[openssl] master update
Matt Caswell
matt at openssl.org
Thu Aug 29 14:26:11 UTC 2019
The branch master has been updated
via 9a7846dfe512baa55ad0485b67ffdbb2cb3a5cc3 (commit)
via 3be06e0d10e29dc4a00c6cb9dd06067b2c075f35 (commit)
from bad41b689fd67fa44efbe6488c1c0b9d6e14c139 (commit)
- Log -----------------------------------------------------------------
commit 9a7846dfe512baa55ad0485b67ffdbb2cb3a5cc3
Author: Matt Caswell <matt at openssl.org>
Date: Thu Aug 29 11:55:57 2019 +0100
Use ENGINE_get_id() instead of ENGINE_get_name()
ENGINE_get_name() actually returns more of a long description of the
engine, whilst ENGINE_get_id() returns a shorter id.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9720)
commit 3be06e0d10e29dc4a00c6cb9dd06067b2c075f35
Author: Matt Caswell <matt at openssl.org>
Date: Wed Aug 28 16:18:05 2019 +0100
Fix no-engine
Make sure references to ENGINE functions are appropriately guarded.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9720)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 13 +++++++++----
crypto/evp/pkey_mac.c | 4 ++++
providers/common/macs/cmac_prov.c | 3 ++-
providers/common/macs/gmac_prov.c | 3 ++-
providers/common/macs/hmac_prov.c | 3 ++-
5 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index ead1d4ffd3..5691fffae3 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -321,7 +321,9 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher)
{
#ifndef OPENSSL_NO_CMAC
- const char *engine_name = e != NULL ? ENGINE_get_name(e) : NULL;
+# ifndef OPENSSL_NO_ENGINE
+ const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL;
+# endif
const char *cipher_name = EVP_CIPHER_name(cipher);
const OSSL_PROVIDER *prov = EVP_CIPHER_provider(cipher);
OPENSSL_CTX *libctx =
@@ -339,11 +341,14 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
goto err;
}
- if (engine_name != NULL)
+# ifndef OPENSSL_NO_ENGINE
+ if (engine_id != NULL)
params[paramsn++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE,
- (char *)engine_name,
- strlen(engine_name) + 1);
+ (char *)engine_id,
+ strlen(engine_id) + 1);
+# endif
+
params[paramsn++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
(char *)cipher_name,
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 3750220416..05eb2b1b3a 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -274,12 +274,14 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
OSSL_PARAM params[3];
size_t params_n = 0;
char *ciphname = (char *)OBJ_nid2sn(EVP_CIPHER_nid(p2));
+#ifndef OPENSSL_NO_ENGINE
char *engineid = (char *)ENGINE_get_id(ctx->engine);
params[params_n++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE,
engineid,
strlen(engineid) + 1);
+#endif
params[params_n++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
ciphname,
@@ -396,6 +398,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
size_t params_n = 0;
char *mdname =
(char *)OBJ_nid2sn(EVP_MD_nid(hctx->raw_data.md));
+#ifndef OPENSSL_NO_ENGINE
char *engineid = ctx->engine == NULL
? NULL : (char *)ENGINE_get_id(ctx->engine);
@@ -406,6 +409,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
engineid,
engineid_l);
}
+#endif
params[params_n++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
mdname,
diff --git a/providers/common/macs/cmac_prov.c b/providers/common/macs/cmac_prov.c
index f63f405abf..4dcdea6ebe 100644
--- a/providers/common/macs/cmac_prov.c
+++ b/providers/common/macs/cmac_prov.c
@@ -184,7 +184,8 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
const char *algoname = p->data;
const char *propquery = NULL;
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support engines */
+/* Inside the FIPS module, we don't support engines */
+#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(macctx->tmpengine);
macctx->tmpengine = NULL;
diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c
index ae0e9daba9..abd5baa106 100644
--- a/providers/common/macs/gmac_prov.c
+++ b/providers/common/macs/gmac_prov.c
@@ -198,7 +198,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
const char *algoname = p->data;
const char *propquery = NULL;
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support engines */
+/* Inside the FIPS module, we don't support engines */
+#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(macctx->engine);
macctx->engine = NULL;
diff --git a/providers/common/macs/hmac_prov.c b/providers/common/macs/hmac_prov.c
index e77dfe3439..e9be9802e6 100644
--- a/providers/common/macs/hmac_prov.c
+++ b/providers/common/macs/hmac_prov.c
@@ -198,7 +198,8 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
const char *algoname = p->data;
const char *propquery = NULL;
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support engines */
+/* Inside the FIPS module, we don't support engines */
+#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(macctx->tmpengine);
macctx->tmpengine = NULL;
More information about the openssl-commits
mailing list