From 6d85cd36e26bc32978d26e88e0d39488f6b2ea4c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 17:37:49 +0000 Subject: [PATCH] Add the possibility to build without the ENGINE framework. PR: 287 --- CHANGES | 3 ++ Configure | 3 +- apps/apps.c | 8 +++++ apps/apps.h | 69 +++++++++++++++++++++++++++----------- apps/ca.c | 8 +++++ apps/dgst.c | 8 +++++ apps/dh.c | 15 ++++++++- apps/dhparam.c | 13 ++++++- apps/dsa.c | 15 ++++++++- apps/dsaparam.c | 10 ++++++ apps/enc.c | 10 ++++++ apps/engine.c | 3 ++ apps/gendh.c | 10 ++++++ apps/gendsa.c | 10 ++++++ apps/genrsa.c | 10 ++++++ apps/openssl.c | 2 ++ apps/pkcs12.c | 8 +++++ apps/pkcs7.c | 10 ++++++ apps/pkcs8.c | 8 +++++ apps/progs.h | 4 +++ apps/rand.c | 10 ++++++ apps/req.c | 10 +++++- apps/rsa.c | 8 +++++ apps/rsautl.c | 8 +++++ apps/s_client.c | 8 +++++ apps/s_server.c | 12 +++++++ apps/smime.c | 8 +++++ apps/speed.c | 6 ++++ apps/spkac.c | 8 +++++ apps/verify.c | 12 ++++++- apps/x509.c | 8 +++++ crypto/conf/conf_mall.c | 4 +++ crypto/conf/conf_sap.c | 4 +++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_key.c | 2 ++ crypto/dh/dh_lib.c | 10 ++++++ crypto/dsa/dsa.h | 2 ++ crypto/dsa/dsa_lib.c | 10 ++++++ crypto/dsa/dsa_ossl.c | 2 ++ crypto/dsa/dsa_sign.c | 2 ++ crypto/dsa/dsa_vrf.c | 2 ++ crypto/dsa/dsatest.c | 2 ++ crypto/ec/ectest.c | 4 +++ crypto/engine/engine.h | 6 ++++ crypto/engine/enginetest.c | 11 +++++- crypto/err/err_all.c | 4 +++ crypto/evp/digest.c | 13 ++++++- crypto/evp/evp.h | 4 +++ crypto/evp/evp_acnf.c | 2 ++ crypto/evp/evp_enc.c | 10 ++++++ crypto/evp/evp_test.c | 9 +++++ crypto/rand/rand.h | 2 ++ crypto/rand/rand_lib.c | 10 ++++++ crypto/rsa/rsa.h | 2 ++ crypto/rsa/rsa_eay.c | 2 ++ crypto/rsa/rsa_lib.c | 10 ++++++ crypto/rsa/rsa_sign.c | 6 ++++ crypto/rsa/rsa_test.c | 2 ++ demos/x509/mkcert.c | 4 +++ demos/x509/mkreq.c | 4 +++ ssl/ssltest.c | 4 +++ util/bat.sh | 2 ++ util/mk1mf.pl | 5 +++ util/mkdef.pl | 8 +++-- 64 files changed, 461 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 92d95f203f..303d15ec28 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + *) Under Win32 gmtime() can return NULL: check return value in OPENSSL_gmtime(). Add error code for case where gmtime() fails. [Steve Henson] diff --git a/Configure b/Configure index 8050dbc96e..5347624605 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,6 +38,7 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware diff --git a/apps/apps.c b/apps/apps.c index 4a8c9263a7..ec3e391b66 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp @@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) return NULL; } +#ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { @@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } +#endif int load_config(BIO *err, CONF *cnf) { diff --git a/apps/apps.h b/apps/apps.h index 7b1f8ded78..c36b9d2566 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -121,7 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -179,30 +181,57 @@ extern BIO *bio_err; do_pipe_sig() # define apps_shutdown() #else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# ifndef OPENSSL_NO_ENGINE +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# endif # else # define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# endif +# else +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); \ + setup_ui_method(); } while(0) +# endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +#ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); +#endif int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/apps/ca.c b/apps/ca.c index 2bc5435bb1..1d4e4aa7d3 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -196,7 +196,9 @@ static char *ca_usage[]={ " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -status serial - Shows certificate status given the serial number\n", " -updatedb - Updates db for expired certificates\n", NULL @@ -333,7 +335,9 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *tofree=NULL; #ifdef EFENCE @@ -537,11 +541,13 @@ EF_ALIGNMENT=0; rev_arg = *(++argv); rev_type = REV_CA_COMPROMISE; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { bad: @@ -562,7 +568,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /*****************************************************************/ tofree=NULL; diff --git a/apps/dgst.c b/apps/dgst.c index 280f79b4a2..47d1309b14 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -100,7 +100,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -166,11 +168,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyform=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -208,7 +212,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -228,7 +234,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); diff --git a/apps/dh.c b/apps/dh.c index c10ea96b90..cd01fed139 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -87,12 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif apps_startup(); @@ -103,7 +108,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,11 +141,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -170,13 +179,17 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index cbc65bcc5f..dc00355b95 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -148,7 +148,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -157,7 +159,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL,*engine=NULL; + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif int num = 0, g = 0; apps_startup(); @@ -199,11 +204,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -249,7 +256,9 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -259,7 +268,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 65988717bb..e9de3a3bdf 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -98,7 +100,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -112,7 +117,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -153,11 +160,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -189,7 +198,9 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA @@ -207,7 +218,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 320d76f632..04861e8986 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -98,7 +100,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -139,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -191,7 +197,9 @@ bad: BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -235,7 +243,9 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) { diff --git a/apps/enc.c b/apps/enc.c index 42ddfd244b..0a9f7310bf 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,7 +100,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -119,7 +121,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif apps_startup(); @@ -163,11 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -270,7 +276,9 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -284,7 +292,9 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (bufsize != NULL) { diff --git a/apps/engine.c b/apps/engine.c index b718ae124c..456f80a706 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_ENGINE + #include #include #include @@ -518,3 +520,4 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#endif diff --git a/apps/gendh.c b/apps/gendh.c index 98ee413c74..a34a862caf 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -81,13 +81,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif BIO *out=NULL; apps_startup(); @@ -115,11 +119,13 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -138,14 +144,18 @@ bad: BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) diff --git a/apps/gendsa.c b/apps/gendsa.c index 4600711c36..6d2ed06c81 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -77,7 +77,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -85,7 +87,9 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -111,11 +115,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -167,7 +173,9 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +184,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genrsa.c b/apps/genrsa.c index dbc23e40aa..63be873b7b 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -81,7 +81,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; @@ -122,11 +126,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -177,7 +183,9 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -191,7 +199,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { diff --git a/apps/openssl.c b/apps/openssl.c index 47896472e8..45af2ba7f9 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "progs.h" #include "s_apps.h" diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 8d1babe5ea..5136acdc57 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -120,7 +120,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -252,11 +254,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -304,14 +308,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 738dd853ce..6c58c67eb2 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,7 +82,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -134,11 +138,13 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -161,14 +167,18 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif ret = 1; goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 1debccb17e..6be27e7f44 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -145,11 +147,13 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } +#endif else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -182,11 +186,15 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif return (1); } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/progs.h b/apps/progs.h index 752385d3a7..a8d3b329dc 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -35,7 +35,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); +#endif extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 @@ -111,7 +113,9 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, diff --git a/apps/rand.c b/apps/rand.c index eaaa6e35a6..63724bc730 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -76,7 +76,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -84,7 +86,9 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -106,6 +110,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) @@ -113,6 +118,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -150,13 +156,17 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/req.c b/apps/req.c index ab7b6aa20d..5f6ec3d339 100644 --- a/apps/req.c +++ b/apps/req.c @@ -162,7 +162,9 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *extensions = NULL; char *req_exts = NULL; const EVP_CIPHER *cipher=NULL; @@ -210,11 +212,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -428,7 +432,9 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); +#endif BIO_printf(bio_err," -subject output the request's subject\n"); BIO_printf(bio_err," -passin private key password source\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); @@ -453,7 +459,7 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -617,7 +623,9 @@ bad: if ((in == NULL) || (out == NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (keyfile != NULL) { diff --git a/apps/rsa.c b/apps/rsa.c index aebec744a2..0acdb08b24 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif int modulus=0; apps_startup(); @@ -156,11 +158,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -212,13 +216,17 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 36957e5b84..5a6fd115f4 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -125,9 +127,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); +#ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; engine = *(++argv); +#endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -162,7 +166,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -305,7 +311,9 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif } diff --git a/apps/s_client.c b/apps/s_client.c index 738588c6aa..2e73f34676 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -222,7 +222,9 @@ static void sc_usage(void) BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\" is supported.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -254,8 +256,10 @@ int MAIN(int argc, char **argv) SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; +#endif #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -415,11 +419,13 @@ int MAIN(int argc, char **argv) else goto bad; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -444,7 +450,9 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/s_server.c b/apps/s_server.c index 44886c5c26..5157aae4d1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -242,7 +242,9 @@ static int s_msg=0; static int s_quiet=0; static int hack=0; +#ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; +#endif static const char *session_id_prefix=NULL; #ifdef MONOLITH @@ -267,7 +269,9 @@ static void s_server_init(void) s_msg=0; s_quiet=0; hack=0; +#ifndef OPENSSL_NO_ENGINE engine_id=NULL; +#endif } #endif @@ -316,7 +320,9 @@ static void sv_usage(void) BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -490,7 +496,9 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; +#endif char *inrand=NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) @@ -665,11 +673,13 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; session_id_prefix = *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -694,7 +704,9 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/smime.c b/apps/smime.c index ef0e477464..cc248d377b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif args = argv + 1; ret = 1; @@ -176,11 +178,13 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -330,7 +334,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -339,7 +345,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/speed.c b/apps/speed.c index d07ff3145e..f2cbecc953 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -370,7 +370,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -590,6 +592,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an algorithm. */ } +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { argc--; @@ -606,6 +609,7 @@ int MAIN(int argc, char **argv) means all of them should be run) */ j--; } +#endif #ifdef HAVE_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { @@ -865,7 +869,9 @@ int MAIN(int argc, char **argv) #if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); diff --git a/apps/spkac.c b/apps/spkac.c index ed370c5ca9..47ee53f1ee 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -92,7 +92,9 @@ int MAIN(int argc, char **argv) CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -141,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -171,7 +175,9 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } @@ -181,7 +187,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(keyfile) { pkey = load_key(bio_err, diff --git a/apps/verify.c b/apps/verify.c index 9a18213ece..6a93c018b8 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -86,7 +86,9 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -142,11 +144,13 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } +#endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-ignore_critical") == 0) @@ -170,7 +174,9 @@ int MAIN(int argc, char **argv) break; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); @@ -219,7 +225,11 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," [-engine e]"); +#endif + BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/apps/x509.c b/apps/x509.c index 7915eca65c..1ac6452bdb 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -131,7 +131,9 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -certopt arg - various certificate text options\n", NULL }; @@ -183,7 +185,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif reqfile=0; @@ -360,11 +364,13 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -450,7 +456,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index d702af689b..4ba40cf44c 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 97fb174303..e15c2e5546 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 05851f8429..ba5d013b88 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -117,7 +117,9 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; +#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1a0efca2c4..6ce65ed5f3 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ba5fd41057..09965ee2ea 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 9b3baadf2c..6214ab45b6 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -135,8 +135,10 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 579f73f869..4171af24c6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 11da570ddb..68d91dbe23 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9469ca62f..5cdc8ed851 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 066c6b5b28..fffb129f8f 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 1ab90cfd7e..d4d038ae6f 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -68,7 +68,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 5d7b6b26aa..345d3e4289 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -70,7 +70,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #define ABORT do { \ @@ -628,7 +630,9 @@ int main(int argc, char *argv[]) if (P_384) EC_GROUP_free(P_384); if (P_521) EC_GROUP_free(P_521); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 10e7444172..8686879e1a 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -59,6 +59,12 @@ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H +#include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 87fa8c57b7..c2d0297392 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 90029fd159..dc505d9d9d 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -82,7 +82,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -122,7 +124,9 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 33013c41a6..5b2104ac12 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else +#endif + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 45a25f968d..4c343d644e 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -318,7 +318,9 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ +#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -390,7 +392,9 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ +#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index a68b979bdb..54c073ca44 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,7 +59,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ccfcc7e1b1..be0758a879 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include "evp_locl.h" const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; @@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 698aff21dc..28460173f7 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -53,7 +53,10 @@ #include "../e_os.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#include #include static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -330,11 +333,14 @@ int main(int argc,char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -343,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -384,7 +391,9 @@ int main(int argc,char **argv) } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 66e39991ec..606382dd21 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5cf5dc1188..513e338985 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b2e25e4e7c..d27d459997 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -124,8 +124,10 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index ce93c4032e..29ce4511bc 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 93235744f7..889c36d3a6 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -108,11 +110,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE if (rsa->engine) { ENGINE_finish(rsa->engine); rsa->engine = NULL; } +#endif rsa->meth = meth; if (meth->init) meth->init(rsa); return 1; @@ -130,6 +134,7 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -154,6 +159,7 @@ RSA *RSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -175,8 +181,10 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -205,8 +213,10 @@ void RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 4ac2de3407..9dd62ac956 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_sign) return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_verify) return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); +#endif s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index b8b462d33b..99abb1fde7 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,7 +16,9 @@ int main(int argc, char *argv[]) } #else #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c index 8304d30e0b..c5e67b8e28 100644 --- a/demos/x509/mkcert.c +++ b/demos/x509/mkcert.c @@ -9,7 +9,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(X509 *cert, int nid, char *value); @@ -35,7 +37,9 @@ int main(int argc, char **argv) X509_free(x509); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/demos/x509/mkreq.c b/demos/x509/mkreq.c index d69dcc392b..3dfc65f164 100644 --- a/demos/x509/mkreq.c +++ b/demos/x509/mkreq.c @@ -8,7 +8,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value); @@ -33,7 +35,9 @@ int main(int argc, char **argv) X509_REQ_free(req); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 4fa9d41d59..42b6f1fc8b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -128,7 +128,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -760,7 +762,9 @@ end: #ifndef OPENSSL_NO_RSA free_tmp_rsa(); #endif +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/util/bat.sh b/util/bat.sh index c6f48e8a7b..4d9a8287d0 100755 --- a/util/bat.sh +++ b/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 751fc75374..40678330cb 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -64,6 +64,7 @@ and [options] can be one of no-asm - No x86 asm no-krb5 - No KRB5 no-ec - No EC + no-engine - No engine nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -232,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -648,6 +650,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -708,6 +711,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -901,6 +905,7 @@ sub read_options elsif (/^no-sock$/) { $no_sock=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } + elsif (/^no-engine$/) { $no_engine=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index adfd447dd3..28ecd7588e 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -91,7 +91,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); + "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE" ); my $options=""; open(IN,"