[openssl] master update
Matt Caswell
matt at openssl.org
Thu Feb 6 12:12:47 UTC 2020
The branch master has been updated
via 5ce87e11de21835255ea11cc330ebf9931e21329 (commit)
from 9aa78c36ec3bdcf09742f6dea403fc09d40d420f (commit)
- Log -----------------------------------------------------------------
commit 5ce87e11de21835255ea11cc330ebf9931e21329
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 31 23:28:45 2020 +0000
Fix builds with no-dh
The various functions in bn_const.c return primes that are
specified for use in DH. However they were not being excluded from
a no-dh build - and was therefore causing the build to fail.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10990)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/build.info | 10 ++++++++--
include/openssl/bn.h | 20 +++++++++++---------
providers/fips/fipsprov.c | 4 ++++
util/libcrypto.num | 16 ++++++++--------
4 files changed, 31 insertions(+), 19 deletions(-)
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 5ad8bf14d3..bc3fb9b05b 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -101,12 +101,18 @@ IF[{- !$disabled{asm} -}]
ENDIF
ENDIF
+IF[{- !$disabled{dh} -}]
+ $BNDH=bn_const.c
+ELSE
+ $BNDH=
+ENDIF
+
$COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
- bn_const.c bn_x931p.c bn_intern.c bn_dh.c \
- bn_rsa_fips186_4.c $BNASM
+ bn_x931p.c bn_intern.c bn_dh.c \
+ bn_rsa_fips186_4.c $BNDH $BNASM
SOURCE[../../libcrypto]=$COMMON bn_print.c bn_err.c bn_depr.c bn_srp.c
SOURCE[../../providers/libfips.a]=$COMMON
# Implementations are now spread across several libraries, so the defines
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 8512ddf284..69cd127698 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -527,6 +527,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
const BIGNUM *priv, const unsigned char *message,
size_t message_len, BN_CTX *ctx);
+# ifndef OPENSSL_NO_DH
/* Primes from RFC 2409 */
BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
@@ -539,15 +540,16 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
-# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
-# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
-# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
-# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
-# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
-# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
-# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
# endif
int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index c89fa64264..0301954c30 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -130,6 +130,7 @@ static OSSL_PARAM core_params[] =
* The array of hex_data is used to get around compilers that dont like
* strings longer than 509 bytes,
*/
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
static int hextobn(const char *hex_data[], BIGNUM **bn)
{
int ret = 0;
@@ -156,7 +157,9 @@ err:
OPENSSL_free(str);
return ret;
}
+#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
+#ifndef OPENSSL_NO_DH
static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
{
int ret = 0, sz;
@@ -181,6 +184,7 @@ err:
BN_free(bn);
return ret;
}
+#endif
#ifndef OPENSSL_NO_DSA
static int dsa_key_signature_test(OPENSSL_CTX *libctx)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 2516e2ff18..dc6515cfc9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -214,7 +214,7 @@ s2i_ASN1_OCTET_STRING 217 3_0_0 EXIST::FUNCTION:
POLICYINFO_it 218 3_0_0 EXIST::FUNCTION:
OBJ_create 219 3_0_0 EXIST::FUNCTION:
d2i_NOTICEREF 220 3_0_0 EXIST::FUNCTION:
-BN_get_rfc2409_prime_768 221 3_0_0 EXIST::FUNCTION:
+BN_get_rfc2409_prime_768 221 3_0_0 EXIST::FUNCTION:DH
PEM_read_bio_PKCS8 222 3_0_0 EXIST::FUNCTION:
X509_ATTRIBUTE_new 223 3_0_0 EXIST::FUNCTION:
ASN1_STRING_TABLE_cleanup 224 3_0_0 EXIST::FUNCTION:
@@ -483,7 +483,7 @@ BN_GF2m_mod_sqr_arr 492 3_0_0 EXIST::FUNCTION:EC2M
ASN1_PRINTABLESTRING_it 493 3_0_0 EXIST::FUNCTION:
BIO_f_cipher 494 3_0_0 EXIST::FUNCTION:
UI_destroy_method 495 3_0_0 EXIST::FUNCTION:
-BN_get_rfc3526_prime_3072 496 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_3072 496 3_0_0 EXIST::FUNCTION:DH
X509_INFO_new 497 3_0_0 EXIST::FUNCTION:
OCSP_RESPDATA_it 498 3_0_0 EXIST::FUNCTION:OCSP
X509_CRL_print 499 3_0_0 EXIST::FUNCTION:
@@ -618,7 +618,7 @@ d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:OCSP
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DH
-BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH
X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION:
X509V3_NAME_from_section 640 3_0_0 EXIST::FUNCTION:
@@ -888,7 +888,7 @@ EVP_read_pw_string 909 3_0_0 EXIST::FUNCTION:
i2d_ASN1_NULL 910 3_0_0 EXIST::FUNCTION:
DES_encrypt1 911 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
BN_mod_lshift1_quick 912 3_0_0 EXIST::FUNCTION:
-BN_get_rfc3526_prime_6144 913 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_6144 913 3_0_0 EXIST::FUNCTION:DH
OBJ_obj2txt 914 3_0_0 EXIST::FUNCTION:
UI_set_result 915 3_0_0 EXIST::FUNCTION:
EVP_EncodeUpdate 916 3_0_0 EXIST::FUNCTION:
@@ -2129,7 +2129,7 @@ TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS
NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION:
ECDSA_do_sign_ex 2176 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OCSP_ONEREQ_get_ext 2177 3_0_0 EXIST::FUNCTION:OCSP
-BN_get_rfc3526_prime_4096 2179 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_4096 2179 3_0_0 EXIST::FUNCTION:DH
d2i_PKCS7_fp 2180 3_0_0 EXIST::FUNCTION:STDIO
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 3_0_0 EXIST::FUNCTION:
PKCS12_AUTHSAFES_it 2182 3_0_0 EXIST::FUNCTION:
@@ -2471,7 +2471,7 @@ BN_GF2m_mod_div 2522 3_0_0 EXIST::FUNCTION:EC2M
i2d_USERNOTICE 2523 3_0_0 EXIST::FUNCTION:
d2i_NETSCAPE_SPKI 2524 3_0_0 EXIST::FUNCTION:
CRYPTO_mem_leaks 2525 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
-BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION:DH
DSA_sign 2527 3_0_0 EXIST::FUNCTION:DSA
RAND_egd 2528 3_0_0 EXIST::FUNCTION:EGD
ASN1_d2i_bio 2529 3_0_0 EXIST::FUNCTION:
@@ -2579,7 +2579,7 @@ ASIdentifierChoice_it 2633 3_0_0 EXIST::FUNCTION:RFC3779
CMS_RecipientEncryptedKey_cert_cmp 2634 3_0_0 EXIST::FUNCTION:CMS
EVP_PKEY_CTX_get_app_data 2635 3_0_0 EXIST::FUNCTION:
EC_GROUP_clear_free 2636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-BN_get_rfc2409_prime_1024 2637 3_0_0 EXIST::FUNCTION:
+BN_get_rfc2409_prime_1024 2637 3_0_0 EXIST::FUNCTION:DH
CRYPTO_set_mem_functions 2638 3_0_0 EXIST::FUNCTION:
i2d_ASN1_VISIBLESTRING 2639 3_0_0 EXIST::FUNCTION:
d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION:
@@ -3374,7 +3374,7 @@ EVP_EncodeFinal 3444 3_0_0 EXIST::FUNCTION:
X509_set_ex_data 3445 3_0_0 EXIST::FUNCTION:
ERR_get_next_error_library 3446 3_0_0 EXIST::FUNCTION:
OCSP_RESPONSE_print 3447 3_0_0 EXIST::FUNCTION:OCSP
-BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:
+BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:DH
BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
BIO_method_type 3451 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list