[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Wed Aug 19 03:29:02 UTC 2020
The branch master has been updated
via 7fe32ef68855d727c55186bda99b3e2500afa2c2 (commit)
from c51a8af8cca755ceefba64b3cbd0bdb91c74d77c (commit)
- Log -----------------------------------------------------------------
commit 7fe32ef68855d727c55186bda99b3e2500afa2c2
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Aug 19 13:27:31 2020 +1000
Fix no-cms build errors.
Fixes #12640
The X942-KDF is now indepedent of the CMS code (since it no longer uses CMS_SharedInfo_encode).
Any code related to EVP_PKEY_DH_KDF_X9_42 needs to not be wrapped by !defined(OPENSSL_NO_CMS).
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12642)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_kdf.c | 4 ++--
crypto/dh/dh_pmeth.c | 6 ------
include/openssl/dh.h | 6 +-----
util/libcrypto.num | 2 +-
4 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 0b1e5881c3..6f59d6ecc2 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -60,7 +60,7 @@ err:
return ret;
}
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_CMS)
+#if !defined(FIPS_MODULE)
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
@@ -81,4 +81,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
ukm, ukmlen, md, libctx, NULL);
}
-#endif /* !defined(FIPS_MODULE) && !defined(OPENSSL_NO_CMS) */
+#endif /* !defined(FIPS_MODULE) */
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 39b79ffb36..2c74b39db1 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -172,11 +172,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DH_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
-#ifdef OPENSSL_NO_CMS
- if (p1 != EVP_PKEY_DH_KDF_NONE)
-#else
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
-#endif
return -2;
dctx->kdf_type = p1;
return 1;
@@ -445,7 +441,6 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
*keylen = ret;
return 1;
}
-#ifndef OPENSSL_NO_CMS
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
unsigned char *Z = NULL;
@@ -475,7 +470,6 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
OPENSSL_clear_free(Z, Zlen);
return ret;
}
-#endif
return 0;
}
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 4b456cff16..69a5b79c18 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -202,14 +202,12 @@ DH *DH_get_2048_256(void);
DH *DH_new_by_nid(int nid);
DEPRECATEDIN_3_0(int DH_get_nid(const DH *dh))
-# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm,
size_t ukmlen, const EVP_MD *md))
-# endif
void DH_get0_pqg(const DH *dh,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
@@ -316,9 +314,7 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
/* KDF types */
# define EVP_PKEY_DH_KDF_NONE 1
-# ifndef OPENSSL_NO_CMS
-# define EVP_PKEY_DH_KDF_X9_42 2
-# endif
+# define EVP_PKEY_DH_KDF_X9_42 2
# ifdef __cplusplus
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 838d1e686d..b38670b1ab 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2939,7 +2939,7 @@ TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA
-DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0,DH
+DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
More information about the openssl-commits
mailing list