[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Mar 18 17:08:58 UTC 2016
The branch master has been updated
via 96bea0002b44f1f490a798d6122d6b15d1fe6b09 (commit)
via 40a8e9c2effc655413e8283fb31e7cffeeb6154a (commit)
via 6bf73e53b727b4da58973d73d95fa04f922f0c90 (commit)
via b4a3aeebd9f9280aa7e69a343f5c824e68466d90 (commit)
from ef33d131850440da8556f08996f63898e849d267 (commit)
- Log -----------------------------------------------------------------
commit 96bea0002b44f1f490a798d6122d6b15d1fe6b09
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 18 15:56:06 2016 +0000
Fix no-des
Numerous fixes for no-des.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 40a8e9c2effc655413e8283fb31e7cffeeb6154a
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 18 14:17:03 2016 +0000
Fix no-dgram
A few places in s_client needed some OPENSSL_NO_DTLS guards which fixes
no-dgram.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 6bf73e53b727b4da58973d73d95fa04f922f0c90
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 18 14:07:31 2016 +0000
Fix no-deprecated
The no-deprecated build was failing because afalg was relying on a
transitive include that does not exist in a no-deprecated build.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit b4a3aeebd9f9280aa7e69a343f5c824e68466d90
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 18 13:49:25 2016 +0000
Fix no-cmac
There were a couple of CMAC references without OPENSSL_NO_CMAC guards.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 4 +++-
apps/s_client.c | 13 ++++++++++---
apps/speed.c | 2 ++
crypto/asn1/ameth_lib.c | 2 ++
crypto/cms/cms_kari.c | 5 ++++-
crypto/evp/pmeth_lib.c | 2 ++
engines/afalg/e_afalg.c | 1 +
test/evp_test.c | 19 ++++++++++++++++---
test/recipes/80-test_cms.t | 22 ++++++++++++----------
9 files changed, 52 insertions(+), 18 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1fd1fad..6657c4f 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -57,7 +57,9 @@
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES)
+#if defined(OPENSSL_NO_DES)
+NON_EMPTY_TRANSLATION_UNIT
+#else
# include <stdio.h>
# include <stdlib.h>
diff --git a/apps/s_client.c b/apps/s_client.c
index 9f8a3c9..1120377 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -884,14 +884,13 @@ int s_client_main(int argc, char **argv)
char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
char *xmpphost = NULL;
const char *ehlo = "mail.example.com";
- struct sockaddr peer;
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
int noCApath = 0, noCAfile = 0;
int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
int prexit = 0;
- int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer;
+ int sdebug = 0;
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
int sbuf_len, sbuf_off, cmdletters = 1;
@@ -900,8 +899,12 @@ int s_client_main(int argc, char **argv)
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
int read_buf_len = 0;
int fallback_scsv = 0;
- long socket_mtu = 0, randamt = 0;
+ long randamt = 0;
OPTION_CHOICE o;
+#ifndef OPENSSL_NO_DTLS
+ int enable_timeouts = 0;
+ long socket_mtu = 0;
+#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE *ssl_client_engine = NULL;
#endif
@@ -1813,7 +1816,10 @@ int s_client_main(int argc, char **argv)
}
BIO_printf(bio_c_out, "Turned on non blocking io\n");
}
+#ifndef OPENSSL_NO_DTLS
if (socket_type == SOCK_DGRAM) {
+ struct sockaddr peer;
+ int peerlen = sizeof peer;
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0) {
@@ -1852,6 +1858,7 @@ int s_client_main(int argc, char **argv)
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
} else
+#endif /* OPENSSL_NO_DTLS */
sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (nbio_test) {
diff --git a/apps/speed.c b/apps/speed.c
index 230ed62..260b55f 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1386,7 +1386,9 @@ int speed_main(int argc, char **argv)
memset(results, 0, sizeof(results));
memset(c, 0, sizeof(c));
+#ifndef OPENSSL_NO_DES
memset(DES_iv, 0, sizeof(DES_iv));
+#endif
memset(iv, 0, sizeof(iv));
for (i = 0; i < ALGOR_NUM; i++)
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 8458e81..0926a4f 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -86,7 +86,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
&eckey_asn1_meth,
#endif
&hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
&cmac_asn1_meth,
+#endif
#ifndef OPENSSL_NO_DH
&dhx_asn1_meth
#endif
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 79634ad..562b1e5 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -389,9 +389,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
* Pick a cipher based on content encryption cipher. If it is DES3 use
* DES3 wrap otherwise use AES wrap similar to key size.
*/
+#ifndef OPENSSL_NO_DES
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
kekcipher = EVP_des_ede3_wrap();
- else if (keylen <= 16)
+ else
+#endif
+ if (keylen <= 16)
kekcipher = EVP_aes_128_wrap();
else if (keylen <= 24)
kekcipher = EVP_aes_192_wrap();
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 26bec9a..a285009 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -86,7 +86,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
&ec_pkey_meth,
#endif
&hmac_pkey_meth,
+#ifndef OPENSSL_NO_CMAC
&cmac_pkey_meth,
+#endif
#ifndef OPENSSL_NO_DH
&dhx_pkey_meth,
#endif
diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c
index 90d7602..3ccf9d5 100644
--- a/engines/afalg/e_afalg.c
+++ b/engines/afalg/e_afalg.c
@@ -60,6 +60,7 @@
#include <openssl/engine.h>
#include <openssl/async.h>
+#include <openssl/err.h>
#include <linux/version.h>
#define K_MAJ 4
diff --git a/test/evp_test.c b/test/evp_test.c
index bda7f69..ed03c86 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1022,11 +1022,16 @@ static int mac_test_init(struct evp_test *t, const char *alg)
{
int type;
struct mac_data *mdat;
- if (strcmp(alg, "HMAC") == 0)
+ if (strcmp(alg, "HMAC") == 0) {
type = EVP_PKEY_HMAC;
- else if (strcmp(alg, "CMAC") == 0)
+ } else if (strcmp(alg, "CMAC") == 0) {
+#ifndef OPENSSL_NO_CMAC
type = EVP_PKEY_CMAC;
- else
+#else
+ t->skip = 1;
+ return 1;
+#endif
+ } else
return 0;
mdat = OPENSSL_malloc(sizeof(*mdat));
@@ -1078,6 +1083,14 @@ static int mac_test_run(struct evp_test *t)
unsigned char *mac = NULL;
size_t mac_len;
+#ifdef OPENSSL_NO_DES
+ if (strstr(mdata->alg, "DES") != NULL) {
+ /* Skip DES */
+ err = NULL;
+ goto err;
+ }
+#endif
+
err = "MAC_PKEY_CTX_ERROR";
genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
if (!genctx)
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 2ce8a2c..8dc6e90 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -13,8 +13,8 @@ setup("test_cms");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
-my ($no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
- = disabled qw/dh ec ec2m rc2 zlib/;
+my ($no_des, $no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+ = disabled qw/des dh ec ec2m rc2 zlib/;
plan tests => 4;
@@ -119,7 +119,7 @@ my @smime_pkcs7_tests = (
"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -129,7 +129,7 @@ my @smime_pkcs7_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -139,7 +139,7 @@ my @smime_pkcs7_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -201,7 +201,7 @@ my @smime_cms_tests = (
"-CAfile", catfile($smdir, "smroot.pem") ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms", "-keyid",
catfile($smdir, "smrsa1.pem"),
@@ -306,7 +306,7 @@ my @smime_cms_param_tests = (
"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, OAEP default parameters",
+ [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
@@ -314,7 +314,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, OAEP SHA256",
+ [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
@@ -323,7 +323,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, ECDH",
+ [ "enveloped content test streaming S/MIME format, DES, ECDH",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smec1.pem") ],
@@ -331,7 +331,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
+ [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
[ "-encrypt", "-keyid", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smec1.pem") ],
@@ -475,6 +475,8 @@ sub check_availability {
if ($no_dh && $tnam =~ /X9\.42/);
return "$tnam: skipped, RC2 disabled\n"
if ($no_rc2 && $tnam =~ /RC2/);
+ return "$tnam: skipped, DES disabled\n"
+ if ($no_des && $tnam =~ /DES/);
return "";
}
More information about the openssl-commits
mailing list