From: Rich Salz <rsalz@akamai.com>
Date: Fri, 4 Sep 2015 17:07:10 +0000 (-0400)
Subject: RT3998: Allow scrypt to be disabled
X-Git-Tag: OpenSSL_1_1_0-pre1~718
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b0809bc8ffb34bf89de9e68d8caeb4d8c2aa08f9

RT3998: Allow scrypt to be disabled

This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available.  Mostly done by David Woodhouse.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
---

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 919b8f1370..b120b93aa9 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -68,8 +68,10 @@ typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED,
-    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
-    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
 } OPTION_CHOICE;
 
 OPTIONS pkcs8_options[] = {
@@ -94,10 +96,12 @@ OPTIONS pkcs8_options[] = {
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+#ifndef OPENSSL_NO_SCRYPT
     {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
     {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
     {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
     {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
     {NULL}
 };
 
@@ -116,7 +120,9 @@ int pkcs8_main(int argc, char **argv)
     int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
     int private = 0;
+#ifndef OPENSSL_NO_SCRYPT
     unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif
 
     prog = opt_init(argc, argv, pkcs8_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -195,6 +201,7 @@ int pkcs8_main(int argc, char **argv)
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
+#ifndef OPENSSL_NO_SCRYPT
         case OPT_SCRYPT:
             scrypt_N = 1024;
             scrypt_r = 8;
@@ -214,6 +221,7 @@ int pkcs8_main(int argc, char **argv)
             if (!opt_ulong(opt_arg(), &scrypt_p))
                 goto opthelp;
             break;
+#endif
         }
     }
     argc = opt_num_rest();
@@ -260,10 +268,12 @@ int pkcs8_main(int argc, char **argv)
         } else {
             X509_ALGOR *pbe;
             if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
                 if (scrypt_N && scrypt_r && scrypt_p)
                     pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
                                                 scrypt_N, scrypt_r, scrypt_p);
                 else
+#endif
                     pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
                                             pbe_nid);
             } else {
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 5c4de797f9..35ff396566 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
+#ifndef OPENSSL_NO_SCRYPT
 /* PKCS#5 scrypt password based encryption structures */
 
 typedef struct {
@@ -330,3 +331,4 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
     SCRYPT_PARAMS_free(sparam);
     return rv;
 }
+#endif /* OPENSSL_NO_SCRYPT */
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index b9330f5cd1..6172d956a9 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -119,7 +119,9 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
     {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
     {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#ifndef OPENSSL_NO_SCRYPT
     {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
+#endif
 };
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c
index 09dfdf2515..380e1fa792 100644
--- a/crypto/evp/scrypt.c
+++ b/crypto/evp/scrypt.c
@@ -64,6 +64,8 @@
 #include <openssl/err.h>
 #include <internal/numbers.h>
 
+#ifndef OPENSSL_NO_SCRYPT
+
 #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
 static void salsa208_word_specification(uint32_t inout[16])
 {
@@ -296,3 +298,4 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     OPENSSL_clear_free(B, Blen + Vlen);
     return rv;
 }
+#endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d5333e29fe..374c92663d 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1075,6 +1075,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                           ASN1_TYPE *param, const EVP_CIPHER *cipher,
                           const EVP_MD *md, int en_de);
 
+#ifndef OPENSSL_NO_SCRYPT
 int EVP_PBE_scrypt(const char *pass, size_t passlen,
                    const unsigned char *salt, size_t saltlen,
                    uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
@@ -1083,6 +1084,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
 int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
 
 void PKCS5_PBE_add(void);
 
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 02138cbc47..da6514d26d 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1052,10 +1052,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                               unsigned char *salt, int saltlen,
                               unsigned char *aiv, int prf_nid);
 
+#ifndef OPENSSL_NO_SCRYPT
 X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
                                   const unsigned char *salt, int saltlen,
                                   unsigned char *aiv, uint64_t N, uint64_t r,
                                   uint64_t p);
+#endif
 
 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
                              int prf_nid, int keylen);
diff --git a/makevms.com b/makevms.com
index 35c44ecb39..4b9a3d7b51 100755
--- a/makevms.com
+++ b/makevms.com
@@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,-
 		     RFC3779,-
 		     RMD160,-
 		     RSA,-
+                     SCRYPT,-
 		     SCTP,-
 		     SEED,-
 		     SOCK,-
diff --git a/test/evp_test.c b/test/evp_test.c
index 90441f36fa..c5c6e07323 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1311,6 +1311,7 @@ struct pbe_data {
     size_t key_len;
 };
 
+#ifndef OPENSSL_NO_SCRYPT
 static int scrypt_test_parse(struct evp_test *t,
                              const char *keyword, const char *value)
 {
@@ -1326,6 +1327,7 @@ static int scrypt_test_parse(struct evp_test *t,
         return test_uint64(value, &pdata->maxmem);
     return 0;
 }
+#endif
 
 static int pbkdf2_test_parse(struct evp_test *t,
                              const char *keyword, const char *value)
@@ -1366,8 +1368,10 @@ static int pbe_test_init(struct evp_test *t, const char *alg)
     struct pbe_data *pdat;
     int pbe_type = 0;
 
+#ifndef OPENSSL_NO_SCRYPT
     if (strcmp(alg, "scrypt") == 0)
         pbe_type = PBE_TYPE_SCRYPT;
+#endif
     else if (strcmp(alg, "pbkdf2") == 0)
         pbe_type = PBE_TYPE_PBKDF2;
     else if (strcmp(alg, "pkcs12") == 0)
@@ -1408,12 +1412,14 @@ static int pbe_test_parse(struct evp_test *t,
         return test_bin(value, &pdata->salt, &pdata->salt_len);
     if (strcmp(keyword, "Key") == 0)
         return test_bin(value, &pdata->key, &pdata->key_len);
-    if (pdata->pbe_type == PBE_TYPE_SCRYPT)
-        return scrypt_test_parse(t, keyword, value);
-    else if (pdata->pbe_type == PBE_TYPE_PBKDF2)
+    if (pdata->pbe_type == PBE_TYPE_PBKDF2)
         return pbkdf2_test_parse(t, keyword, value);
     else if (pdata->pbe_type == PBE_TYPE_PKCS12)
         return pkcs12_test_parse(t, keyword, value);
+#ifndef OPENSSL_NO_SCRYPT
+    else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
+        return scrypt_test_parse(t, keyword, value);
+#endif
     return 0;
 }
 
@@ -1433,6 +1439,7 @@ static int pbe_test_run(struct evp_test *t)
                               pdata->iter, pdata->md,
                               pdata->key_len, key) == 0)
             goto err;
+#ifndef OPENSSL_NO_SCRYPT
     } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
         err = "SCRYPT_ERROR";
         if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
@@ -1440,6 +1447,7 @@ static int pbe_test_run(struct evp_test *t)
                            pdata->N, pdata->r, pdata->p, pdata->maxmem,
                            key, pdata->key_len) == 0)
             goto err;
+#endif
     } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
         err = "PKCS12_ERROR";
         if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
diff --git a/util/libeay.num b/util/libeay.num
index d7d4049fa6..612fff60c6 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4563,13 +4563,13 @@ COMP_get_name                           4921	EXIST::FUNCTION:
 COMP_get_type                           4922	EXIST::FUNCTION:
 ASN1_INTEGER_get_int64                  4923	EXIST::FUNCTION:
 ASN1_ENUMERATED_set_int64               4924	EXIST::FUNCTION:
-EVP_PBE_scrypt                          4925	EXIST::FUNCTION:
+EVP_PBE_scrypt                          4925	EXIST::FUNCTION:SCRYPT
 ASN1_INTEGER_set_int64                  4926	EXIST::FUNCTION:
 ASN1_ENUMERATED_get_int64               4927	EXIST::FUNCTION:
-PKCS5_v2_scrypt_keyivgen                4928	EXIST::FUNCTION:
+PKCS5_v2_scrypt_keyivgen                4928	EXIST::FUNCTION:SCRYPT
 ASN1_INTEGER_get_uint64                 4929	EXIST::FUNCTION:
 ASN1_INTEGER_set_uint64                 4930	EXIST::FUNCTION:
-PKCS5_pbe2_set_scrypt                   4931	EXIST::FUNCTION:
+PKCS5_pbe2_set_scrypt                   4931	EXIST::FUNCTION:SCRYPT
 PKCS8_set0_pbe                          4932	EXIST::FUNCTION:
 DH_bits                                 4933	EXIST::FUNCTION:DH
 RSA_bits                                4934	EXIST::FUNCTION:RSA
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 26fa20916f..c07a3c6ba0 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -69,6 +69,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "SHA256", "SHA512", "RMD160",
 			 "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
 			 "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
+                         "SCRYPT",
 			 # EC_NISTP_64_GCC_128
 			 "EC_NISTP_64_GCC_128",
 			 # Envelope "algorithms"
@@ -123,7 +124,7 @@ close(IN);
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
 my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_scrypt;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
@@ -203,6 +204,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-aes$/)	{ $no_aes=1; }
 	elsif (/^no-camellia$/)	{ $no_camellia=1; }
 	elsif (/^no-seed$/)     { $no_seed=1; }
+	elsif (/^no-scrypt$/)   { $no_scrypt=1; }
 	elsif (/^no-evp$/)	{ $no_evp=1; }
 	elsif (/^no-lhash$/)	{ $no_lhash=1; }
 	elsif (/^no-stack$/)	{ $no_stack=1; }
@@ -1187,6 +1189,7 @@ sub is_valid
 			if ($keyword eq "AES" && $no_aes) { return 0; }
 			if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
 			if ($keyword eq "SEED" && $no_seed) { return 0; }
+			if ($keyword eq "SCRYPT" && $no_scrypt) { return 0; }
 			if ($keyword eq "EVP" && $no_evp) { return 0; }
 			if ($keyword eq "LHASH" && $no_lhash) { return 0; }
 			if ($keyword eq "STACK" && $no_stack) { return 0; }