RT3998: Allow scrypt to be disabled

This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. Mostly done by David Woodhouse. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-04 13:07:10 -04:00
parent a939b0aab5
commit b0809bc8ff
10 changed files with 42 additions and 9 deletions
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -68,8 +68,10 @@ typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
    OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED,
-    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
-    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
 } OPTION_CHOICE;

 OPTIONS pkcs8_options[] = {
@@ -94,10 +96,12 @@ OPTIONS pkcs8_options[] = {
 #ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+#ifndef OPENSSL_NO_SCRYPT
    {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
    {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
    {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
    {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
    {NULL}
 };

@@ -116,7 +120,9 @@ int pkcs8_main(int argc, char **argv)
    int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK;
    int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
    int private = 0;
+#ifndef OPENSSL_NO_SCRYPT
    unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif

    prog = opt_init(argc, argv, pkcs8_options);
    while ((o = opt_next()) != OPT_EOF) {
@@ -195,6 +201,7 @@ int pkcs8_main(int argc, char **argv)
        case OPT_ENGINE:
            e = setup_engine(opt_arg(), 0);
            break;
+#ifndef OPENSSL_NO_SCRYPT
        case OPT_SCRYPT:
            scrypt_N = 1024;
            scrypt_r = 8;
@@ -214,6 +221,7 @@ int pkcs8_main(int argc, char **argv)
            if (!opt_ulong(opt_arg(), &scrypt_p))
                goto opthelp;
            break;
+#endif
        }
    }
    argc = opt_num_rest();
@@ -260,10 +268,12 @@ int pkcs8_main(int argc, char **argv)
        } else {
            X509_ALGOR *pbe;
            if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
                if (scrypt_N && scrypt_r && scrypt_p)
                    pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
                                                scrypt_N, scrypt_r, scrypt_p);
                else
+#endif
                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
                                            pbe_nid);
            } else {