This is the full patch, in case that's easier to read. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
commit 422b63a1fd1f4ba6620429fa16cd995f6aff760c
Author: David Woodhouse <david.woodho...@intel.com>
Date: Wed Jul 29 12:10:14 2015 +0100
Include <stdio.h> for sscanf() even with no-stdio
This isn't actually stdio or file access per se; it merely lives in
<stdio.h>.
We rely on sscanf() to parse the OPENSSL_ia32cap environment variable,
since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
Fixing that without using sscanf() is... distinctly non-trivial. So I'm
prepared to live with claiming that it's acceptable to use sscanf() even
when OPENSSL_NO_STDIO is set.
Anyone who disagrees can do so in 'diff -up' form.
commit 046270b1909976668c12e52dc1c8fbc392a50405
Author: David Woodhouse <david.woodho...@intel.com>
Date: Wed Jul 29 12:07:03 2015 +0100
Make OPENSSL_showfatal do nothing with no-stdio
Without stdio, there's nothing we can do. There is some merit in
allowing platforms to provide their own BIO for "stderr". Soee platforms
do have a debug console that they could hook that up to, while they
don't have true stdio or file access. But for now, just make it do
nothing if OPENSSL_NO_STDIO is set.
commit e2b3c56d74c95e1f434f936acbb2db5a1ba9785b
Author: David Woodhouse <david.woodho...@intel.com>
Date: Wed Jul 29 11:53:57 2015 +0100
Kill OPENSSL_stderr()
It isn't used within OpenSSL. It's private now so it can't be used from
outside either. It's utterly pointless because it only ever returns
'stderr' anyway. And it breaks the build with OPENSSL_NO_STDIO.
Perhaps we should have OPENSSL_std{in,out,err} that return a BIO* instead,
and then we can output to those. In firmware environments where there's
no true stdio or FILE*, we *do* often have a way to print messages to the
console, and those BIOs could do the right thing.
That might actually give us a way to fix OPENSSL_showfatal() (qv).
commit ad771ea474f3065208d584536aa3da34192ac8f2
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 21:29:17 2015 +0100
Remove file-based functionality from ssl/ for no-stdio build
The function prototypes were already gone, but not the functions themselves.
commit 3ff9391624da53b47ae96d34de08593556df0723
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 21:26:23 2015 +0100
Remove unviable conf functionality from no-stdio build
Rip out anything which requires file access. It couldn't have worked
anyway; let's be honest about its absence.
commit efc8bbe37fe45370319b695e8573cfa3df23a663
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 21:24:58 2015 +0100
Add fallback definition of BUFSIZ for no-stdio build
This is in <stdio.h>, and might not be present from the system includes
if OPENSSL_NO_STDIO is set. Define it ourselves to a reasonable value
in that case, in the places where we're (ab)using it.
commit afc62e3b07c2b251c3e1bf07fc6985b935966050
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 21:14:22 2015 +0100
Disable file: values in pci_process_value() for no-stdio build
commit c6bb3eddd60ae54e3d1f5232ac914884b184343b
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 21:12:42 2015 +0100
Disable file-based TS_CONF_* functions for no-stdio build
If we can't access files, none of this is usable.
commit 73eebf202f2bd2266b5c7aaadca91fb485f85ee1
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 20:56:28 2015 +0100
Remove functions taking FILE * from header files for no-stdio
If OPENSSL_NO_STDIO is set, we don't include <stdio.h> and the FILE
type does not exist. So a whole bunch of function prototypes (for
functions that don't exist anyway) end up not compiling. Make them
go away.
While at it, fix up a few 'BIO *fp' in function prototypes which in
my first attempt got those functions #ifdef'd out too...
commit 455cfd0c79b53db92fc2007adf88480ded49a2be
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 17:23:11 2015 +0100
Add missing DECLARE_PEM_write_fp_const for no-stdio
This was missing when OPENSSL_NO_STDIO was set, causing build errors.
commit 74a997c120b36d1686f476fd7089f6e34a7cd900
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 17:09:48 2015 +0100
Disable X509_LOOKUP_hash_dir() with no-stdio
If OEPNSSL_NO_STDIO is set, we have no file access. So the hash directory
can't work.
X509_LOOKUP_file() was already compiled out, but its prototype was
still present in x509_vfy.h. Fix that too.
commit da6e508a5d58453b0f79a938e6cf825799ad94f4
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 17:04:30 2015 +0100
Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid() to fix no-stdio
If OPENSSL_NO_STDIO is set, we cannot use fprintf(stderrā¦). So use
OPENSSL_showfatal() instead. OK, I haven't actually fixed *that* yet
either, and I'm not entirely sure how to. But at least the problem
is localised to one place.
commit 766de62b78744a7b45996247e0049f1b282a3644
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 16:42:20 2015 +0100
Eliminate SRP_VBASE_init() and supporting functions for no-stdio
This requires file access, so can't be used when OPENSSL_NO_STDIO is set.
Users will need to build the verifier manually instead.
commit 7029f2cac987e860803d5589c138ea52b5989016
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 16:41:04 2015 +0100
Eliminate compiler warning for unused do_pk8pkey_fp() with no-stdio
When OPENSSL_NO_STDIO is set, this function isn't used and triggers a
compiler warning. Eliminate that.
commit 8e5b903430c438c8adaebef0469945b5b3e0800d
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 16:39:37 2015 +0100
Disable TEST_ENG_OPENSSL_PKEY with no-stdio
If OPENSSL_NO_STDIO is set, then we can't do any file access so we can't
have that openssl_load_privkey() test. Disable it.
commit 823c4927634d96d8788e99eb5c11d511b273774e
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 16:36:13 2015 +0100
Disable GOST engine when no-stdio
The GOST engine is littered with printf() and fprintf() calls. Disable
it when OPENSSL_NO_STDIO is set.
commit 3f28f167e935b536063ef4eb1da5c5ceacf91a0e
Author: David Woodhouse <david.woodho...@intel.com>
Date: Tue Jul 28 16:31:32 2015 +0100
Eliminate compiler warning for unused send_fp_chars() with no-stdio
When OPENSSL_NO_STDIO is set, this function isn't used and triggers a
compiler warning. Eliminate that.
Configure | 2 +-
crypto/asn1/a_strex.c | 2 ++
crypto/conf/conf_def.c | 5 +++++
crypto/conf/conf_lib.c | 4 ++--
crypto/conf/conf_mod.c | 2 ++
crypto/conf/conf_sap.c | 2 ++
crypto/cryptlib.c | 8 +++-----
crypto/des/read2pwd.c | 4 ++++
crypto/engine/eng_openssl.c | 2 ++
crypto/include/internal/cryptlib.h | 1 -
crypto/lock.c | 3 +--
crypto/pem/pem_pk8.c | 4 +++-
crypto/srp/srp_vfy.c | 6 ++++++
crypto/ts/ts_conf.c | 4 ++++
crypto/ui/ui_util.c | 4 ++++
crypto/x509/by_dir.c | 4 ++++
crypto/x509v3/v3_pci.c | 2 ++
include/openssl/conf.h | 10 ++++++++--
include/openssl/pem.h | 6 +++++-
include/openssl/srp.h | 2 ++
include/openssl/ssl.h | 2 --
include/openssl/ts.h | 24 ++++++++++++++++++------
include/openssl/x509_vfy.h | 3 ++-
include/openssl/x509v3.h | 3 ++-
ssl/ssl_cert.c | 5 +++--
ssl/ssl_conf.c | 6 ++++++
26 files changed, 93 insertions(+), 27 deletions(-)
diff --git a/Configure b/Configure
index 6cc05bd..6cc0e20 100755
--- a/Configure
+++ b/Configure
@@ -1088,7 +1088,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
- || defined($disabled{"dh"}))
+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
{
$disabled{"gost"} = "forced";
}
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 2f233a2..c9d3cea 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -92,6 +92,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
return 1;
}
+#ifndef OPENSSL_NO_STDIO
static int send_fp_chars(void *arg, const void *buf, int len)
{
if (!arg)
@@ -100,6 +101,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
return 0;
return 1;
}
+#endif
typedef int char_io (void *arg, const void *buf, int len);
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 098fc8e..d542962 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
static int def_load(CONF *conf, const char *name, long *line)
{
+#ifdef OPENSSL_NO_STDIO
+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+ return 0;
+#else
int ret;
BIO *in = NULL;
@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
BIO_free(in);
return ret;
+#endif
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 838a645..73b7e91 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
return 1;
}
+#ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
long *eline)
{
@@ -112,7 +113,6 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
return ltmp;
}
-#ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
long *eline)
{
@@ -255,6 +255,7 @@ void NCONF_free_data(CONF *conf)
conf->meth->destroy_data(conf);
}
+#ifndef OPENSSL_NO_STDIO
int NCONF_load(CONF *conf, const char *file, long *eline)
{
if (conf == NULL) {
@@ -265,7 +266,6 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
return conf->meth->load(conf, file, eline);
}
-#ifndef OPENSSL_NO_STDIO
int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
{
BIO *btmp;
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7fbb4ad..63070bc 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
}
+#ifndef OPENSSL_NO_STDIO
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags)
{
@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
return ret;
}
+#endif
static int module_run(const CONF *cnf, char *name, char *value,
unsigned long flags)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index e99a38e..b56662b 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
ENGINE_load_builtin_engines();
#endif
ERR_clear_error();
+#ifndef OPENSSL_NO_STDIO
CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
}
void OPENSSL_no_config()
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 6d050ff..075651a 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -133,6 +133,7 @@ unsigned int *OPENSSL_ia32cap_loc(void)
}
# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#include <stdio.h>
# define OPENSSL_CPUID_SETUP
typedef uint64_t IA32CAP;
void OPENSSL_cpuid_setup(void)
@@ -420,11 +421,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
#else
void OPENSSL_showfatal(const char *fmta, ...)
{
+#ifndef OPENSSL_NO_STDIO
va_list ap;
va_start(ap, fmta);
vfprintf(stderr, fmta, ap);
va_end(ap);
+#endif
}
int OPENSSL_isservice(void)
@@ -451,11 +454,6 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
#endif
}
-void *OPENSSL_stderr(void)
-{
- return stderr;
-}
-
int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
{
size_t i;
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index 01e275f..7633139 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -114,6 +114,10 @@
#include <openssl/ui.h>
#include <openssl/crypto.h>
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
int DES_read_password(DES_cblock *key, const char *prompt, int verify)
{
int ok;
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index eaf0618..2e7ed31 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -89,7 +89,9 @@
* this is no longer automatic in ENGINE_load_builtin_engines().
*/
#define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
#define TEST_ENG_OPENSSL_PKEY
+#endif
/* #define TEST_ENG_OPENSSL_HMAC */
/* #define TEST_ENG_OPENSSL_HMAC_INIT */
/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
diff --git a/crypto/include/internal/cryptlib.h b/crypto/include/internal/cryptlib.h
index fba180a..d7018b6 100644
--- a/crypto/include/internal/cryptlib.h
+++ b/crypto/include/internal/cryptlib.h
@@ -101,7 +101,6 @@ extern "C" {
void OPENSSL_cpuid_setup(void);
extern unsigned int OPENSSL_ia32cap_P[];
void OPENSSL_showfatal(const char *fmta, ...);
-void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
#ifdef __cplusplus
diff --git a/crypto/lock.c b/crypto/lock.c
index d7d672d..12e4323 100644
--- a/crypto/lock.c
+++ b/crypto/lock.c
@@ -309,8 +309,7 @@ void CRYPTO_destroy_dynlockid(int i)
--pointer->references;
#ifdef REF_CHECK
if (pointer->references < 0) {
- fprintf(stderr,
- "CRYPTO_destroy_dynlockid, bad reference count\n");
+ OPENSSL_showfatal("CRYPTO_destroy_dynlockid, bad reference count\n");
abort();
} else
#endif
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index ef5131f..e238b95 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -69,10 +69,12 @@
static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_STDIO
static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
-
+#endif
/*
* These functions write a private key in PKCS#8 format: it is a "drop in"
* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 39c89e8..226e5b5 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
}
+#ifndef OPENSSL_NO_STDIO
static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
const char *v)
{
@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
len = t_fromb64(tmp, s);
return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
}
+#endif
static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{
@@ -280,6 +282,7 @@ void SRP_VBASE_free(SRP_VBASE *vb)
OPENSSL_free(vb);
}
+#ifndef OPENSSL_NO_STDIO
static SRP_gN_cache *SRP_gN_new_init(const char *ch)
{
unsigned char tmp[MAX_LEN];
@@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
BN_free(gN_cache->bn);
OPENSSL_free(gN_cache);
}
+#endif
static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
{
@@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
return SRP_get_default_gN(id);
}
+#ifndef OPENSSL_NO_STDIO
static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
{
int i;
@@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
return error_code;
}
+#endif
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
{
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 27b3df2..cefd843 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -92,6 +92,7 @@
/* Function definitions for certificate and key loading. */
+#ifndef OPENSSL_NO_STDIO
X509 *TS_CONF_load_cert(const char *file)
{
BIO *cert = NULL;
@@ -149,6 +150,7 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
BIO_free(key);
return pkey;
}
+#endif /* !OPENSSL_NO_STDIO */
/* Function definitions for handling configuration options. */
@@ -239,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
#endif
+#ifndef OPENSSL_NO_STDIO
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx)
{
@@ -307,6 +310,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
EVP_PKEY_free(key_obj);
return ret;
}
+#endif /* !OPENSSL_NO_STDIO */
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx)
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index f65f80d..b18e2a2 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -56,6 +56,10 @@
#include <string.h>
#include "ui_locl.h"
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
int verify)
{
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index cc91db8..d46666f 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -69,6 +69,8 @@
# include <sys/stat.h>
#endif
+#ifndef OPENSSL_NO_STDIO
+
#include <openssl/lhash.h>
#include <openssl/x509.h>
@@ -435,3 +437,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
BUF_MEM_free(b);
return (ok);
}
+
+#endif /* OPENSSL_NO_STDIO */
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index ef105dc..7011e93 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -150,6 +150,7 @@ static int process_pci_value(CONF_VALUE *val,
goto err;
}
OPENSSL_free(tmp_data2);
+#ifndef OPENSSL_NO_STDIO
} else if (strncmp(val->value, "file:", 5) == 0) {
unsigned char buf[2048];
int n;
@@ -190,6 +191,7 @@ static int process_pci_value(CONF_VALUE *val,
X509V3_conf_err(val);
goto err;
}
+#endif /* !OPENSSL_NO_STDIO */
} else if (strncmp(val->value, "text:", 5) == 0) {
val_len = strlen(val->value + 5);
tmp_data = OPENSSL_realloc((*policy)->data,
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index 06c7601..37f8a00 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -118,9 +118,9 @@ typedef void conf_finish_func (CONF_IMODULE *md);
int CONF_set_default_method(CONF_METHOD *meth);
void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+# ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
long *eline);
-# ifndef OPENSSL_NO_STDIO
LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
long *eline);
# endif
@@ -133,7 +133,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
void OPENSSL_config(const char *config_name);
@@ -156,8 +158,8 @@ CONF_METHOD *NCONF_WIN32(void);
void NCONF_free(CONF *conf);
void NCONF_free_data(CONF *conf);
-int NCONF_load(CONF *conf, const char *file, long *eline);
# ifndef OPENSSL_NO_STDIO
+int NCONF_load(CONF *conf, const char *file, long *eline);
int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
# endif
int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
@@ -166,7 +168,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
long *result);
+#ifndef OPENSSL_NO_STDIO
int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
int NCONF_dump_bio(const CONF *conf, BIO *out);
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
@@ -175,8 +179,10 @@ int NCONF_dump_bio(const CONF *conf, BIO *out);
int CONF_modules_load(const CONF *cnf, const char *appname,
unsigned long flags);
+#ifndef OPENSSL_NO_STDIO
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
+#endif
void CONF_modules_unload(int all);
void CONF_modules_finish(void);
void CONF_modules_free(void);
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index a1e5166..f9e23d2 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -284,6 +284,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
# define DECLARE_PEM_read_fp(name, type) /**/
# define DECLARE_PEM_write_fp(name, type) /**/
+# define DECLARE_PEM_write_fp_const(name, type) /**/
# define DECLARE_PEM_write_cb_fp(name, type) /**/
# else
@@ -361,6 +362,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cd, void *u);
+#ifndef OPENSSL_NO_STDIO
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -372,6 +374,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
int klen, pem_password_cb *callback, void *u);
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
+#endif
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -437,6 +440,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
+#ifndef OPENSSL_NO_STDIO
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen,
pem_password_cb *cb, void *u);
@@ -453,7 +457,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
-
+#endif
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
index 3411fe5..c998bf3 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -118,7 +118,9 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
void SRP_VBASE_free(SRP_VBASE *vb);
+#ifndef OPENSSL_NO_STDIO
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+#endif
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c394191..7622b01 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1383,9 +1383,7 @@ __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length);
# ifndef OPENSSL_NO_STDIO
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-# endif /* NO_STDIO */
-# ifndef OPENSSL_NO_STDIO
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index b983abc..7fe6645 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -273,8 +273,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
TS_REQ *TS_REQ_dup(TS_REQ *a);
+#ifndef OPENSSL_NO_STDIO
TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
@@ -286,10 +288,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+#ifndef OPENSSL_NO_STDIO
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
TS_RESP *TS_RESP_new(void);
void TS_RESP_free(TS_RESP *a);
@@ -298,10 +302,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
TS_RESP *TS_RESP_dup(TS_RESP *a);
+#ifndef OPENSSL_NO_STDIO
TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
TS_STATUS_INFO *TS_STATUS_INFO_new(void);
void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@@ -317,10 +323,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
long length);
TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
+#ifndef OPENSSL_NO_STDIO
TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
TS_ACCURACY *TS_ACCURACY_new(void);
void TS_ACCURACY_free(TS_ACCURACY *a);
@@ -719,15 +727,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
* ts/ts_conf.c
*/
+#ifndef OPENSSL_NO_STDIO
X509 *TS_CONF_load_cert(const char *file);
STACK_OF(X509) *TS_CONF_load_certs(const char *file);
EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+#endif
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx);
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device);
int TS_CONF_set_default_engine(const char *name);
+#ifndef OPENSSL_NO_STDIO
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx);
int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
@@ -735,6 +746,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
int TS_CONF_set_signer_key(CONF *conf, const char *section,
const char *key, const char *pass,
TS_RESP_CTX *ctx);
+#endif
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx);
int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 8e0a225..266bb3f 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -459,9 +459,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
+#ifndef OPENSSL_NO_STDIO
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+#endif
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index a46ec5d..63c4b37 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -684,8 +684,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
+#ifndef OPENSSL_NO_STDIO
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
+#endif
int X509V3_extensions_print(BIO *out, char *title,
STACK_OF(X509_EXTENSION) *exts,
unsigned long flag, int indent);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5e9b8ff..e6f6d5a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -661,12 +661,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
return (add_client_CA(&(ctx->client_CA), x));
}
+#ifndef OPENSSL_NO_STDIO
+
static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
{
return (X509_NAME_cmp(*a, *b));
}
-#ifndef OPENSSL_NO_STDIO
/**
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
* it doesn't really have anything to do with clients (except that a common use
@@ -730,7 +731,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
ERR_clear_error();
return (ret);
}
-#endif
/**
* Add a file of certs to a stack.
@@ -846,6 +846,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
+#endif /* !OPENSSL_NO_STDIO */
/* Add a certificate to a BUF_MEM structure */
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 5c320cb..6e104a4 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -378,6 +378,7 @@ static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
}
+#ifndef OPENSSL_NO_STDIO
static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
@@ -506,6 +507,7 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}
#endif
+#endif /* !OPENSSL_NO_STDIO */
typedef struct {
int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
const char *str_file;
@@ -554,6 +556,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(Protocol, NULL, 0),
SSL_CONF_CMD_STRING(Options, NULL, 0),
SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+#ifndef OPENSSL_NO_STDIO
SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
@@ -580,6 +583,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE)
#endif
+#endif /* !OPENSSL_NO_STDIO */
};
/* Supported switches: must match order of switches in ssl_conf_cmds */
@@ -808,7 +812,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
* If missing private key try to load one from certificate file
*/
if (p && !c->pkeys[i].privatekey) {
+#ifndef OPENSSL_NO_STDIO
if (!cmd_PrivateKey(cctx, p))
+#endif
return 0;
}
}
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
