Fix no-dh

The recent move of the DH code into the default provider broke no-dh. This
adds back in various missing guards.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9399)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 3e64a1f93eed305f1d7d5c0b12d961317bb09a46..47bbb2bd5582003d888b6fbb297d8560ac5f1c38 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -729,12 +729,13 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
 }
 
 #ifndef FIPS_MODE
+# ifndef OPENSSL_NO_DH
 /*
  * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added
  * in later.
  */
 
-#define MAX_PARAMS 10
+#  define MAX_PARAMS 10
 typedef struct {
     /* Number of the current param */
     size_t curr;
@@ -845,12 +846,15 @@ static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz)
 
     return param_template_to_param(&tmpl, sz);
 }
+# endif /* OPENSSL_NO_DH */
 
 OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz)
 {
     switch (pkey->type) {
+# ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         return evp_pkey_dh_to_param(pkey, sz);
+# endif
     default:
         return NULL;
     }

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index d444e7168d3f649a560d11352f42ea7dba50cf3c..169b0565a4d15db14f05bcd2f2b072d216340e84 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -393,6 +393,7 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
     return 0;
 }
 
+#ifndef OPENSSL_NO_DH
 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
 {
     OSSL_PARAM dh_pad_params[2];
@@ -407,13 +408,16 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
 
     return EVP_PKEY_CTX_set_params(ctx, dh_pad_params);
 }
+#endif
 
 static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
                                 int cmd, int p1, void *p2)
 {
     switch (cmd) {
+#ifndef OPENSSL_NO_DH
     case EVP_PKEY_CTRL_DH_PAD:
         return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
+#endif
     }
     return 0;
 }
@@ -470,12 +474,14 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
 static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
                                     const char *value)
 {
+#ifndef OPENSSL_NO_DH
     if (strcmp(name, "dh_pad") == 0) {
         int pad;
 
         pad = atoi(value);
         return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
     }
+#endif
     return 0;
 }
 

diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info
index 1039075c2a69f3eaf423dc595128a57376179cd0..7957f51314efa217f610cf5a2ddea430f57dbc2d 100644 (file)
--- a/providers/common/exchange/build.info
+++ b/providers/common/exchange/build.info
@@ -1,5 +1,7 @@
 LIBS=../../../libcrypto
-SOURCE[../../../libcrypto]=\
-        dh.c
+IF[{- !$disabled{dh} -}]
+  SOURCE[../../../libcrypto]=\
+          dh.c
+ENDIF
 
 

diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 6ac2bdbfcc2e1c8a2c25e8b6ec4299fd9f03fc8b..18e3a5c36f89be105cd5cd19306c5ecc6042af6f 100644 (file)
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -115,7 +115,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
 };
 
 static const OSSL_ALGORITHM deflt_keyexch[] = {
+#ifndef OPENSSL_NO_DH
     { "dhKeyAgreement", "default=yes", dh_functions },
+#endif
     { NULL, NULL, NULL }
 };