Fix building without scrypt

Building without the scrypt KDF is now possible, the OPENSSL_NO_SCRYPT
define is honored in code. Previous this lead to undefined references.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4116)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index e8c1c87cb3550f569c62437700f512c0e7bbff70..209aa33d1b490ada9d879340f61b232fcb39a704 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -819,6 +819,7 @@ static int alg_print(const X509_ALGOR *alg)
             BIO_printf(bio_err, ", Iteration %ld, PRF %s",
                        ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
             PBKDF2PARAM_free(kdf);
+#ifndef OPENSSL_NO_SCRYPT
         } else if (pbenid == NID_id_scrypt) {
             SCRYPT_PARAMS *kdf = NULL;
 
@@ -835,6 +836,7 @@ static int alg_print(const X509_ALGOR *alg)
                        ASN1_INTEGER_get(kdf->blockSize),
                        ASN1_INTEGER_get(kdf->parallelizationParameter));
             SCRYPT_PARAMS_free(kdf);
+#endif
         }
         PBE2PARAM_free(pbe2);
     } else {

diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c
index c7aa823e491c886116f97def2989f53b594fbeee..3f4cf385dbfed32f2f12d8f36fd557ebb24a944b 100644 (file)
--- a/crypto/kdf/scrypt.c
+++ b/crypto/kdf/scrypt.c
@@ -15,6 +15,8 @@
 #include "internal/cryptlib.h"
 #include "internal/evp_int.h"
 
+#ifndef OPENSSL_NO_SCRYPT
+
 static int atou64(const char *nptr, uint64_t *result);
 
 typedef struct {
@@ -256,3 +258,5 @@ const EVP_PKEY_METHOD scrypt_pkey_meth = {
     pkey_scrypt_ctrl,
     pkey_scrypt_ctrl_str
 };
+
+#endif

diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c
index a2ad91e40dc054eabfab5451a8768ef59ec24d02..c832e8eb12f907fce825dbed2d4ea30f93cf2dcf 100644 (file)
--- a/test/pkey_meth_kdf_test.c
+++ b/test/pkey_meth_kdf_test.c
@@ -60,6 +60,7 @@ static int test_kdf_hkdf(void)
     return 1;
 }
 
+#ifndef OPENSSL_NO_SCRYPT
 static int test_kdf_scrypt(void)
 {
     EVP_PKEY_CTX *pctx;
@@ -126,10 +127,13 @@ static int test_kdf_scrypt(void)
     EVP_PKEY_CTX_free(pctx);
     return 1;
 }
+#endif
 
 int setup_tests()
 {
     ADD_TEST(test_kdf_hkdf);
+#ifndef OPENSSL_NO_SCRYPT
     ADD_TEST(test_kdf_scrypt);
+#endif
     return 1;
 }