diff --git a/apps/apps.h b/apps/apps.h index e708b87d..654cf626 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -23,8 +23,12 @@ # include # include # include -# include -# include +# ifndef OPENSSL_NO_ENGINE +# include +# endif +# ifndef OPENSSL_NO_OCSP +# include +# endif # include # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d5a1d775..e5a2f930 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -8,11 +8,9 @@ */ #include -/* 依赖DES是由PKCS12的标准要求的还是遗留问题? - */ -#if defined(OPENSSL_NO_DES) -NON_EMPTY_TRANSLATION_UNIT -#else +//#if defined(OPENSSL_NO_DES) +//NON_EMPTY_TRANSLATION_UNIT +//#else # include # include @@ -124,10 +122,14 @@ int pkcs12_main(int argc, char **argv) char pass[2048] = "", macpass[2048] = ""; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; -# ifndef OPENSSL_NO_RC2 +# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_RC2) int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -# else +# elif !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DES) int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +# elif !defined(OPENSSL_NO_SM3) && !defined(OPENSSL_NO_SMS4) + int cert_pbe = NID_pbe_WithSM3AndSMS4_CBC; +# else +# error "no avaiable cipher" # endif int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1, macver = 1, add_lmk = 0, private = 0; @@ -141,7 +143,14 @@ int pkcs12_main(int argc, char **argv) BIO *in = NULL, *out = NULL; PKCS12 *p12 = NULL; STACK_OF(OPENSSL_STRING) *canames = NULL; +#if !defined(OPENSSL_NO_DES) const EVP_CIPHER *enc = EVP_des_ede3_cbc(); +#elif !defined(OPENSSL_NO_SMS4) + const EVP_CIPHER *enc = EVP_sms4_cbc(); +#else +# error "no avaible cipher" +#endif + OPTION_CHOICE o; prog = opt_init(argc, argv, pkcs12_options); @@ -934,4 +943,4 @@ static int set_pbe(int *ppbe, const char *str) return 1; } -#endif +//#endif diff --git a/apps/progs.h b/apps/progs.h index 60abca71..990987d8 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -183,10 +183,10 @@ static FUNCTION functions[] = { #ifndef OPENSSL_NO_OTP { FT_general, "otp", otp_main, otp_options }, #endif +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_DES) { FT_general, "passwd", passwd_main, passwd_options }, -#ifndef OPENSSL_NO_PKCS12 - { FT_general, "pkcs12", pkcs12_main, pkcs12_options }, #endif + { FT_general, "pkcs12", pkcs12_main, pkcs12_options }, #ifndef OPENSSL_NO_PKCS7 { FT_general, "pkcs7", pkcs7_main, pkcs7_options }, #endif diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index cfde49ab..a439db8e 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -11,7 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include "internal/asn1_int.h" #include "internal/evp_int.h" diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index e311b909..156c5fdd 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -12,7 +12,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include #include #include "internal/asn1_int.h" diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 4e7a434e..b2850b30 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -13,7 +13,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif /* Load all OpenSSL builtin modules */ diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index bed95abe..517c7053 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -13,7 +13,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif /* * This is the automatic configuration loader: it is called automatically by diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 687896fd..8aeaa21d 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -12,7 +12,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_CMS +# include +#endif #include #include "internal/asn1_int.h" #include "internal/evp_int.h" diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index f1f0afb4..6c978c20 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -17,7 +17,9 @@ #include #include "ec_lcl.h" #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif EC_KEY *EC_KEY_new(void) { diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index aa85e621..7a2ac3eb 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -9,7 +9,9 @@ #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include #include "ec_lcl.h" #ifndef OPENSSL_NO_SM2 diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 7541f458..1d13301c 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -18,7 +18,9 @@ #endif #include #include -#include +#ifndef OPENSSL_NO_COMP +# include +#endif #ifndef OPENSSL_NO_RSA # include #endif @@ -37,14 +39,22 @@ #include #include #include "internal/dso.h" -#include -#include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif +#ifndef OPENSSL_NO_UI +# include +#endif +#ifndef OPENSSL_NO_OCSP +# include +#endif #include #ifdef OPENSSL_FIPS # include #endif -#include +#ifndef OPENSSL_NO_TS +# include +#endif #ifndef OPENSSL_NO_CMS # include #endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 42793ad9..c7cd6dfd 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -11,7 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include "internal/evp_int.h" #include "evp_locl.h" #ifndef OPENSSL_NO_SM2 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index bb6dd67c..556838e5 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -13,7 +13,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include "internal/evp_int.h" #include "evp_locl.h" diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index f4dc0c43..e431cdfd 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -16,7 +16,9 @@ # include # include # include -# include +# ifndef OPENSSL_NO_RSA +# include +# endif # include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 8df5d3b3..b497a39d 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -26,7 +26,9 @@ #ifndef OPENSSL_NO_PAILLIER # include #endif -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include "internal/asn1_int.h" #include "internal/evp_int.h" diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 169639b5..61f0db1d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -10,7 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include #include #include "internal/asn1_int.h" diff --git a/crypto/include/internal/async.h b/crypto/include/internal/async.h index db56258f..6b10428a 100644 --- a/crypto/include/internal/async.h +++ b/crypto/include/internal/async.h @@ -7,7 +7,11 @@ * https://www.openssl.org/source/license.html */ +//FIXME: + +#ifndef OPENSSL_NO_ASYNC #include +#endif int async_init(void); void async_deinit(void); diff --git a/crypto/include/internal/engine.h b/crypto/include/internal/engine.h index 53f88833..469cc5d6 100644 --- a/crypto/include/internal/engine.h +++ b/crypto/include/internal/engine.h @@ -7,7 +7,9 @@ * https://www.openssl.org/source/license.html */ +#ifndef OPENSSL_NO_ENGINE #include +#endif void engine_load_openssl_int(void); void engine_load_cryptodev_int(void); diff --git a/crypto/pem/pem3.c b/crypto/pem/pem3.c index 0fecbc5d..da649bf4 100644 --- a/crypto/pem/pem3.c +++ b/crypto/pem/pem3.c @@ -52,10 +52,14 @@ #include #include #include -#include +#ifndef OPENSSL_NO_PKCS7 +# include +#endif #include #include -#include +#ifndef OPENSSL_NO_PAILLIER +# include +#endif /* extern PAILLIER *EVP_PKEY_get1_PAILLIER(EVP_PKEY *key); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 6dabc0bd..1523e8b2 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -22,7 +22,9 @@ #ifndef OPENSSL_NO_DES # include #endif -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #define MIN_LENGTH 4 diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 835dd986..98c0fa36 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -15,7 +15,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #ifndef OPENSSL_NO_DH # include #endif diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 7739e541..51a895b5 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -22,7 +22,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ASYNC +# include +#endif #include "rand_lcl.h" #include diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 23871267..dccdf2ca 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -13,7 +13,9 @@ #include #include "internal/rand.h" -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #ifdef OPENSSL_FIPS # include diff --git a/fuzz/asn1.c b/fuzz/asn1.c index 5125f363..360f0e35 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -19,14 +19,22 @@ #include #include #include -#include +#ifndef OPENSSL_NO_DH +# include +#endif #include #include #include -#include -#include +#ifndef OPENSSL_NO_RSA +# include +#endif +#ifndef OPENSSL_NO_TS +# include +#endif #include -#include +#ifndef OPENSSL_NO_CMS +# include +#endif #include "fuzzer.h" static ASN1_ITEM_EXP *item_type[] = { @@ -153,10 +161,12 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(POLICYQUALINFO), ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), ASN1_ITEM_ref(PROXY_POLICY), +#ifndef OPENSSL_NO_RSA ASN1_ITEM_ref(RSA_OAEP_PARAMS), ASN1_ITEM_ref(RSAPrivateKey), ASN1_ITEM_ref(RSA_PSS_PARAMS), ASN1_ITEM_ref(RSAPublicKey), +#endif ASN1_ITEM_ref(SXNET), ASN1_ITEM_ref(SXNETID), /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */ diff --git a/include/internal/comp.h b/include/internal/comp.h index ac6e38b4..6356e23f 100644 --- a/include/internal/comp.h +++ b/include/internal/comp.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include +#ifndef OPENSSL_NO_COMP +# include +#endif void comp_zlib_cleanup_int(void); diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index b32641f5..8cd0e53a 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -41,9 +41,9 @@ extern "C" { */ # define OPENSSL_VERSION_NUMBER 0x1010004fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "GmSSL 2.0 - OpenSSL 1.1.0d-fips 08 Dec 2017" +# define OPENSSL_VERSION_TEXT "GmSSL 2.0.0 - OpenSSL 1.1.0d-fips 08 Dec 2017" # else -# define OPENSSL_VERSION_TEXT "GmSSL 2.0 - OpenSSL 1.1.0d 08 Dec 2017" +# define OPENSSL_VERSION_TEXT "GmSSL 2.0.0 - OpenSSL 1.1.0d 08 Dec 2017" # endif /*- diff --git a/include/openssl/pem3.h b/include/openssl/pem3.h index b4da59ed..99563a6b 100644 --- a/include/openssl/pem3.h +++ b/include/openssl/pem3.h @@ -50,11 +50,21 @@ #ifndef HEADER_PEM3_H #define HEADER_PEM3_H -#include -#include -#include -#include -#include +#ifndef OPENSSL_NO_CPK +# include +#endif +#ifndef OPENSSL_NO_SM9 +# include +#endif +#ifndef OPENSSL_NO_BFIBE +# include +#endif +#ifndef OPENSSL_NO_BB1IBE +# include +#endif +#ifndef OPENSSL_NO_PAILLIER +# include +#endif #ifdef __cplusplus diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c676a0df..96118bcd 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -92,7 +92,9 @@ # include # include -# include +# ifndef OPENSSL_NO_COMP +# include +# endif # include # if OPENSSL_API_COMPAT < 0x10100000L # include @@ -102,11 +104,15 @@ # endif # include # include -# include +# ifndef OPENSSL_NO_ASYNC +# include +# endif # include # include -# include +# ifndef OPENSSL_NO_CT +# include +# endif #ifdef __cplusplus extern "C" { @@ -1707,7 +1713,7 @@ __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_GMTLS __owur const SSL_METHOD *GMTLS_method(void); /* GMTLSv1.1 */ __owur const SSL_METHOD *GMTLS_server_method(void); /* GMTLSv1.1 */ __owur const SSL_METHOD *GMTLS_client_method(void); /* GMTLSv1.1 */ diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index aca19223..50f84b3c 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -16,7 +16,9 @@ #ifndef HEADER_SSL3_H # define HEADER_SSL3_H -# include +# ifndef OPENSSL_NO_COMP +# include +# endif # include # include # include diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a5debf63..a7acd8f8 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -73,7 +73,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_DH +# include +#endif #include #include #include "ssl_locl.h" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d41d13ef..4a369ba4 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -42,8 +42,12 @@ #include #include #include -#include -#include +#ifndef OPENSSL_NO_COMP +# include +#endif +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include #include "ssl_locl.h" #include "internal/thread_once.h" diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e5caa478..bf0a7c5c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -94,10 +94,18 @@ #include #include #include -#include -#include -#include +#ifndef OPENSSL_NO_OCSP +# include +#endif +#ifndef OPENSSL_NO_ENGINE +# include +#endif +#ifndef OPENSSL_NO_ASYNC +# include +#endif +#ifndef OPENSSL_NO_CT #include +#endif const char SSL_version_str[] = OPENSSL_VERSION_TEXT; @@ -706,7 +714,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->psk_server_callback = ctx->psk_server_callback; #endif +#ifndef OPENSSL_NO_ASYNC s->job = NULL; +#endif #ifndef OPENSSL_NO_CT if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8866c0ca..68a63260 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -100,7 +100,9 @@ # endif # include -# include +# ifndef OPENSSL_NO_COMP +# include +# endif # include # include # ifndef OPENSSL_NO_RSA @@ -114,9 +116,14 @@ # endif # include # include -# include +# include +# ifndef OPENSSL_NO_ASYNC +# include +# endif # include -# include +# ifndef OPENSSL_NO_CT +# include +# endif # include "record/record.h" # include "statem/statem.h" # include "packet_locl.h" @@ -557,12 +564,14 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +#ifndef OPENSSL_NO_SM9 typedef struct cert_sm9_st { SM9PublicParameters *params; SM9PrivateKey *privatekey; SM9PublicKey *publickey; char *id; } CERT_SM9; +#endif /*- * Lets make this into an ASN.1 type structure as follows @@ -1234,8 +1243,10 @@ struct ssl_st { /* Default password callback user data. */ void *default_passwd_callback_userdata; /* Async Job info */ +# ifndef OPENSSL_NO_ASYNC ASYNC_JOB *job; ASYNC_WAIT_CTX *waitctx; +# endif CRYPTO_RWLOCK *lock; }; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 9b0b6fc5..f9a74d5d 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -85,7 +85,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index fac20e9f..58b610e7 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -84,7 +84,9 @@ #include #include "ssl_locl.h" -#include +#ifndef OPENSSL_NO_COMP +# include +#endif #include #include #include diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index a8e9f9a9..90f0b8e9 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -9,7 +9,12 @@ /* Custom extension utility functions */ -#include +#include +#include + +#ifndef OPENSSL_NO_CT +# include +#endif #include "ssl_locl.h" /* Find a custom extension from the list. */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index eb57137b..9e28c256 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -57,16 +57,20 @@ #include #include +#include #include #include #include -#include +#ifndef OPENSSL_NO_OCSP +# include +#endif #include #include #include #include "ssl_locl.h" -#include - +#ifndef OPENSSL_NO_CT +# include +#endif #define CHECKLEN(curr, val, limit) \ (((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))