diff options
| author | Matt Caswell <matt@openssl.org> | 2020-11-27 09:55:36 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-11-30 10:50:13 +0000 |
| commit | cbb85bda0c0849ce962e1cf232689d6351e4a217 (patch) | |
| tree | 34a01fc626584b740ffa0e6b98ae73458992a1d3 /providers/fips | |
| parent | 9327b5c9c9e3a1b18e5b52491dc438d1e28b5e40 (diff) | |
| download | openssl-new-cbb85bda0c0849ce962e1cf232689d6351e4a217.tar.gz | |
Fix builds that specify both no-dh and no-ec
Various sections of code assumed that at least one of dh or ec would be
available. We also now also need to handle cases where a provider has
a key exchange algorithm and TLS-GROUP that we don't know about.
Fixes #13536
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13549)
Diffstat (limited to 'providers/fips')
| -rw-r--r-- | providers/fips/self_test_data.inc | 10 | ||||
| -rw-r--r-- | providers/fips/self_test_kats.c | 8 |
2 files changed, 13 insertions, 5 deletions
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 8a4b6fcee0..eb8cfb54e0 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -769,9 +769,10 @@ static const unsigned char ecdh_secret_expected[] = { }; #endif /* OPENSSL_NO_EC */ +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) static const ST_KAT_KAS st_kat_kas_tests[] = { -#ifndef OPENSSL_NO_DH +# ifndef OPENSSL_NO_DH { OSSL_SELF_TEST_DESC_KA_DH, "DH", @@ -780,8 +781,8 @@ static const ST_KAT_KAS st_kat_kas_tests[] = dh_peer_key, ITM(dh_secret_expected) }, -#endif /* OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_EC +# endif /* OPENSSL_NO_DH */ +# ifndef OPENSSL_NO_EC { OSSL_SELF_TEST_DESC_KA_ECDH, "EC", @@ -790,8 +791,9 @@ static const ST_KAT_KAS st_kat_kas_tests[] = ecdh_peer_key, ITM(ecdh_secret_expected) }, -#endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_EC */ }; +#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ #if !defined(OPENSSL_NO_RSA) /* RSA key data */ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index c61646aafe..8d4332ee87 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -346,6 +346,7 @@ err: return ret; } +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) static int self_test_ka(const ST_KAT_KAS *t, OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { @@ -421,6 +422,7 @@ err: OSSL_SELF_TEST_onend(st, ret); return ret; } +#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ static int self_test_sign(const ST_KAT_SIGN *t, OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) @@ -655,12 +657,16 @@ static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { - int i, ret = 1; + int ret = 1; +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) + int i; for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) { if (!self_test_ka(&st_kat_kas_tests[i], st, libctx)) ret = 0; } +#endif + return ret; } |