Changes between 0.9.7 and 0.9.7a [XX xxx 2003]
+ *) Add the possibility to build without the ENGINE framework.
+ [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
*) Under Win32 gmtime() can return NULL: check return value in
OPENSSL_gmtime(). Add error code for case where gmtime() fails.
[Steve Henson]
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
+# no-engine do not compile in any engine code.
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
#include <openssl/pkcs12.h>
#include <openssl/ui.h>
#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifdef OPENSSL_SYS_WINDOWS
#define strcasecmp _stricmp
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE)
{
if (!e)
ui_method, &cb_data);
goto end;
}
+#endif
key=BIO_new(BIO_s_file());
if (key == NULL)
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE)
{
if (!e)
ui_method, &cb_data);
goto end;
}
+#endif
key=BIO_new(BIO_s_file());
if (key == NULL)
{
return NULL;
}
+#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
{
}
return e;
}
+#endif
int load_config(BIO *err, CONF *cnf)
{
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/txt_db.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
do_pipe_sig()
# define apps_shutdown()
#else
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# ifndef OPENSSL_NO_ENGINE
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# endif
# else
# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+ setup_ui_method(); } while(0)
# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
- setup_ui_method(); } while(0)
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
#endif
typedef struct args_st
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+#ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+#endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
" -extensions .. - Extension section (override value in config file)\n",
" -extfile file - Configuration file with X509v3 extentions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -status serial - Shows certificate status given the serial number\n",
" -updatedb - Updates db for expired certificates\n",
NULL
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
char *tofree=NULL;
#ifdef EFENCE
rev_arg = *(++argv);
rev_type = REV_CA_COMPROMISE;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else
{
bad:
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
/*****************************************************************/
tofree=NULL;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
if (--argc < 1) break;
keyform=str2fmt(*(++argv));
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog,*engine;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
apps_startup();
if (!load_config(bio_err, NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
engine=NULL;
+#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef OPENSSL_NO_DSA
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
- char *inrand=NULL,*engine=NULL;
+ char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
int num = 0, g = 0;
apps_startup();
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (g && !num)
num = DEFBITS;
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog,*engine;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
if (!load_config(bio_err, NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
engine=NULL;
+#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
#ifdef GENCB_TEST
int timebomb=0;
#endif
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
+#endif
#ifdef GENCB_TEST
else if(strcmp(*argv, "-timebomb") == 0)
{
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -genkey generate a DSA key\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
#ifdef GENCB_TEST
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
#endif
}
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (need_rand)
{
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
apps_startup();
if (--argc < 1) goto bad;
passarg= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
+#endif
BIO_printf(bio_err,"Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
argv++;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (bufsize != NULL)
{
*
*/
+#ifndef OPENSSL_NO_ENGINE
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
apps_shutdown();
OPENSSL_EXIT(ret);
}
+#endif
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
BIO *out=NULL;
apps_startup();
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
out=BIO_new(BIO_s_file());
if (out == NULL)
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
const EVP_CIPHER *enc=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
char *inrand=NULL;
BIO *out=NULL;
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto err;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (outfile == NULL)
{
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#include "progs.h"
#include "s_apps.h"
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
args++;
CAfile = *args;
} else badarg = 1;
+#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
+#endif
} else badarg = 1;
} else badarg = 1;
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(passarg) {
if(export_cert) passargout = passarg;
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=1;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!args[1]) goto bad;
passargout= *(++args);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
+#endif
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
return (1);
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
extern int spkac_main(int argc,char *argv[]);
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
+#ifndef OPENSSL_NO_ENGINE
extern int engine_main(int argc,char *argv[]);
+#endif
extern int ocsp_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
+#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
+#endif
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
int base64 = 0;
BIO *out = NULL;
int num = -1;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
else
badopt = 1;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
else
badopt = 1;
}
+#endif
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher=NULL;
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
+#endif
BIO_printf(bio_err," -subject output the request's subject\n");
BIO_printf(bio_err," -passin private key password source\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
goto end;
}
if ((in == NULL) || (out == NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (keyfile != NULL)
{
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
int modulus=0;
apps_startup();
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
} else if (strcmp(*argv,"-keyform") == 0) {
if (--argc < 1) badarg = 1;
keyform=str2fmt(*(++argv));
+#ifndef OPENSSL_NO_ENGINE
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1) badarg = 1;
engine = *(++argv);
+#endif
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
}
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\" is supported.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
ENGINE *e=NULL;
+#endif
#ifdef OPENSSL_SYS_WINDOWS
struct timeval tv;
#endif
else
goto bad;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
static int s_quiet=0;
static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
static char *engine_id=NULL;
+#endif
static const char *session_id_prefix=NULL;
#ifdef MONOLITH
s_msg=0;
s_quiet=0;
hack=0;
+#ifndef OPENSSL_NO_ENGINE
engine_id=NULL;
+#endif
}
#endif
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
+#endif
char *inrand=NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
if (--argc < 1) goto bad;
session_id_prefix = *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
args = argv + 1;
ret = 1;
inrand = *args;
} else badarg = 1;
need_rand = 1;
+#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
+#endif
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
long count=0,save_count=0;
j--; /* Otherwise, -elapsed gets confused with
an algorithm. */
}
+#ifndef OPENSSL_NO_ENGINE
else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
{
argc--;
means all of them should be run) */
j--;
}
+#endif
#ifdef HAVE_FORK
else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
{
#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err,"-evp e use EVP e.\n");
BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
BIO_printf(bio_err,"-mr produce machine readable output.\n");
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
if (--argc < 1) goto bad;
spksect= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(keyfile) {
pkey = load_key(bio_err,
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto end;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-ignore_critical") == 0)
break;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
ret=0;
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," [-engine e]");
+#endif
+ BIO_printf(bio_err," cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -certopt arg - various certificate text options\n",
NULL
};
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
reqfile=0;
alias= *(++argv);
trustout = 1;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Load all OpenSSL builtin modules */
{
/* Add builtin modules here */
ASN1_add_oid_module();
+#ifndef OPENSSL_NO_ENGINE
ENGINE_add_conf_module();
+#endif
}
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* This is the automatic configuration loader: it is called automatically by
* OpenSSL when any of a number of standard initialisation functions are called,
return;
OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
+#endif
/* Add others here? */
int references;
CRYPTO_EX_DATA ex_data;
const DH_METHOD *meth;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *engine;
+#endif
};
#define DH_GENERATOR_2 2
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
const DH_METHOD *mtmp;
mtmp = dh->meth;
if (mtmp->finish) mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
if (dh->engine)
{
ENGINE_finish(dh->engine);
dh->engine = NULL;
}
+#endif
dh->meth = meth;
if (meth->init) meth->init(dh);
return 1;
}
ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
if (r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
int references;
CRYPTO_EX_DATA ex_data;
const DSA_METHOD *meth;
+#ifndef OPENSSL_NO_ENGINE
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
+#endif
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
const DSA_METHOD *mtmp;
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
if (dsa->engine)
{
ENGINE_finish(dsa->engine);
dsa->engine = NULL;
}
+#endif
dsa->meth = meth;
if (meth->init) meth->init(dsa);
return 1;
return(NULL);
}
ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
if(r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if(r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
/* test the internal curves */
internal_curve_test();
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
#define HEADER_ENGINE_H
#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_ENGINE
+#error ENGINE is disabled.
+#endif
+
#include <openssl/ossl_typ.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RSA
*
*/
-#include <openssl/e_os2.h>
#include <stdio.h>
#include <string.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+ printf("No ENGINE support\n");
+ return(0);
+}
+#else
+#include <openssl/e_os2.h>
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/engine.h>
CRYPTO_mem_leaks_fp(stderr);
return to_return;
}
+#endif
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/dso.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/ocsp.h>
#include <openssl/err.h>
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
+#ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
+#endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
#endif
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
else
ctx->engine = NULL;
}
- else if(!ctx->digest)
+ else
+#endif
+ if(!ctx->digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
return 0;
if (type->ctx_size)
ctx->md_data=OPENSSL_malloc(type->ctx_size);
}
+#ifndef OPENSSL_NO_ENGINE
skip_to_init:
+#endif
return ctx->digest->init(ctx);
}
EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
+#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a digest context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine))
{
EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
return 0;
}
+#endif
EVP_MD_CTX_cleanup(out);
memcpy(out,in,sizeof *out);
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
+#ifndef OPENSSL_NO_ENGINE
if(ctx->engine)
/* The EVP_MD we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(ctx->engine);
+#endif
memset(ctx,'\0',sizeof *ctx);
return 1;
struct env_md_ctx_st
{
const EVP_MD *digest;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
+#endif
unsigned long flags;
void *md_data;
} /* EVP_MD_CTX */;
struct evp_cipher_ctx_st
{
const EVP_CIPHER *cipher;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
+#endif
int encrypt; /* encrypt or decrypt */
int buf_len; /* number we have left */
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Load all algorithms and configure OpenSSL.
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include "evp_locl.h"
const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
enc = 1;
ctx->encrypt = enc;
}
+#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
if (ctx->engine && ctx->cipher && (!cipher ||
(cipher && (cipher->nid == ctx->cipher->nid))))
goto skip_to_init;
+#endif
if (cipher)
{
/* Ensure a context left lying around from last time is cleared
/* Restore encrypt field: it is zeroed by cleanup */
ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
if(impl)
{
if (!ENGINE_init(impl))
}
else
ctx->engine = NULL;
+#endif
ctx->cipher=cipher;
ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
return 0;
}
+#ifndef OPENSSL_NO_ENGINE
skip_to_init:
+#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
if (c->engine)
/* The EVP_CIPHER we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(c->engine);
+#endif
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
#include "../e_os.h"
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
#include <openssl/conf.h>
static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
/* Load up the software EVP_CIPHER and EVP_MD definitions */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
/* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
+#endif
#if 0
OPENSSL_config();
#endif
+#ifndef OPENSSL_NO_ENGINE
/* Register all available ENGINE implementations of ciphers and digests.
* This could perhaps be changed to "ENGINE_register_all_complete()"? */
ENGINE_register_all_ciphers();
* It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
* they weren't already initialised. */
/* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
for( ; ; )
{
}
}
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
int RAND_set_rand_method(const RAND_METHOD *meth);
const RAND_METHOD *RAND_get_rand_method(void);
+#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine);
+#endif
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
int RAND_bytes(unsigned char *buf,int num);
#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref =NULL;
+#endif
static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
+#ifndef OPENSSL_NO_ENGINE
if(funct_ref)
{
ENGINE_finish(funct_ref);
funct_ref = NULL;
}
+#endif
default_RAND_meth = meth;
return 1;
}
{
if (!default_RAND_meth)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = ENGINE_get_default_RAND();
if(e)
{
if(e)
funct_ref = e;
else
+#endif
default_RAND_meth = RAND_SSLeay();
}
return default_RAND_meth;
}
+#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
funct_ref = engine;
return 1;
}
+#endif
void RAND_cleanup(void)
{
int pad;
long version;
const RSA_METHOD *meth;
+#ifndef OPENSSL_NO_ENGINE
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
+#endif
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifndef RSA_NULL
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
const RSA_METHOD *mtmp;
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
if (rsa->engine)
{
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
+#endif
rsa->meth = meth;
if (meth->init) meth->init(rsa);
return 1;
}
ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
if (r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
+#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_sign)
return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
m, m_len, sigret, siglen, rsa);
+#endif
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
return(0);
}
+#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_verify)
return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
m, m_len, sigbuf, siglen, rsa);
+#endif
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
}
#else
#include <openssl/rsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(X509 *cert, int nid, char *value);
X509_free(x509);
EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
X509_REQ_free(req);
EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
free_tmp_rsa();
#endif
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
local($dir,$val)=@_;
local(@a,$_,$ret);
+ return("") if $no_engine && $dir =~ /\/engine/;
return("") if $no_idea && $dir =~ /\/idea/;
return("") if $no_rc2 && $dir =~ /\/rc2/;
return("") if $no_rc4 && $dir =~ /\/rc4/;
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/^engine$/,@a) if $no_engine;
@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
no-krb5 - No KRB5
no-ec - No EC
no-ecdsa - No ECDSA
+ no-ecdh - No ECDH
+ no-engine - No engine
nasm - Use NASM for x86 asm
gaswin - Use GNU as with Mingw32
no-socks - No socket code
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
+$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
#$cflags.=" -DRSAref" if $rsaref ne "";
## if ($unix)
local($dir,$val)=@_;
local(@a,$_,$ret);
+ return("") if $no_engine && $dir =~ /\/engine/;
return("") if $no_idea && $dir =~ /\/idea/;
return("") if $no_aes && $dir =~ /\/aes/;
return("") if $no_rc2 && $dir =~ /\/rc2/;
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/^engine$/,@a) if $no_engine;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
elsif (/^no-krb5$/) { $no_krb5=1; }
elsif (/^no-ec$/) { $no_ec=1; }
elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
+ elsif (/^no-ecdh$/) { $no_ecdh=1; }
+ elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
$no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
# External "algorithms"
"FP_API", "STDIO", "SOCK", "KRB5",
# Engines
- "STATIC_ENGINE",
+ "STATIC_ENGINE", "ENGINE",
# Deprecated functions
"DEPRECATED" );
my $no_cast;
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec; my $no_ecdsa; my $no_ecdh;
+my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine;
my $no_fp_api; my $no_static_engine; my $no_deprecated;
foreach (@ARGV, split(/ /, $options))
elsif (/^no-comp$/) { $no_comp=1; }
elsif (/^no-dso$/) { $no_dso=1; }
elsif (/^no-krb5$/) { $no_krb5=1; }
+ elsif (/^no-engine$/) { $no_engine=1; }
}
$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
-$crypto.=" crypto/engine/engine.h";
+$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
if ($keyword eq "COMP" && $no_comp) { return 0; }
if ($keyword eq "DSO" && $no_dso) { return 0; }
if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+ if ($keyword eq "ENGINE" && $no_engine) { return 0; }
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }