[openssl-dev] [openssl.org #4316] Build failure with OPENSSL_NO_DES or OPENSSL_NO_AES defined
Michele Cicciotti via RT
rt at openssl.org
Wed Feb 17 14:56:48 UTC 2016
Affected version: 1.0.2f
crypto/cms/cms_kari.c calls EVP_des_ede3_wrap without checking whether
OPENSSL_NO_DES is defined, and EVP_aes_XXX_wrap without checking if
OPENSSL_NO_AES is defined. See the attached patch for the fix
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4316
Please log in as guest with password guest if prompted
-------------- next part --------------
--- crypto/cms/cms_kari.c
+++ crypto/cms/cms_kari.c
@@ -402,13 +402,22 @@
* DES3 wrap otherwise use AES wrap similar to key size.
*/
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
+#ifdef OPENSSL_NO_DES
+ return 0;
+#else
kekcipher = EVP_des_ede3_wrap();
- else if (keylen <= 16)
+#endif
+ else
+#ifdef OPENSSL_NO_AES
+ return 0;
+#else
+ if (keylen <= 16)
kekcipher = EVP_aes_128_wrap();
else if (keylen <= 24)
kekcipher = EVP_aes_192_wrap();
else
kekcipher = EVP_aes_256_wrap();
+#endif
return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
}
More information about the openssl-dev
mailing list