From 8e6e7a080dc4b581504b7c71357678bb5ece7a8d Mon Sep 17 00:00:00 2001
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Date: Thu, 19 Jan 2023 11:34:15 +0100
Subject: openpgp: Add check for CAST5.

  - OpenSSL can be compiled with no support for CAST5.

  - This will be indicated by setting `osslconf` variable to
    `OPENSSL_NO_CAST`.

  - See https://github.com/sfackler/rust-openssl/pull/1786
---
 Cargo.lock                                      | 8 ++++----
 openpgp/Cargo.toml                              | 8 ++++----
 openpgp/src/crypto/backend/openssl/symmetric.rs | 2 ++
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1a2cbb7e..b53442c8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1730,9 +1730,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 
 [[package]]
 name = "openssl"
-version = "0.10.45"
+version = "0.10.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b102428fd03bc5edf97f62620f7298614c45cedf287c271e7ed450bbaf83f2e1"
+checksum = "d8b277f87dacc05a6b709965d1cbafac4649d6ce9f3ce9ceb88508b5666dfec9"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1762,9 +1762,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.80"
+version = "0.9.82"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23bbbf7854cd45b83958ebe919f0e8e516793727652e27fda10a8384cfc790b7"
+checksum = "a95792af3c4e0153c3914df2261bedd30a98476f94dc892b67dfe1d89d433a04"
 dependencies = [
  "autocfg 1.1.0",
  "cc",
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml
index 9a7f3250..d35048ab 100644
--- a/openpgp/Cargo.toml
+++ b/openpgp/Cargo.toml
@@ -44,13 +44,13 @@ regex-syntax = "0.6"
 sha1collisiondetection = { version = "0.2.3", default-features = false, features = ["std"] }
 thiserror = "1.0.2"
 xxhash-rust = { version = "0.8", features = ["xxh3"] }
-
-# At least 0.10.45 is needed due to CipherCtx::cipher_final_unchecked
-openssl = { version = ">= 0.10.45", optional = true }
+# At least 0.10.46 is needed due `no-cast` check:
+# https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md
+openssl = { version = ">= 0.10.47", optional = true }
 # We need to directly depend on the sys crate so that the metadata produced
 # in its build script is passed to sequoia-openpgp's build script
 # see: https://doc.rust-lang.org/cargo/reference/build-scripts.html#the-links-manifest-key
-openssl-sys = { version = ">= 0.9.80", optional = true }
+openssl-sys = { version = ">= 0.9.82", optional = true }
 foreign-types-shared = { version = "0.1.1", optional = true }
 
 # Botan.
diff --git a/openpgp/src/crypto/backend/openssl/symmetric.rs b/openpgp/src/crypto/backend/openssl/symmetric.rs
index 4f68fa0e..605d7533 100644
--- a/openpgp/src/crypto/backend/openssl/symmetric.rs
+++ b/openpgp/src/crypto/backend/openssl/symmetric.rs
@@ -160,6 +160,7 @@ impl SymmetricAlgorithm {
             #[cfg(not(osslconf = "OPENSSL_NO_BF"))]
             SymmetricAlgorithm::Blowfish => Cipher::bf_cfb64(),
 
+            #[cfg(not(osslconf = "OPENSSL_NO_CAST"))]
             SymmetricAlgorithm::CAST5 => Cipher::cast5_cfb64(),
             _ => return Err(Error::UnsupportedSymmetricAlgorithm(self))?,
         })
@@ -186,6 +187,7 @@ impl SymmetricAlgorithm {
             #[cfg(not(osslconf = "OPENSSL_NO_BF"))]
             SymmetricAlgorithm::Blowfish => Cipher::bf_ecb(),
 
+            #[cfg(not(osslconf = "OPENSSL_NO_CAST"))]
             SymmetricAlgorithm::CAST5 => Cipher::cast5_ecb(),
             _ => Err(Error::UnsupportedSymmetricAlgorithm(self))?,
         })
-- 
cgit v1.2.3