Fix no-cms (CVE-2016-7053)

Reviewed-by: Matt Caswell <matt@openssl.org>

2 files changed, 15 insertions, 6 deletions

diff --git a/test/d2i_test.c b/test/d2i_test.c
index 32c0b0fb93..13efba9684 100644
--- a/test/d2i_test.c
+++ b/test/d2i_test.c
@@ -20,7 +20,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include <openssl/cms.h>
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
 #include "e_os.h"
 
 static const ASN1_ITEM *item_type;
@@ -151,7 +153,9 @@ int main(int argc, char **argv)
         ASN1_ITEM_ref(X509),
         ASN1_ITEM_ref(GENERAL_NAME),
         ASN1_ITEM_ref(ASN1_INTEGER),
+#ifndef OPENSSL_NO_CMS
         ASN1_ITEM_ref(CMS_ContentInfo)
+#endif
     };
 
     static error_enum expected_errors[] = {
diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t
index e663534c4d..688c8ed7ac 100644
--- a/test/recipes/25-test_d2i.t
+++ b/test/recipes/25-test_d2i.t
@@ -12,6 +12,7 @@ use warnings;
 
 use File::Spec;
 use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
 
 setup("test_d2i");
 
@@ -80,9 +81,13 @@ ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
              srctop_file('test','d2i-tests','bad-int-padminus1.der')])),
    "Running d2i_test bad-int-padminus1.der INTEGER");
 
-# Invalid CMS structure with decode error in CHOICE value.
-# Test for CVE-2016-7053
+SKIP: {
+  skip "No CMS support in this configuration", 1 if disabled("cms");
 
-ok(run(test(["d2i_test", "CMS_ContentInfo", "decode",
-             srctop_file('test','d2i-tests','bad-cms.der')])),
-   "Running d2i_test bad-cms.der CMS ContentInfo");
+  # Invalid CMS structure with decode error in CHOICE value.
+  # Test for CVE-2016-7053
+
+  ok(run(test(["d2i_test", "CMS_ContentInfo", "decode",
+               srctop_file('test','d2i-tests','bad-cms.der')])),
+     "Running d2i_test bad-cms.der CMS ContentInfo");
+}