From 76ca35e7246b0071040cd242de06154c0195bcff Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 17 Jul 2019 11:40:41 +0100 Subject: [PATCH] Fix no-dh The recent move of the DH code into the default provider broke no-dh. This adds back in various missing guards. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9399) --- crypto/evp/evp_lib.c | 6 +++++- crypto/evp/pmeth_lib.c | 6 ++++++ providers/common/exchange/build.info | 6 ++++-- providers/default/defltprov.c | 2 ++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 3e64a1f93e..47bbb2bd55 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -729,12 +729,13 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), } #ifndef FIPS_MODE +# ifndef OPENSSL_NO_DH /* * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added * in later. */ -#define MAX_PARAMS 10 +# define MAX_PARAMS 10 typedef struct { /* Number of the current param */ size_t curr; @@ -845,12 +846,15 @@ static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz) return param_template_to_param(&tmpl, sz); } +# endif /* OPENSSL_NO_DH */ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz) { switch (pkey->type) { +# ifndef OPENSSL_NO_DH case EVP_PKEY_DH: return evp_pkey_dh_to_param(pkey, sz); +# endif default: return NULL; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index d444e7168d..169b0565a4 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -393,6 +393,7 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return 0; } +#ifndef OPENSSL_NO_DH int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { OSSL_PARAM dh_pad_params[2]; @@ -407,13 +408,16 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); } +#endif static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { switch (cmd) { +#ifndef OPENSSL_NO_DH case EVP_PKEY_CTRL_DH_PAD: return EVP_PKEY_CTX_set_dh_pad(ctx, p1); +#endif } return 0; } @@ -470,12 +474,14 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, const char *value) { +#ifndef OPENSSL_NO_DH if (strcmp(name, "dh_pad") == 0) { int pad; pad = atoi(value); return EVP_PKEY_CTX_set_dh_pad(ctx, pad); } +#endif return 0; } diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info index 1039075c2a..7957f51314 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/exchange/build.info @@ -1,5 +1,7 @@ LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=\ - dh.c +IF[{- !$disabled{dh} -}] + SOURCE[../../../libcrypto]=\ + dh.c +ENDIF diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 6ac2bdbfcc..18e3a5c36f 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -115,7 +115,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { }; static const OSSL_ALGORITHM deflt_keyexch[] = { +#ifndef OPENSSL_NO_DH { "dhKeyAgreement", "default=yes", dh_functions }, +#endif { NULL, NULL, NULL } }; -- 2.40.0