From e968561d5e762e6c05e74541137916b4f20a144b Mon Sep 17 00:00:00 2001 From: David Bar Date: Mon, 3 Aug 2015 12:45:26 -0400 Subject: [PATCH] RT3674: Make no-cms build work. Also has changes from from David Woodhouse and some tweaks from me. Signed-off-by: Rich Salz Reviewed-by: Tim Hudson --- crypto/dh/Makefile | 2 +- crypto/dh/dh_kdf.c | 6 ++++++ crypto/dh/dh_pmeth.c | 12 ++++++++++-- crypto/ec/ec_ameth.c | 2 ++ crypto/rsa/rsa_ameth.c | 8 ++++++++ include/openssl/dh.h | 4 ++++ test/cms-test.pl | 7 +++++++ util/libeay.num | 2 +- 8 files changed, 39 insertions(+), 4 deletions(-) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index f9be501d3e..655bca0d45 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -120,7 +120,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../include/internal/cryptlib.h dh_gen.c -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index b812d821e4..55979600e1 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,13 +51,18 @@ * ==================================================================== */ +#include + +#ifndef OPENSSL_NO_CMS #include #include #include #include #include + /* Key derivation from X9.42/RFC2631 */ +/* Uses CMS functions, hence the #ifdef wrapper. */ #define DH_KDF_MAX (1L << 30) @@ -184,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 763e42fe22..751428cb66 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -205,7 +205,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -447,7 +451,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -475,7 +482,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, OPENSSL_clear_free(Z, Zlen); return ret; } - return 1; +#endif + return 0; } const EVP_PKEY_METHOD dh_pkey_meth = { diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index edb68d119d..e2f32872c6 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -67,8 +67,10 @@ #include #include "internal/asn1_int.h" +#ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); +#endif static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) { diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index d409631e14..63f88e58aa 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -68,10 +68,12 @@ #endif #include "internal/asn1_int.h" +#ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); static int rsa_cms_verify(CMS_SignerInfo *si); static int rsa_cms_decrypt(CMS_RecipientInfo *ri); static int rsa_cms_encrypt(CMS_RecipientInfo *ri); +#endif static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { @@ -653,6 +655,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, return rv; } +#ifndef OPENSSL_NO_CMS static int rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; @@ -671,6 +674,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si) } return 0; } +#endif /* * Customised RSA item verification routine. This is called when a signature @@ -693,6 +697,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return -1; } +#ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si) { int pad_mode = RSA_PKCS1_PADDING; @@ -717,6 +722,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); return 1; } +#endif static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, @@ -750,6 +756,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -900,6 +907,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) ASN1_STRING_free(os); return rv; } +#endif const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { diff --git a/include/openssl/dh.h b/include/openssl/dh.h index f1de53dffe..f5b03d32f5 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -239,11 +239,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ @@ -336,7 +338,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, /* KDF types */ # define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS # define EVP_PKEY_DH_KDF_X9_42 2 +# endif /* BEGIN ERROR CODES */ /* diff --git a/test/cms-test.pl b/test/cms-test.pl index baa3b5948a..1ee3f02e87 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -100,6 +100,13 @@ my $no_ec2m; my $no_ecdh; my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; +system ("$ossl_path no-cms > $null_path"); +if ($? == 0) + { + print "CMS disabled\n"; + exit 0; + } + system ("$ossl_path no-ec > $null_path"); if ($? == 0) { diff --git a/util/libeay.num b/util/libeay.num index bfdd162ea1..fd8375da67 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:EC CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS -DH_KDF_X9_42 4735 EXIST::FUNCTION:DH +DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -- 2.25.1