diff --git a/CHANGES b/CHANGES index 32056ac1f1d51761591b159bc79e4671c2a3f3bb..8196fd23f127be57b8bc68beb3817a1964f56896 100644 --- a/CHANGES +++ b/CHANGES @@ -406,6 +406,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + *) Under Win32 gmtime() can return NULL: check return value in OPENSSL_gmtime(). Add error code for case where gmtime() fails. [Steve Henson] diff --git a/Configure b/Configure index 4d227e6d881d03428303858255f0aa44e1ed7c74..0f270d72ea29aa83d4093d3ff6b8ea0a49c45d3a 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,6 +38,7 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware diff --git a/apps/apps.c b/apps/apps.c index 4a8c9263a7cc3e0e59989d7f986a498e01999de7..ec3e391b66aba2bd5280162133ebc1af18759c96 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp @@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) return NULL; } +#ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { @@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } +#endif int load_config(BIO *err, CONF *cnf) { diff --git a/apps/apps.h b/apps/apps.h index 7b1f8ded787dfeccbed73d4f88920617037b3a98..c36b9d25665741d5657a23296ba35ff202dc16de 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -121,7 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -179,30 +181,57 @@ extern BIO *bio_err; do_pipe_sig() # define apps_shutdown() #else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# ifndef OPENSSL_NO_ENGINE +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# endif # else # define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# endif +# else +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); \ + setup_ui_method(); } while(0) +# endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +#ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); +#endif int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/apps/ca.c b/apps/ca.c index 2a56e556a391452b325e867dbdc0980b184a784f..6722c5dbc95ccb8e259b174389c907f1ceeb5bed 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -196,7 +196,9 @@ static char *ca_usage[]={ " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -status serial - Shows certificate status given the serial number\n", " -updatedb - Updates db for expired certificates\n", NULL @@ -333,7 +335,9 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *tofree=NULL; #ifdef EFENCE @@ -537,11 +541,13 @@ EF_ALIGNMENT=0; rev_arg = *(++argv); rev_type = REV_CA_COMPROMISE; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { bad: @@ -562,7 +568,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /*****************************************************************/ tofree=NULL; diff --git a/apps/dgst.c b/apps/dgst.c index 280f79b4a23abaf5f1c3029642763bdc5dd7536f..47d1309b14c1f601d90806985db26c6a4e00078f 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -100,7 +100,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -166,11 +168,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyform=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -208,7 +212,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -228,7 +234,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); diff --git a/apps/dh.c b/apps/dh.c index c10ea96b90ac9a4cd7c92b00cf7fdfac44a532b1..cd01fed139874a64507cab2cca0cd225df24b932 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -87,12 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif apps_startup(); @@ -103,7 +108,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,11 +141,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -170,13 +179,17 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index cbc65bcc5f5e94c4686efb979e741e07a48861b6..dc00355b95b7cda3fd04f47501a39bee5fd74524 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -148,7 +148,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -157,7 +159,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL,*engine=NULL; + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif int num = 0, g = 0; apps_startup(); @@ -199,11 +204,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -249,7 +256,9 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -259,7 +268,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 65988717bbd176270c0652f84a427220919922fa..e9de3a3bdfb6f55aa6c7de6dbb609d764b35d4b7 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -98,7 +100,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -112,7 +117,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -153,11 +160,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -189,7 +198,9 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA @@ -207,7 +218,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index b6abe785abd9aa9a738cc492964cc050f8dfaff7..14e79f9a21e0d33bda3baadf761370fe8957bae7 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -110,7 +110,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -118,7 +120,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif #ifdef GENCB_TEST int timebomb=0; #endif @@ -162,11 +166,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } +#endif #ifdef GENCB_TEST else if(strcmp(*argv, "-timebomb") == 0) { @@ -221,7 +227,9 @@ bad: BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif #ifdef GENCB_TEST BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); #endif @@ -268,7 +276,9 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) { diff --git a/apps/enc.c b/apps/enc.c index 42ddfd244bc5588c5983edefa2881a1b78e0fd50..0a9f7310bf51db47160428126592c551af60e625 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,7 +100,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -119,7 +121,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif apps_startup(); @@ -163,11 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -270,7 +276,9 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -284,7 +292,9 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (bufsize != NULL) { diff --git a/apps/engine.c b/apps/engine.c index 1a22d5dee9224df23e7e5cc79c02040c85eae08c..3b3464a8493a5e81ec11067412d356c8b79aa121 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_ENGINE + #include #include #include @@ -526,3 +528,4 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#endif diff --git a/apps/gendh.c b/apps/gendh.c index 574a13a57aa7968a7a976a8b362f8deda3a90df3..b90087493a53b765c5818926ef5b3c8989e74a84 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -87,13 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif BIO *out=NULL; apps_startup(); @@ -121,11 +125,13 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -144,14 +150,18 @@ bad: BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) diff --git a/apps/gendsa.c b/apps/gendsa.c index 4600711c369a138586dc50f1ff4bcf43bf9f2dab..6d2ed06c81d9093344cc0d5a630983956e7675d1 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -77,7 +77,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -85,7 +87,9 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -111,11 +115,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -167,7 +173,9 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +184,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genrsa.c b/apps/genrsa.c index 6079688ce9105b12b6038550c11bca18329e3570..0ce23946ef5b2cb9ac3775a312a28524249e193b 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -87,7 +87,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; @@ -96,7 +98,9 @@ int MAIN(int argc, char **argv) unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; @@ -128,11 +132,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -183,7 +189,9 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -197,7 +205,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { diff --git a/apps/openssl.c b/apps/openssl.c index 47896472e8fd19bb751c9400c84e2a51b01a8689..45af2ba7f9a8281afcb7ab527a82941deba867b0 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "progs.h" #include "s_apps.h" diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e445c24b9bd667cc9c140f74374e312612912648..dd56a2b808ab76dbb548102439ffc0bd9ec65f98 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -120,7 +120,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -259,11 +261,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -311,14 +315,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 738dd853ceed006ba3e28fe4eaea8599a2b704a7..6c58c67eb27927f146362d1c403b81b234fd6643 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,7 +82,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -134,11 +138,13 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -161,14 +167,18 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif ret = 1; goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 1debccb17e16f4b1c1f0b93e0d9a2c31145729a6..6be27e7f442f688ddf1be5a21415d8151cd064d9 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -145,11 +147,13 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } +#endif else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -182,11 +186,15 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif return (1); } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/progs.h b/apps/progs.h index 999de31bdde9dd7d81fdffdfeb1ae6cf69bd1b4a..b551e1de95b479026fda02cd3d957764344acfc8 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -37,7 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); +#endif extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 @@ -119,7 +121,9 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, diff --git a/apps/rand.c b/apps/rand.c index eaaa6e35a62008572fb2da51ac294506595e6868..63724bc730250236200d08d06b95ab124863acac 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -76,7 +76,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -84,7 +86,9 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -106,6 +110,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) @@ -113,6 +118,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -150,13 +156,17 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/req.c b/apps/req.c index 3612114980a4f6f9fc5527cfdbfe4db5df18dbb9..8304df8aa258e4e1fed122b0ce473d10d4482aae 100644 --- a/apps/req.c +++ b/apps/req.c @@ -172,7 +172,9 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *extensions = NULL; char *req_exts = NULL; const EVP_CIPHER *cipher=NULL; @@ -220,11 +222,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -488,7 +492,9 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); +#endif BIO_printf(bio_err," -subject output the request's subject\n"); BIO_printf(bio_err," -passin private key password source\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); @@ -516,7 +522,7 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -680,7 +686,9 @@ bad: if ((in == NULL) || (out == NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (keyfile != NULL) { diff --git a/apps/rsa.c b/apps/rsa.c index aebec744a2929ffabc36de6dbdd2144e634157cb..0acdb08b24c35757b2ba3d659b2eff677f80c991 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif int modulus=0; apps_startup(); @@ -156,11 +158,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -212,13 +216,17 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 36957e5b8420334a355222d94e41d0995abda285..5a6fd115f41b9c783d9e5c6b0cefb497bcc22dc6 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -125,9 +127,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); +#ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; engine = *(++argv); +#endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -162,7 +166,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -305,7 +311,9 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif } diff --git a/apps/s_client.c b/apps/s_client.c index 738588c6aab65163d3c7bd7f909213e73280853e..2e73f34676ff24e6da65a7bae57ef965170a2a6b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -222,7 +222,9 @@ static void sc_usage(void) BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\" is supported.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -254,8 +256,10 @@ int MAIN(int argc, char **argv) SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; +#endif #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -415,11 +419,13 @@ int MAIN(int argc, char **argv) else goto bad; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -444,7 +450,9 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/s_server.c b/apps/s_server.c index 39013c2b0b3f226340397d0ee9e43d4c6af282bf..814f3b9c15f57c5e194b4f61e93931c921020a40 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -255,7 +255,9 @@ static int s_msg=0; static int s_quiet=0; static int hack=0; +#ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; +#endif static const char *session_id_prefix=NULL; #ifdef MONOLITH @@ -280,7 +282,9 @@ static void s_server_init(void) s_msg=0; s_quiet=0; hack=0; +#ifndef OPENSSL_NO_ENGINE engine_id=NULL; +#endif } #endif @@ -337,7 +341,9 @@ static void sv_usage(void) BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -512,7 +518,9 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; +#endif char *inrand=NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) @@ -696,11 +704,13 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; session_id_prefix = *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -725,7 +735,9 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/smime.c b/apps/smime.c index ef0e4774644542ffca00bd19158697b7bd69db62..cc248d377bb4a39b6b76a82e8f4317753f47f138 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif args = argv + 1; ret = 1; @@ -176,11 +178,13 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -330,7 +334,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -339,7 +345,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/speed.c b/apps/speed.c index ad455e5073882fab1f6c8b31278aca12ced120a8..758ce250de25e0194171aa95e189114da0c012cb 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -398,7 +398,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -731,6 +733,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an algorithm. */ } +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { argc--; @@ -747,6 +750,7 @@ int MAIN(int argc, char **argv) means all of them should be run) */ j--; } +#endif #ifdef HAVE_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { @@ -1064,7 +1068,9 @@ int MAIN(int argc, char **argv) #if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); diff --git a/apps/spkac.c b/apps/spkac.c index ed370c5ca9c688168efad85956a11108cb9ccdca..47ee53f1eef6e2cda64c0192ae2fdf2d1ee73180 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -92,7 +92,9 @@ int MAIN(int argc, char **argv) CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -141,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -171,7 +175,9 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } @@ -181,7 +187,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(keyfile) { pkey = load_key(bio_err, diff --git a/apps/verify.c b/apps/verify.c index 9a18213ece454c45b93f03ee649424d4342eb63e..6a93c018b8ce0d065d605f4f7bfda46bb44f16a6 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -86,7 +86,9 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -142,11 +144,13 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } +#endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-ignore_critical") == 0) @@ -170,7 +174,9 @@ int MAIN(int argc, char **argv) break; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); @@ -219,7 +225,11 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," [-engine e]"); +#endif + BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/apps/x509.c b/apps/x509.c index 9709628df35ac0c85f588ce5255bb0d0a157f8cd..cea33f58a069fa8279abd6c15f40ff217c9e949c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -131,7 +131,9 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -certopt arg - various certificate text options\n", NULL }; @@ -183,7 +185,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif reqfile=0; @@ -360,11 +364,13 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -450,7 +456,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index d702af689ba32422f3cd6c430087a96d54b16de2..4ba40cf44cc619cdca4ba7132a7b5a0dbe940612 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 97fb17430382e9b7a8f08d6c333ded30a3858209..e15c2e55463a4594de49debd72891a5d26663d2f 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 62dba4055c7fc84e7ec77fa276c2684546ad0906..38214082f7ef168a08ac3184fc942aacb06e7a9c 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -119,7 +119,9 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; +#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 5e58e0032f559a289464a4782f0e1d6027172b9a..28c20750bdf28734507e0d3156d085a82f6f9f6a 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ba5fd410579f1233b05abc2b0b0b2db54eac9530..09965ee2ea8001e59679d6b8dd1fb0f3a5dfce2a 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6ba79b01dfe853d6cb2ecd6100b13cb3a918c1c5..63fcce9a334a7a515005a2ede024c187cac239c3 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -142,8 +142,10 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 579f73f869f0b38184e78ee7bb0f0920ca5ecba0..4171af24c6cdf83b99acf9f0ecd594c7d8a3475e 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 70d60d9e2962088a2afd6b449987e05af2257a95..3a8d2bbc3596395709eecdcc9ab4aeed7b04996f 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9469ca62fd6f8a95c19323c3ad8178da1b50063..5cdc8ed8511b32ab9fef3fea400d1a9230c09711 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 066c6b5b2849d67c7661a4340a50f9a6f9375097..fffb129f8f3b59515f6f92c45941abb7c65f3834 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index c341c1b49ced1700d15b56add062d6ec2d92bd39..75eca097a504aa76c8ad34f473768f3de3c92c9e 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,7 +74,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e292da33845662ca57fc20e0dcee50a9c6d75d0e..e91c8fffb35716d4403d42e55922115335f8c75b 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -86,7 +86,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include #include @@ -1227,7 +1229,9 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 44b3849b25c7c4425a93033abf7130682a1dfa65..43500a86767bc03403fafcccdfae54a111977c2d 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -65,6 +65,11 @@ #define HEADER_ENGINE_H #include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 87fa8c57b72ce2b4bfc056ad41ba27799d815be7..c2d0297392f15efd44d60a112c8184d16f6e8362 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 812ab7cbe64c10e6e7d9a62473d72544df4e5ac3..6da4326b2a051e1f2f6801d9319a6ca4a3a25d05 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -88,7 +88,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -134,7 +136,9 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 33013c41a6075e3baa8e58d682fa4cc8595bba6e..5b2104ac120f77ab1aa85aebd1a06d8f59ca4b2b 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else +#endif + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index b084a358096f22fd12831a76c21ef0d3e708bb18..a58ece3a408dd83a8607f1f50f8b205b3faecbac 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -277,7 +277,9 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ +#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -349,7 +351,9 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ +#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index a68b979bdbd9f066d2980643830ccf7846a11524..54c073ca444c2085799db6a87a546f12ee268098 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,7 +59,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ccfcc7e1b15ba815daad602608af989f1e979540..be0758a87965feeb7b0c0494c3002213cd5571e9 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include "evp_locl.h" const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; @@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 698aff21dc7f67f05be4fb8b8204e565d82ed8d6..28460173f7ef0a2220ddb31f150948b7e25b4ba2 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -53,7 +53,10 @@ #include "../e_os.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#include #include static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -330,11 +333,14 @@ int main(int argc,char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -343,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -384,7 +391,9 @@ int main(int argc,char **argv) } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 66e39991ec75248ab35298efeb5fdcadd5d2cf09..606382dd211c2dadd2a85a03b53f80b801ca68e9 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5cf5dc11886db7ddd571f62169f896a836dd3254..513e3389859e9f4a504cbd0796d1df3b88315cd7 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b005b4b0b37564092ab66d766344bc2ac4969856..68696f8219f0ccfe8f9405a37f785ccfb651bfe4 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -128,8 +128,10 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index cab34847dfc81e977e097a775d3ae7419c57c217..d4e30647d143bf0464e5f0dbd047118a1e4758fd 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 93235744f7a9e365ec03a244e739ac02a6637b0d..889c36d3a6f4b5ddc3e3829c0b02c8192366e4ab 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -108,11 +110,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE if (rsa->engine) { ENGINE_finish(rsa->engine); rsa->engine = NULL; } +#endif rsa->meth = meth; if (meth->init) meth->init(rsa); return 1; @@ -130,6 +134,7 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -154,6 +159,7 @@ RSA *RSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -175,8 +181,10 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -205,8 +213,10 @@ void RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 4ac2de34079090b1d45e0c4378faba2db9824dfb..9dd62ac956ba3cfb35c1f31bd5aba7acf237bd40 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_sign) return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_verify) return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); +#endif s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index b8b462d33b56e2a9b565b77dda742caf2758a4c5..99abb1fde782fc2748b6ac4cbd3bd6fae2a7b496 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,7 +16,9 @@ int main(int argc, char *argv[]) } #else #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c index 8304d30e0b656f24545483de1ba0b50224a93a35..c5e67b8e28e47dde3249d6964daacc82063ea480 100644 --- a/demos/x509/mkcert.c +++ b/demos/x509/mkcert.c @@ -9,7 +9,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(X509 *cert, int nid, char *value); @@ -35,7 +37,9 @@ int main(int argc, char **argv) X509_free(x509); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/demos/x509/mkreq.c b/demos/x509/mkreq.c index d69dcc392b9ff6e94f0c1c4ae39fe0f1a7bc0dbc..3dfc65f16435f7056af02f4f00c473028f1593a0 100644 --- a/demos/x509/mkreq.c +++ b/demos/x509/mkreq.c @@ -8,7 +8,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value); @@ -33,7 +35,9 @@ int main(int argc, char **argv) X509_REQ_free(req); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fc27f018d1584094e06eb7731aad4c9eb194327b..49360d5f9f064bb1a70c2294adc72dd94a4af41b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -133,7 +133,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -828,7 +830,9 @@ end: #ifndef OPENSSL_NO_RSA free_tmp_rsa(); #endif +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/util/bat.sh b/util/bat.sh index c6f48e8a7b15f04ede5e1264907b3709507b960e..4d9a8287d0cfdf9dea9c59a4ba0060bd5e100054 100755 --- a/util/bat.sh +++ b/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 8c6370bc5dcbb470550d520b834148a027a7d3bc..5f3ab059f0cccd058a89e9036a740c046d813ba8 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -65,6 +65,8 @@ and [options] can be one of no-krb5 - No KRB5 no-ec - No EC no-ecdsa - No ECDSA + no-ecdh - No ECDH + no-engine - No engine nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -234,6 +236,8 @@ $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; +$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -663,6 +667,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -723,6 +728,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -925,6 +931,8 @@ sub read_options elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; } + elsif (/^no-ecdh$/) { $no_ecdh=1; } + elsif (/^no-engine$/) { $no_engine=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index d868a35036f4622b92968f78381c47ff6d584ae5..517493965145655aab6772cb0af6eb4bc827a13f 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -93,7 +93,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "KRB5", # Engines - "STATIC_ENGINE", + "STATIC_ENGINE", "ENGINE", # Deprecated functions "DEPRECATED" ); @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_fp_api; my $no_static_engine; my $no_deprecated; foreach (@ARGV, split(/ /, $options)) @@ -182,6 +182,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-engine$/) { $no_engine=1; } } @@ -243,7 +244,7 @@ $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; -$crypto.=" crypto/engine/engine.h"; +$crypto.=" crypto/engine/engine.h"; # unless $no_engine; $crypto.=" crypto/stack/stack.h" ; # unless $no_stack; $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; $crypto.=" crypto/bio/bio.h" ; # unless $no_bio; @@ -1065,6 +1066,7 @@ sub is_valid if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } + if ($keyword eq "ENGINE" && $no_engine) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }