From 96bea0002b44f1f490a798d6122d6b15d1fe6b09 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 18 Mar 2016 15:56:06 +0000
Subject: [PATCH] Fix no-des
Numerous fixes for no-des.
Reviewed-by: Rich Salz <rsalz@openssl.org>
---
apps/pkcs12.c | 4 +++-
apps/speed.c | 2 ++
crypto/cms/cms_kari.c | 5 ++++-
test/evp_test.c | 8 ++++++++
test/recipes/80-test_cms.t | 22 ++++++++++++----------
5 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1fd1fad001..6657c4fcee 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -57,7 +57,9 @@
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES)
+#if defined(OPENSSL_NO_DES)
+NON_EMPTY_TRANSLATION_UNIT
+#else
# include <stdio.h>
# include <stdlib.h>
diff --git a/apps/speed.c b/apps/speed.c
index 230ed62e04..260b55fccc 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1386,7 +1386,9 @@ int speed_main(int argc, char **argv)
memset(results, 0, sizeof(results));
memset(c, 0, sizeof(c));
+#ifndef OPENSSL_NO_DES
memset(DES_iv, 0, sizeof(DES_iv));
+#endif
memset(iv, 0, sizeof(iv));
for (i = 0; i < ALGOR_NUM; i++)
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 79634ad456..562b1e506c 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -389,9 +389,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
* Pick a cipher based on content encryption cipher. If it is DES3 use
* DES3 wrap otherwise use AES wrap similar to key size.
*/
+#ifndef OPENSSL_NO_DES
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
kekcipher = EVP_des_ede3_wrap();
- else if (keylen <= 16)
+ else
+#endif
+ if (keylen <= 16)
kekcipher = EVP_aes_128_wrap();
else if (keylen <= 24)
kekcipher = EVP_aes_192_wrap();
diff --git a/test/evp_test.c b/test/evp_test.c
index 759ec3be4a..ed03c86ce7 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1083,6 +1083,14 @@ static int mac_test_run(struct evp_test *t)
unsigned char *mac = NULL;
size_t mac_len;
+#ifdef OPENSSL_NO_DES
+ if (strstr(mdata->alg, "DES") != NULL) {
+ /* Skip DES */
+ err = NULL;
+ goto err;
+ }
+#endif
+
err = "MAC_PKEY_CTX_ERROR";
genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
if (!genctx)
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 2ce8a2c6ae..8dc6e9039a 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -13,8 +13,8 @@ setup("test_cms");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
-my ($no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
- = disabled qw/dh ec ec2m rc2 zlib/;
+my ($no_des, $no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+ = disabled qw/des dh ec ec2m rc2 zlib/;
plan tests => 4;
@@ -119,7 +119,7 @@ my @smime_pkcs7_tests = (
"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -129,7 +129,7 @@ my @smime_pkcs7_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -139,7 +139,7 @@ my @smime_pkcs7_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
catfile($smdir, "smrsa1.pem"),
@@ -201,7 +201,7 @@ my @smime_cms_tests = (
"-CAfile", catfile($smdir, "smroot.pem") ]
],
- [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms", "-keyid",
catfile($smdir, "smrsa1.pem"),
@@ -306,7 +306,7 @@ my @smime_cms_param_tests = (
"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, OAEP default parameters",
+ [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
@@ -314,7 +314,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, OAEP SHA256",
+ [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
@@ -323,7 +323,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, ECDH",
+ [ "enveloped content test streaming S/MIME format, DES, ECDH",
[ "-encrypt", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smec1.pem") ],
@@ -331,7 +331,7 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
- [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
+ [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
[ "-encrypt", "-keyid", "-in", $smcont,
"-stream", "-out", "test.cms",
"-recip", catfile($smdir, "smec1.pem") ],
@@ -475,6 +475,8 @@ sub check_availability {
if ($no_dh && $tnam =~ /X9\.42/);
return "$tnam: skipped, RC2 disabled\n"
if ($no_rc2 && $tnam =~ /RC2/);
+ return "$tnam: skipped, DES disabled\n"
+ if ($no_des && $tnam =~ /DES/);
return "";
}