RT3998: Allow scrypt to be disabled

This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. Mostly done by David Woodhouse. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-09-04 13:07:10 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-09-04 14:09:14 -0400
commit: b0809bc8ffb34bf89de9e68d8caeb4d8c2aa08f9 (patch)
tree: 3e1362aa59ccad836c959914db7cbb2fe8e09514 /apps/pkcs8.c
parent: a939b0aab5deb3678308df804d25a340240deee5 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 919b8f1370..b120b93aa9 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -68,8 +68,10 @@ typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED,
-    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
-    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
 } OPTION_CHOICE;
 
 OPTIONS pkcs8_options[] = {
@@ -94,10 +96,12 @@ OPTIONS pkcs8_options[] = {
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+#ifndef OPENSSL_NO_SCRYPT
     {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
     {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
     {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
     {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
     {NULL}
 };
 
@@ -116,7 +120,9 @@ int pkcs8_main(int argc, char **argv)
     int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
     int private = 0;
+#ifndef OPENSSL_NO_SCRYPT
     unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif
 
     prog = opt_init(argc, argv, pkcs8_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -195,6 +201,7 @@ int pkcs8_main(int argc, char **argv)
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
+#ifndef OPENSSL_NO_SCRYPT
         case OPT_SCRYPT:
             scrypt_N = 1024;
             scrypt_r = 8;
@@ -214,6 +221,7 @@ int pkcs8_main(int argc, char **argv)
             if (!opt_ulong(opt_arg(), &scrypt_p))
                 goto opthelp;
             break;
+#endif
         }
     }
     argc = opt_num_rest();
@@ -260,10 +268,12 @@ int pkcs8_main(int argc, char **argv)
         } else {
             X509_ALGOR *pbe;
             if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
                 if (scrypt_N && scrypt_r && scrypt_p)
                     pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
                                                 scrypt_N, scrypt_r, scrypt_p);
                 else
+#endif
                     pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
                                             pbe_nid);
             } else {
author	Rich Salz <rsalz@akamai.com>	2015-09-04 13:07:10 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-09-04 14:09:14 -0400
commit	b0809bc8ffb34bf89de9e68d8caeb4d8c2aa08f9 (patch)
tree	3e1362aa59ccad836c959914db7cbb2fe8e09514 /apps/pkcs8.c
parent	a939b0aab5deb3678308df804d25a340240deee5 (diff)