162..fd8375d 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4368,7 +4368,7 @@ DH_compute_key_padded                   4732	EXIST::FUNCTION:DH
 ECDSA_METHOD_set_sign                   4733	EXIST::FUNCTION:EC
 CMS_RecipientEncryptedKey_cert_cmp      4734	EXIST:!VMS:FUNCTION:CMS
 CMS_RecipEncryptedKey_cert_cmp          4734	EXIST:VMS:FUNCTION:CMS
-DH_KDF_X9_42                            4735	EXIST::FUNCTION:DH
+DH_KDF_X9_42                            4735	EXIST::FUNCTION:CMS,DH
 RSA_OAEP_PARAMS_free                    4736	EXIST::FUNCTION:RSA
 EVP_des_ede3_wrap                       4737	EXIST::FUNCTION:DES
 RSA_OAEP_PARAMS_it                      4738	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA


More information about the openssl-commits mailing list