[openssl] master update

dev at ddvo.net dev at ddvo.net
Fri Dec 4 15:22:14 UTC 2020


The branch master has been updated
       via  06f81af8fc5cf04af828487fbd83bff7f3049a3a (commit)
       via  9d0854f4a95511fb3b2bcf8391e2ca3b527dbbd0 (commit)
       via  0191854154ea48e69af136e19d4b1cd5d0ac9e8e (commit)
       via  821d6f8c679434ddbb2827045b6e3c66ce10da29 (commit)
       via  8c885145618166a33dddcd6715e4f9189c362d21 (commit)
       via  e3a4d3bb615fbebe053efafdd4a040737dc2197c (commit)
       via  8ce3244c5744a99b172876eb2ae9b29e877d2d89 (commit)
       via  01b7708138e4f4b54283b456c50b2b33d41a02f1 (commit)
       via  824cf2c38acfeb9e3a4cf3d039e8368b955eae60 (commit)
      from  300e8c4bf15b8476cbe33624ef47ea228e73d472 (commit)


- Log -----------------------------------------------------------------
commit 06f81af8fc5cf04af828487fbd83bff7f3049a3a
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Dec 1 17:15:45 2020 +0100

    {.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv
    
    This works nicely by addin a new no-bulk option to Configure.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 9d0854f4a95511fb3b2bcf8391e2ca3b527dbbd0
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Dec 2 10:49:49 2020 +0100

    apps/speed.c: Rename misleading 'rsa_count' variable to 'op_count'
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 0191854154ea48e69af136e19d4b1cd5d0ac9e8e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 20:35:49 2020 +0100

    evp_pkey_dparams_test.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 821d6f8c679434ddbb2827045b6e3c66ce10da29
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 20:33:23 2020 +0100

    endecode_test.c: Fix build errors on OPENSSL_NO_{DH,DSA,EC,EC2M}
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 8c885145618166a33dddcd6715e4f9189c362d21
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 20:32:46 2020 +0100

    apps/speed.c: Fix build errors on OPENSSL_NO_{RSA,DSA,EC,DEPECATED_3_0}
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit e3a4d3bb615fbebe053efafdd4a040737dc2197c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 20:23:57 2020 +0100

    fuzz/server.c: Fix build error on OPENSSL_NO_{DSA,EC,DEPECATED_3_0}
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 8ce3244c5744a99b172876eb2ae9b29e877d2d89
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 22:54:18 2020 +0100

    encode_key2text.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 01b7708138e4f4b54283b456c50b2b33d41a02f1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Nov 29 21:30:53 2020 +0100

    encode_key2any.c: Fix build error on OPENSSL_NO_DH and OPENSSL_NO_EC
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

commit 824cf2c38acfeb9e3a4cf3d039e8368b955eae60
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Oct 10 22:25:10 2020 +0200

    appveyor.yml: Move printing of env variables such that locally defined ones are shown as well.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13110)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml                           |   2 +-
 .travis.yml                                        |   3 +-
 Configure                                          |  19 +++-
 INSTALL.md                                         |   5 +
 apps/speed.c                                       | 109 +++++++++++----------
 appveyor.yml                                       |  14 +--
 fuzz/server.c                                      |   3 +
 .../implementations/encode_decode/encode_key2any.c |   3 +
 .../encode_decode/encode_key2text.c                |   2 +
 test/endecode_test.c                               |  10 +-
 test/evp_pkey_dparams_test.c                       |   2 +-
 11 files changed, 108 insertions(+), 64 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 75969493e0..9be1b74c8d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,7 +41,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
+      run: ./config --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
diff --git a/.travis.yml b/.travis.yml
index 6b42cc562a..bda5b238b9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -137,8 +137,7 @@ jobs:
           script: true
         - os: linux
           compiler: gcc
-          env: CONFIGURE_TARGET="linux-generic32" MARKDOWNLINT="yes" CONFIG_OPTS="--strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-cmp no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-ktls no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-siv no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-fips-securitychecks no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT"
-
+          env: CONFIGURE_TARGET="linux-generic32" MARKDOWNLINT="yes" CONFIG_OPTS="no-bulk no-pic no-asm -DOPENSSL_SMALL_FOOTPRINT --strict-warnings no-pic -DOPENSSL_NO_SECURE_MEMORY"
 
 before_script:
     - env
diff --git a/Configure b/Configure
index c3083961e9..27dafe3d25 100755
--- a/Configure
+++ b/Configure
@@ -391,6 +391,7 @@ my @disablables = (
     "bf",
     "blake2",
     "buildtest-c++",
+    "bulk",
     "camellia",
     "capieng",
     "cast",
@@ -539,13 +540,29 @@ our %disabled = ( # "what"         => "comment"
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
     # "what"            => [ "cascade", ... ]
+    "bulk"              => [ "deprecated", "shared", "dso",
+                             "aria", "async", "autoload-config",
+                             "blake2", "bf", "camellia", "cast", "chacha",
+                             "cmac", "cms", "cmp", "comp", "ct",
+                             "des", "dgram", "dh", "dsa",
+                             "ec", "engine",
+                             "filenames",
+                             "idea", "ktls",
+                             "md4", "multiblock", "nextprotoneg",
+                             "ocsp", "ocb", "poly1305", "psk",
+                             "rc2", "rc4", "rmd160",
+                             "seed", "siphash", "siv",
+                             "sm3", "sm4", "srp",
+                             "srtp", "ssl3-method",
+                             "ts", "ui-console", "whirlpool",
+                             "fips-securitychecks" ],
     sub { $config{processor} eq "386" }
                         => [ "sse2" ],
     "ssl"               => [ "ssl3" ],
     "ssl3-method"       => [ "ssl3" ],
     "zlib"              => [ "zlib-dynamic" ],
     "des"               => [ "mdc2" ],
-    "ec"                => [ "ecdsa", "ecdh", "sm2", "gost" ],
+    "ec"                => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ],
     sub { $disabled{"ec"} && $disabled{"dh"} }
                         => [ "tls1_3" ],
     "dgram"             => [ "dtls", "sctp" ],
diff --git a/INSTALL.md b/INSTALL.md
index db893492a1..e005312bc0 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -577,6 +577,11 @@ as configuration option, you must ensure that it's valid for both the C and
 the C++ compiler.  If not, the C++ build test will most likely break.  As an
 alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`.
 
+### no-bulk
+
+Build only some minimal set of features.
+This is a developer option used internally for CI build tests of the project.
+
 ### no-capieng
 
 Don't build the CAPI engine.
diff --git a/apps/speed.c b/apps/speed.c
index 46187010d5..fa30924c5f 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -155,8 +155,12 @@ static int usertime = 1;
 
 static double Time_F(int s);
 static void print_message(const char *s, long num, int length, int tm);
+#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 static void pkey_print_message(const char *str, const char *str2,
                                long num, unsigned int bits, int sec);
+#endif
 static void print_result(int alg, int run_no, int count, double time_used);
 #ifndef NO_FORK
 static int do_multi(int multi, int size_num);
@@ -1509,9 +1513,10 @@ int speed_main(int argc, char **argv)
 #ifndef NO_FORK
     int multi = 0;
 #endif
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
-    || !defined(OPENSSL_NO_EC)
-    long rsa_count = 1;
+#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+     long op_count = 1;
 #endif
     openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
                                     ECDSA_SECONDS, ECDH_SECONDS,
@@ -3020,7 +3025,7 @@ int speed_main(int argc, char **argv)
             BIO_printf(bio_err,
                        "RSA sign failure.  No RSA sign will be done.\n");
             ERR_print_errors(bio_err);
-            rsa_count = 1;
+            op_count = 1;
         } else {
             pkey_print_message("private", "rsa",
                                rsa_c[testnum][0], rsa_keys[testnum].bits,
@@ -3034,7 +3039,7 @@ int speed_main(int argc, char **argv)
                        : "%ld %u bits private RSA's in %.2fs\n",
                        count, rsa_keys[testnum].bits, d);
             rsa_results[testnum][0] = (double)count / d;
-            rsa_count = count;
+            op_count = count;
         }
 
         for (i = 0; i < loopargs_len; i++) {
@@ -3062,7 +3067,7 @@ int speed_main(int argc, char **argv)
             rsa_results[testnum][1] = (double)count / d;
         }
 
-        if (rsa_count <= 1) {
+        if (op_count <= 1) {
             /* if longer than 10s, don't do any more */
             stop_it(rsa_doit, testnum);
         }
@@ -3091,7 +3096,7 @@ int speed_main(int argc, char **argv)
             BIO_printf(bio_err,
                        "DSA sign failure.  No DSA sign will be done.\n");
             ERR_print_errors(bio_err);
-            rsa_count = 1;
+            op_count = 1;
         } else {
             pkey_print_message("sign", "dsa",
                                dsa_c[testnum][0], dsa_bits[testnum],
@@ -3104,7 +3109,7 @@ int speed_main(int argc, char **argv)
                        : "%ld %u bits DSA signs in %.2fs\n",
                        count, dsa_bits[testnum], d);
             dsa_results[testnum][0] = (double)count / d;
-            rsa_count = count;
+            op_count = count;
         }
 
         for (i = 0; i < loopargs_len; i++) {
@@ -3132,7 +3137,7 @@ int speed_main(int argc, char **argv)
             dsa_results[testnum][1] = (double)count / d;
         }
 
-        if (rsa_count <= 1) {
+        if (op_count <= 1) {
             /* if longer than 10s, don't do any more */
             stop_it(dsa_doit, testnum);
         }
@@ -3157,7 +3162,7 @@ int speed_main(int argc, char **argv)
         if (st == 0) {
             BIO_printf(bio_err, "ECDSA failure.\n");
             ERR_print_errors(bio_err);
-            rsa_count = 1;
+            op_count = 1;
         } else {
             for (i = 0; i < loopargs_len; i++) {
                 /* Perform ECDSA signature test */
@@ -3172,7 +3177,7 @@ int speed_main(int argc, char **argv)
                 BIO_printf(bio_err,
                            "ECDSA sign failure.  No ECDSA sign will be done.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
             } else {
                 pkey_print_message("sign", "ecdsa",
                                    ecdsa_c[testnum][0],
@@ -3186,7 +3191,7 @@ int speed_main(int argc, char **argv)
                            "%ld %u bits ECDSA signs in %.2fs \n",
                            count, ec_curves[testnum].bits, d);
                 ecdsa_results[testnum][0] = (double)count / d;
-                rsa_count = count;
+                op_count = count;
             }
 
             /* Perform ECDSA verification test */
@@ -3216,13 +3221,13 @@ int speed_main(int argc, char **argv)
                 ecdsa_results[testnum][1] = (double)count / d;
             }
 
-            if (rsa_count <= 1) {
+            if (op_count <= 1) {
                 /* if longer than 10s, don't do any more */
                 stop_it(ecdsa_doit, testnum);
             }
         }
     }
-# endif
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
     for (testnum = 0; testnum < EC_NUM; testnum++) {
         int ecdh_checks = 1;
@@ -3271,7 +3276,7 @@ int speed_main(int argc, char **argv)
                     BIO_printf(bio_err,
                                "Unhandled error in the error queue during ECDH init.\n");
                     ERR_print_errors(bio_err);
-                    rsa_count = 1;
+                    op_count = 1;
                     break;
                 }
 
@@ -3288,7 +3293,7 @@ int speed_main(int argc, char **argv)
                     ecdh_checks = 0;
                     BIO_printf(bio_err, "ECDH EC params init failure.\n");
                     ERR_print_errors(bio_err);
-                    rsa_count = 1;
+                    op_count = 1;
                     break;
                 }
                 /* Create the context for the key generation */
@@ -3304,7 +3309,7 @@ int speed_main(int argc, char **argv)
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH keygen failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 break;
             }
 
@@ -3319,7 +3324,7 @@ int speed_main(int argc, char **argv)
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH key generation failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 break;
             }
 
@@ -3337,7 +3342,7 @@ int speed_main(int argc, char **argv)
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH computation failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 break;
             }
 
@@ -3347,7 +3352,7 @@ int speed_main(int argc, char **argv)
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH computations don't match.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 break;
             }
 
@@ -3374,10 +3379,10 @@ int speed_main(int argc, char **argv)
                        "%ld %u-bits ECDH ops in %.2fs\n", count,
                        ec_curves[testnum].bits, d);
             ecdh_results[testnum][0] = (double)count / d;
-            rsa_count = count;
+            op_count = count;
         }
 
-        if (rsa_count <= 1) {
+        if (op_count <= 1) {
             /* if longer than 10s, don't do any more */
             stop_it(ecdh_doit, testnum);
         }
@@ -3431,7 +3436,7 @@ int speed_main(int argc, char **argv)
         if (st == 0) {
             BIO_printf(bio_err, "EdDSA failure.\n");
             ERR_print_errors(bio_err);
-            rsa_count = 1;
+            op_count = 1;
         } else {
             for (i = 0; i < loopargs_len; i++) {
                 /* Perform EdDSA signature test */
@@ -3446,7 +3451,7 @@ int speed_main(int argc, char **argv)
                 BIO_printf(bio_err,
                            "EdDSA sign failure.  No EdDSA sign will be done.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
             } else {
                 pkey_print_message("sign", ed_curves[testnum].name,
                                    eddsa_c[testnum][0],
@@ -3461,7 +3466,7 @@ int speed_main(int argc, char **argv)
                            count, ed_curves[testnum].bits,
                            ed_curves[testnum].name, d);
                 eddsa_results[testnum][0] = (double)count / d;
-                rsa_count = count;
+                op_count = count;
             }
             /* Perform EdDSA verification test */
             for (i = 0; i < loopargs_len; i++) {
@@ -3491,7 +3496,7 @@ int speed_main(int argc, char **argv)
                 eddsa_results[testnum][1] = (double)count / d;
             }
 
-            if (rsa_count <= 1) {
+            if (op_count <= 1) {
                 /* if longer than 10s, don't do any more */
                 stop_it(eddsa_doit, testnum);
             }
@@ -3563,7 +3568,7 @@ int speed_main(int argc, char **argv)
         if (st == 0) {
             BIO_printf(bio_err, "SM2 init failure.\n");
             ERR_print_errors(bio_err);
-            rsa_count = 1;
+            op_count = 1;
         } else {
             for (i = 0; i < loopargs_len; i++) {
                 size_t sm2_sigsize = loopargs[i].sigsize;
@@ -3579,7 +3584,7 @@ int speed_main(int argc, char **argv)
                 BIO_printf(bio_err,
                            "SM2 sign failure.  No SM2 sign will be done.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
             } else {
                 pkey_print_message("sign", sm2_curves[testnum].name,
                                    sm2_c[testnum][0],
@@ -3594,7 +3599,7 @@ int speed_main(int argc, char **argv)
                            count, sm2_curves[testnum].bits,
                            sm2_curves[testnum].name, d);
                 sm2_results[testnum][0] = (double)count / d;
-                rsa_count = count;
+                op_count = count;
             }
 
             /* Perform SM2 verification test */
@@ -3625,7 +3630,7 @@ int speed_main(int argc, char **argv)
                 sm2_results[testnum][1] = (double)count / d;
             }
 
-            if (rsa_count <= 1) {
+            if (op_count <= 1) {
                 /* if longer than 10s, don't do any more */
                 for (testnum++; testnum < SM2_NUM; testnum++)
                     sm2_doit[testnum] = 0;
@@ -3661,7 +3666,7 @@ int speed_main(int argc, char **argv)
             if (!pkey_A) {
                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3669,7 +3674,7 @@ int speed_main(int argc, char **argv)
             if (!pkey_B) {
                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3678,7 +3683,7 @@ int speed_main(int argc, char **argv)
             if (!ffdh_ctx) {
                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3686,14 +3691,14 @@ int speed_main(int argc, char **argv)
             if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
                 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
             if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
                 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3702,7 +3707,7 @@ int speed_main(int argc, char **argv)
                 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
                 BIO_printf(bio_err, "FFDH key generation failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3716,34 +3721,34 @@ int speed_main(int argc, char **argv)
             if (!ffdh_ctx) {
                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
             if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
                 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
             if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
                 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
             if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
                 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
             if (secret_size > MAX_FFDH_SIZE) {
                 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3752,7 +3757,7 @@ int speed_main(int argc, char **argv)
                                 &secret_size) <= 0) {
                 BIO_printf(bio_err, "Shared secret derive failure.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3761,7 +3766,7 @@ int speed_main(int argc, char **argv)
             if (!test_ctx) {
                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3771,7 +3776,7 @@ int speed_main(int argc, char **argv)
                 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) ||
                 test_out != secret_size) {
                 BIO_printf(bio_err, "FFDH computation failure.\n");
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3781,7 +3786,7 @@ int speed_main(int argc, char **argv)
                               loopargs[i].secret_ff_b, secret_size)) {
                 BIO_printf(bio_err, "FFDH computations don't match.\n");
                 ERR_print_errors(bio_err);
-                rsa_count = 1;
+                op_count = 1;
                 ffdh_checks = 0;
                 break;
             }
@@ -3807,9 +3812,9 @@ int speed_main(int argc, char **argv)
                        "%ld %u-bits FFDH ops in %.2fs\n", count,
                        ffdh_params[testnum].bits, d);
             ffdh_results[testnum][0] = (double)count / d;
-            rsa_count = count;
+            op_count = count;
         };
-        if (rsa_count <= 1) {
+        if (op_count <= 1) {
             /* if longer than 10s, don't do any more */
             stop_it(ffdh_doit, testnum);
         }
@@ -4103,23 +4108,27 @@ static void print_message(const char *s, long num, int length, int tm)
 #endif
 }
 
+#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
+    || !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 static void pkey_print_message(const char *str, const char *str2, long num,
                                unsigned int bits, int tm)
 {
-#ifdef SIGALRM
+# ifdef SIGALRM
     BIO_printf(bio_err,
                mr ? "+DTP:%d:%s:%s:%d\n"
                : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
     (void)BIO_flush(bio_err);
     run = 1;
     alarm(tm);
-#else
+# else
     BIO_printf(bio_err,
                mr ? "+DNP:%ld:%d:%s:%s\n"
                : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
     (void)BIO_flush(bio_err);
-#endif
+# endif
 }
+#endif
 
 static void print_result(int alg, int run_no, int count, double time_used)
 {
diff --git a/appveyor.yml b/appveyor.yml
index aa99f5062b..f0dfc7f5ba 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -20,8 +20,6 @@ before_build:
         Install-Module VSSetup -Scope CurrentUser
     - ps: >-
         Get-VSSetupInstance -All
-    - ps: >-
-        gci env:* | sort-object name
     - ps: >-
         If ($env:Platform -Match "x86") {
             $env:VCVARS_PLATFORM="x86"
@@ -32,20 +30,20 @@ before_build:
         }
     - ps: >-
         If ($env:Configuration -Match "shared") {
-            $env:SHARED="no-makedepend"
+            $env:CONFIG_OPTS=""
         } ElseIf ($env:Configuration -Match "minimal") {
-            $env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-cmp no-comp no-ct no-des no-dgram no-dh no-dsa no-ec no-ec2m no-engine no-filenames no-idea no-ktls no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-siv no-sm3 no-sm4 no-srp no-srtp no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT"
+            $env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT"
         } Else {
-            $env:SHARED="no-shared no-makedepend"
+            $env:CONFIG_OPTS="no-shared"
         }
     - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
     - mkdir _build
     - cd _build
-    - perl ..\Configure %TARGET% %SHARED%
+    - perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS%
     - perl configdata.pm --dump
     - cd ..
     - ps: >-
-        if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
+        If (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
             -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT |
                  Select-String "\[extended tests\]") ) {
             $env:EXTENDED_TESTS="yes"
@@ -56,6 +54,8 @@ before_build:
         } Else {
             $env:NMAKE="nmake /S"
         }
+    - ps: >-
+        gci env:* | sort-object name
 
 build_script:
     - cd _build
diff --git a/fuzz/server.c b/fuzz/server.c
index 4055b58222..26c1c172cf 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -521,7 +521,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     RSA *privkey;
 #endif
     const uint8_t *bufp;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
+    || !defined(OPENSSL_NO_DEPRECATED_3_0)
     EVP_PKEY *pkey;
+#endif
     X509 *cert;
 #ifndef OPENSSL_NO_EC
     EC_KEY *ecdsakey = NULL;
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index 8668588a7d..30837612cc 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -330,6 +330,8 @@ static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
                                            p2s, k2d, ctx, NULL, NULL);
 }
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
                                               int key_nid, const char *pemname,
                                               key_to_paramstring_fn *p2s,
@@ -339,6 +341,7 @@ static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
     return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
                                            p2s, k2d, ctx, NULL, NULL);
 }
+#endif
 
 #define der_output_type         "DER"
 #define pem_output_type         "PEM"
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 92efb0436e..4d33d869ed 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -126,6 +126,7 @@ err:
 /* Number of octets per line */
 #define LABELED_BUF_PRINT_WIDTH    15
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static int print_labeled_buf(BIO *out, const char *label,
                              const unsigned char *buf, size_t buflen)
 {
@@ -151,6 +152,7 @@ static int print_labeled_buf(BIO *out, const char *label,
 
     return 1;
 }
+#endif
 
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
 static int ffc_params_to_text(BIO *out, const FFC_PARAMS *ffc)
diff --git a/test/endecode_test.c b/test/endecode_test.c
index f72f9aaac8..76b32a8aa9 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -40,12 +40,14 @@ static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
 # endif
 #endif
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
 {
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
 
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
     /*
      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
      * for testing only. Use a minimum key size of 2048 for security purposes.
@@ -54,7 +56,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
         return get_dh512(NULL);
     if (strcmp(type, "X9.42 DH") == 0)
         return get_dhx512(NULL);
-#endif
+# endif
 
     /*
      * No real need to check the errors other than for the cascade
@@ -69,6 +71,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
 
     return pkey;
 }
+#endif
 
 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
                           OSSL_PARAM *genparams)
@@ -514,6 +517,8 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
                               dump_pem, 0);
 }
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
 static int check_params_DER(const char *type, const void *data, size_t data_len)
 {
     const unsigned char *datap = data;
@@ -568,6 +573,7 @@ static int test_params_via_PEM(const char *type, EVP_PKEY *key)
                               test_text, check_params_PEM,
                               dump_pem, 0);
 }
+#endif /* ndef(OPENSSL_NO_DH) || ndef(OPENSSL_NO_DSA) || ndef(OPENSSL_NO_EC) */
 
 static int check_unprotected_legacy_PEM(const char *type,
                                         const void *data, size_t data_len)
diff --git a/test/evp_pkey_dparams_test.c b/test/evp_pkey_dparams_test.c
index f1d528eb27..b8e9493dca 100644
--- a/test/evp_pkey_dparams_test.c
+++ b/test/evp_pkey_dparams_test.c
@@ -89,6 +89,7 @@ static const unsigned char ecparam_bin[] = {
 };
 #endif
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static const struct {
     int type;
     const unsigned char *param_bin;
@@ -105,7 +106,6 @@ static const struct {
 #endif
 };
 
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static int params_bio_test(int id)
 {
     int ret, out_len;


More information about the openssl-commits mailing list