From d46d2da41c75ff765c914bf1c19063e97c8c519a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 6 Jul 2017 10:11:17 +0200 Subject: [PATCH] Fix 'no-cms' Fixes #3867 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/3873) --- crypto/dh/dh.h | 2 ++ crypto/dh/dh_kdf.c | 4 ++++ crypto/dh/dh_pmeth.c | 9 ++++++++- crypto/rsa/rsa_ameth.c | 2 +- util/libeay.num | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index a228c7a7a4..80b28fb39d 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -257,11 +257,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a882cb286e..8947a08731 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,6 +51,9 @@ * ==================================================================== */ +#include + +#ifndef OPENSSL_NO_CMS #include #include #include @@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index b58e3fa86f..6452482c87 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } return ret; } +#endif return 1; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 951e1d5ca3..ddead3d744 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } -#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; diff --git a/util/libeay.num b/util/libeay.num index 2094ab364c..992abb2c46 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -- 2.34.1