Fix 'no-cms'

Fixes #3867

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3873)

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index a228c7a7a4c3a124c987cd3689e198c51b57ef63..80b28fb39dc82d4bfdb7806491a99e6d649845bf 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -257,11 +257,13 @@ DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 
+# ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *Z, size_t Zlen,
                  ASN1_OBJECT *key_oid,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
 
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \

diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index a882cb286e0eaed12f0dd3d672ef40454808cbf7..8947a087315202d4ebbb64a7efcbcf1e758cd186 100644 (file)
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -51,6 +51,9 @@
  * ====================================================================
  */
 
+#include <e_os.h>
+
+#ifndef OPENSSL_NO_CMS
 #include <string.h>
 #include <openssl/dh.h>
 #include <openssl/evp.h>
@@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     EVP_MD_CTX_cleanup(&mctx);
     return rv;
 }
+#endif

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index b58e3fa86fad0c27a3d53734cf33cc7c417b1b02..6452482c87d2f954371f32657465363fdad2685e 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_DH_KDF_TYPE:
         if (p1 == -2)
             return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
         if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
             return -2;
         dctx->kdf_type = p1;
         return 1;
@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             return ret;
         *keylen = ret;
         return 1;
-    } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
         unsigned char *Z = NULL;
         size_t Zlen = 0;
         if (!dctx->kdf_outlen || !dctx->kdf_oid)
@@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         }
         return ret;
     }
+#endif
     return 1;
 }
 

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 951e1d5ca32b98cf4d30e69f31542718292ffc4b..ddead3d7445570ae0b46b6e60d0694fe63b700a3 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
     return 2;
 }
 
+#ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
                                         X509_ALGOR **pmaskHash)
 {
@@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
     return pss;
 }
 
-#ifndef OPENSSL_NO_CMS
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 {
     EVP_PKEY_CTX *pkctx;

diff --git a/util/libeay.num b/util/libeay.num
index 2094ab364c8e17053ff26c996e098b8b6ef7e3d6..992abb2c46d1a3239c8149e54d88fdb9a6404b19 100755 (executable)
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4370,7 +4370,7 @@ DH_compute_key_padded                   4732      EXIST::FUNCTION:DH
 ECDSA_METHOD_set_sign                   4733   EXIST::FUNCTION:ECDSA
 CMS_RecipientEncryptedKey_cert_cmp      4734   EXIST:!VMS:FUNCTION:CMS
 CMS_RecipEncryptedKey_cert_cmp          4734   EXIST:VMS:FUNCTION:CMS
-DH_KDF_X9_42                            4735   EXIST::FUNCTION:DH
+DH_KDF_X9_42                            4735   EXIST::FUNCTION:CMS,DH
 RSA_OAEP_PARAMS_free                    4736   EXIST::FUNCTION:RSA
 EVP_des_ede3_wrap                       4737   EXIST::FUNCTION:DES
 RSA_OAEP_PARAMS_it                      4738   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA