Implement support for no-ts

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/apps/progs.pl b/apps/progs.pl
index b601fefb1b4bce59956dddd4ab69af52eb229df1..11bcbef8b8039ca373fde8935f7e643fc4967ec7 100644 (file)
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -75,6 +75,8 @@ foreach (@ARGV) {
                print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n";
        } elsif (/^srp$/) {
                print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n";
+       } elsif (/^ts$/) {
+               print "#ifndef OPENSSL_NO_TS\n${str}#endif\n";
        } else {
                print $str;
        }

diff --git a/apps/ts.c b/apps/ts.c
index b287e26a78693bd4fac68eece7ff8080ed2376fe..1872422468695d7d1dc6b1a5c6f0015a7fa5c857 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -56,25 +56,28 @@
  *
  */
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/ts.h>
-#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_TS
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+# include <openssl/ts.h>
+# include <openssl/bn.h>
 
 /* Request nonce length, in bits (must be a multiple of 8). */
-#define NONCE_LENGTH            64
+# define NONCE_LENGTH            64
 
 /* Name of config entry that defines the OID file. */
-#define ENV_OID_FILE            "oid_file"
+# define ENV_OID_FILE            "oid_file"
 
 /* Is |EXACTLY_ONE| of three pointers set? */
-#define EXACTLY_ONE(a, b, c) \
+# define EXACTLY_ONE(a, b, c) \
         (( a && !b && !c) || \
          ( b && !a && !c) || \
          ( c && !a && !b))
@@ -159,9 +162,9 @@ OPTIONS ts_options[] = {
     {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
     {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
     {"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
+# endif
     {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
     OPT_V_OPTIONS,
     {OPT_HELP_STR, 1, '-', "\n"},
@@ -182,11 +185,11 @@ static char* opt_helplist[] = {
     "          [-signer tsa_cert.pem] [-inkey private_key.pem]",
     "          [-chain certs_file.pem] [-tspolicy oid]",
     "          [-in file] [-token_in] [-out file] [-token_out]",
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     "          [-text]",
-#else
+# else
     "          [-text] [-engine id]",
-#endif
+# endif
     "  or",
     "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
     "           [-data file] [-digest hexstring]",
@@ -735,10 +738,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
         goto end;
     if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
         goto end;
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     if (!TS_CONF_set_crypto_device(conf, section, engine))
         goto end;
-#endif
+# endif
     if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
         goto end;
     if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
@@ -1026,3 +1029,4 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
 {
     return ok;
 }
+#endif

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index be6a30e93ba8c08f649044e06784d7749c1c2b95..8939c085eacfd8495d95d0289087c0c828a29187 100644 (file)
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -142,7 +142,9 @@ void err_load_crypto_strings_intern(void)
     ERR_load_PKCS12_strings();
     ERR_load_RAND_strings();
     ERR_load_DSO_strings();
+# ifndef OPENSSL_NO_TS
     ERR_load_TS_strings();
+# endif
 # ifndef OPENSSL_NO_ENGINE
     ERR_load_ENGINE_strings();
 # endif

diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index c5bd80a2a9064e353ce0255e832f0e5a661bed75..ca3969f8c518a5ffcc1f7c918ccce801f567f15c 100644 (file)
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -60,6 +60,7 @@
 # define HEADER_TS_H
 
 # include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_TS
 # include <openssl/symhacks.h>
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
@@ -700,3 +701,4 @@ void ERR_load_TS_strings(void);
 }
 #endif
 #endif
+#endif

diff --git a/util/mkdef.pl b/util/mkdef.pl
index ec1907890fe68cccfb74473dc8992f27994f9850..129e6b46bdb2fee5481fbf24334b8f4a4ce07720 100755 (executable)
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -117,6 +117,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "UNIT_TEST",
                         # User Interface
                         "UI",
+                        #
+                        "TS",
                         # OCB mode
                         "OCB",
                          # APPLINK (win build feature?)