From 96bea0002b44f1f490a798d6122d6b15d1fe6b09 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 18 Mar 2016 15:56:06 +0000 Subject: [PATCH] Fix no-des Numerous fixes for no-des. Reviewed-by: Rich Salz --- apps/pkcs12.c | 4 +++- apps/speed.c | 2 ++ crypto/cms/cms_kari.c | 5 ++++- test/evp_test.c | 8 ++++++++ test/recipes/80-test_cms.t | 22 ++++++++++++---------- 5 files changed, 29 insertions(+), 12 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1fd1fad001..6657c4fcee 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -57,7 +57,9 @@ */ #include -#if !defined(OPENSSL_NO_DES) +#if defined(OPENSSL_NO_DES) +NON_EMPTY_TRANSLATION_UNIT +#else # include # include diff --git a/apps/speed.c b/apps/speed.c index 230ed62e04..260b55fccc 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1386,7 +1386,9 @@ int speed_main(int argc, char **argv) memset(results, 0, sizeof(results)); memset(c, 0, sizeof(c)); +#ifndef OPENSSL_NO_DES memset(DES_iv, 0, sizeof(DES_iv)); +#endif memset(iv, 0, sizeof(iv)); for (i = 0; i < ALGOR_NUM; i++) diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 79634ad456..562b1e506c 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -389,9 +389,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, * Pick a cipher based on content encryption cipher. If it is DES3 use * DES3 wrap otherwise use AES wrap similar to key size. */ +#ifndef OPENSSL_NO_DES if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) kekcipher = EVP_des_ede3_wrap(); - else if (keylen <= 16) + else +#endif + if (keylen <= 16) kekcipher = EVP_aes_128_wrap(); else if (keylen <= 24) kekcipher = EVP_aes_192_wrap(); diff --git a/test/evp_test.c b/test/evp_test.c index 759ec3be4a..ed03c86ce7 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1083,6 +1083,14 @@ static int mac_test_run(struct evp_test *t) unsigned char *mac = NULL; size_t mac_len; +#ifdef OPENSSL_NO_DES + if (strstr(mdata->alg, "DES") != NULL) { + /* Skip DES */ + err = NULL; + goto err; + } +#endif + err = "MAC_PKEY_CTX_ERROR"; genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL); if (!genctx) diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 2ce8a2c6ae..8dc6e9039a 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -13,8 +13,8 @@ setup("test_cms"); my $smdir = srctop_dir("test", "smime-certs"); my $smcont = srctop_file("test", "smcont.txt"); -my ($no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib) - = disabled qw/dh ec ec2m rc2 zlib/; +my ($no_des, $no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib) + = disabled qw/des dh ec ec2m rc2 zlib/; plan tests => 4; @@ -119,7 +119,7 @@ my @smime_pkcs7_tests = ( "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, 3 recipients", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", catfile($smdir, "smrsa1.pem"), @@ -129,7 +129,7 @@ my @smime_pkcs7_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", catfile($smdir, "smrsa1.pem"), @@ -139,7 +139,7 @@ my @smime_pkcs7_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, 3 recipients, key only used", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", catfile($smdir, "smrsa1.pem"), @@ -201,7 +201,7 @@ my @smime_cms_tests = ( "-CAfile", catfile($smdir, "smroot.pem") ] ], - [ "enveloped content test streaming S/MIME format, 3 recipients, keyid", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", "-keyid", catfile($smdir, "smrsa1.pem"), @@ -306,7 +306,7 @@ my @smime_cms_param_tests = ( "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, OAEP default parameters", + [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], @@ -314,7 +314,7 @@ my @smime_cms_param_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, OAEP SHA256", + [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", @@ -323,7 +323,7 @@ my @smime_cms_param_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, ECDH", + [ "enveloped content test streaming S/MIME format, DES, ECDH", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", "-recip", catfile($smdir, "smec1.pem") ], @@ -331,7 +331,7 @@ my @smime_cms_param_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], - [ "enveloped content test streaming S/MIME format, ECDH, key identifier", + [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", [ "-encrypt", "-keyid", "-in", $smcont, "-stream", "-out", "test.cms", "-recip", catfile($smdir, "smec1.pem") ], @@ -475,6 +475,8 @@ sub check_availability { if ($no_dh && $tnam =~ /X9\.42/); return "$tnam: skipped, RC2 disabled\n" if ($no_rc2 && $tnam =~ /RC2/); + return "$tnam: skipped, DES disabled\n" + if ($no_des && $tnam =~ /DES/); return ""; } -- 2.34.1