[openssl] master update
Matt Caswell
matt at openssl.org
Fri Feb 7 23:32:23 UTC 2020
The branch master has been updated
via 709b5e8a3e10963072ce390df7e736308853aa85 (commit)
via 92dcfb796f51aa64d0ff34a5c9dbabf49f432c6f (commit)
via ad5b71be73f0450a9eb51c8b845796fe4183601f (commit)
from 34675b2ba942f81a74bd8bc46b937604dca0a645 (commit)
- Log -----------------------------------------------------------------
commit 709b5e8a3e10963072ce390df7e736308853aa85
Author: Matt Caswell <matt at openssl.org>
Date: Thu Feb 6 15:54:09 2020 +0000
Fix no-engine
We don't need to check if an engine has a cipher/digest in a no-engine
build.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11031)
commit 92dcfb796f51aa64d0ff34a5c9dbabf49f432c6f
Author: Matt Caswell <matt at openssl.org>
Date: Thu Feb 6 15:30:24 2020 +0000
Fix no-dh
Don't use DH specific macros that might need to be used in a no-dh build.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11030)
commit ad5b71be73f0450a9eb51c8b845796fe4183601f
Author: Matt Caswell <matt at openssl.org>
Date: Thu Feb 6 15:17:28 2020 +0000
Fix no-ec
Recent SM2 related changes were not properly guarded with OPENSSL_NO_EC
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11029)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 2 ++
crypto/x509/x_all.c | 2 ++
include/internal/ffc.h | 19 ++++++++++++-------
include/openssl/dh.h | 4 ++++
ssl/ssl_lib.c | 4 ++++
5 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 95dd96e86b..76b4df1dc3 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -403,12 +403,14 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
int alias = type;
+#ifndef OPENSSL_NO_EC
if (EVP_PKEY_type(type) == EVP_PKEY_EC) {
const EC_GROUP *group = EC_KEY_get0_group(key);
if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2)
alias = EVP_PKEY_SM2;
}
+#endif
if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
return 0;
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 5a5f098558..89940a0cc9 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -44,12 +44,14 @@ static EVP_MD_CTX *make_id_ctx(EVP_PKEY *r, ASN1_OCTET_STRING *id)
goto error;
}
+#ifndef OPENSSL_NO_EC
if (id != NULL) {
if (EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
X509err(0, ERR_R_MALLOC_FAILURE);
goto error;
}
}
+#endif
EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index 75df3a1ffd..67282fd807 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -33,13 +33,18 @@
# define FFC_PARAMS_VALIDATE_G 0x02
# define FFC_PARAMS_VALIDATE_ALL (FFC_PARAMS_VALIDATE_PQ | FFC_PARAMS_VALIDATE_G)
-# define FFC_CHECK_P_NOT_PRIME DH_CHECK_P_NOT_PRIME
-# define FFC_CHECK_P_NOT_SAFE_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-# define FFC_CHECK_UNKNOWN_GENERATOR DH_UNABLE_TO_CHECK_GENERATOR
-# define FFC_CHECK_NOT_SUITABLE_GENERATOR DH_NOT_SUITABLE_GENERATOR
-# define FFC_CHECK_Q_NOT_PRIME DH_CHECK_Q_NOT_PRIME
-# define FFC_CHECK_INVALID_Q_VALUE DH_CHECK_INVALID_Q_VALUE
-# define FFC_CHECK_INVALID_J_VALUE DH_CHECK_INVALID_J_VALUE
+/*
+ * NB: These values must align with the equivalently named macros in
+ * openssl/dh.h. We cannot use those macros here in case DH has been disabled.
+ */
+# define FFC_CHECK_P_NOT_PRIME 0x00001
+# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002
+# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004
+# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008
+# define FFC_CHECK_Q_NOT_PRIME 0x00010
+# define FFC_CHECK_INVALID_Q_VALUE 0x00020
+# define FFC_CHECK_INVALID_J_VALUE 0x00040
+
# define FFC_CHECK_BAD_LN_PAIR 0x00080
# define FFC_CHECK_INVALID_SEED_SIZE 0x00100
# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 3040bc03a6..67783bae7b 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -75,6 +75,10 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_GENERATOR_5 5
/* DH_check error codes */
+/*
+ * NB: These values must align with the equivalently named macros in
+ * internal/ffc.h.
+ */
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 977b599055..08fcd83ea7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -5848,12 +5848,14 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx,
int nid,
const char *properties)
{
+#ifndef OPENSSL_NO_ENGINE
/*
* If there is an Engine available for this cipher we use the "implicit"
* form to ensure we use that engine later.
*/
if (ENGINE_get_cipher_engine(nid) != NULL)
return EVP_get_cipherbynid(nid);
+#endif
/* Otherwise we do an explicit fetch */
return EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
@@ -5891,12 +5893,14 @@ const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx,
int nid,
const char *properties)
{
+#ifndef OPENSSL_NO_ENGINE
/*
* If there is an Engine available for this digest we use the "implicit"
* form to ensure we use that engine later.
*/
if (ENGINE_get_digest_engine(nid) != NULL)
return EVP_get_digestbynid(nid);
+#endif
/* Otherwise we do an explicit fetch */
return EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
More information about the openssl-commits
mailing list