diff options
author | Rich Salz <rsalz@akamai.com> | 2015-09-04 13:07:10 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-09-04 14:09:14 -0400 |
commit | b0809bc8ffb34bf89de9e68d8caeb4d8c2aa08f9 (patch) | |
tree | 3e1362aa59ccad836c959914db7cbb2fe8e09514 /apps/pkcs8.c | |
parent | a939b0aab5deb3678308df804d25a340240deee5 (diff) |
RT3998: Allow scrypt to be disabled
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available. Mostly done by David Woodhouse.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'apps/pkcs8.c')
-rw-r--r-- | apps/pkcs8.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 919b8f1370..b120b93aa9 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -68,8 +68,10 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED, - OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, - OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P +#ifndef OPENSSL_NO_SCRYPT + OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P, +#endif + OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT } OPTION_CHOICE; OPTIONS pkcs8_options[] = { @@ -94,10 +96,12 @@ OPTIONS pkcs8_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif +#ifndef OPENSSL_NO_SCRYPT {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"}, {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"}, {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"}, {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"}, +#endif {NULL} }; @@ -116,7 +120,9 @@ int pkcs8_main(int argc, char **argv) int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK; int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; int private = 0; +#ifndef OPENSSL_NO_SCRYPT unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; +#endif prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { @@ -195,6 +201,7 @@ int pkcs8_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; +#ifndef OPENSSL_NO_SCRYPT case OPT_SCRYPT: scrypt_N = 1024; scrypt_r = 8; @@ -214,6 +221,7 @@ int pkcs8_main(int argc, char **argv) if (!opt_ulong(opt_arg(), &scrypt_p)) goto opthelp; break; +#endif } } argc = opt_num_rest(); @@ -260,10 +268,12 @@ int pkcs8_main(int argc, char **argv) } else { X509_ALGOR *pbe; if (cipher) { +#ifndef OPENSSL_NO_SCRYPT if (scrypt_N && scrypt_r && scrypt_p) pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL, scrypt_N, scrypt_r, scrypt_p); else +#endif pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, pbe_nid); } else { |