Implement support for no-ts

Reviewed-by: Rich Salz <rsalz@openssl.org>

apps/progs.pl

@@ -75,6 +75,8 @@ foreach (@ARGV) {
 		print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n";
 	} elsif (/^srp$/) {
 		print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n";
+	} elsif (/^ts$/) {
+		print "#ifndef OPENSSL_NO_TS\n${str}#endif\n";
 	} else {
 		print $str;
 	}

apps/ts.c

@@ -56,25 +56,28 @@
  *
  */
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/ts.h>
-#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_TS
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+# include <openssl/ts.h>
+# include <openssl/bn.h>
 
 /* Request nonce length, in bits (must be a multiple of 8). */
-#define NONCE_LENGTH            64
+# define NONCE_LENGTH            64
 
 /* Name of config entry that defines the OID file. */
-#define ENV_OID_FILE            "oid_file"
+# define ENV_OID_FILE            "oid_file"
 
 /* Is |EXACTLY_ONE| of three pointers set? */
-#define EXACTLY_ONE(a, b, c) \
+# define EXACTLY_ONE(a, b, c) \
         (( a && !b && !c) || \
          ( b && !a && !c) || \
          ( c && !a && !b))
@@ -159,9 +162,9 @@ OPTIONS ts_options[] = {
     {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
     {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
     {"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
+# endif
     {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
     OPT_V_OPTIONS,
     {OPT_HELP_STR, 1, '-', "\n"},
@@ -182,11 +185,11 @@ static char* opt_helplist[] = {
     "          [-signer tsa_cert.pem] [-inkey private_key.pem]",
     "          [-chain certs_file.pem] [-tspolicy oid]",
     "          [-in file] [-token_in] [-out file] [-token_out]",
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     "          [-text]",
-#else
+# else
     "          [-text] [-engine id]",
-#endif
+# endif
     "  or",
     "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
     "           [-data file] [-digest hexstring]",
@@ -735,10 +738,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
         goto end;
     if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
         goto end;
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
     if (!TS_CONF_set_crypto_device(conf, section, engine))
         goto end;
-#endif
+# endif
     if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
         goto end;
     if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
@@ -1026,3 +1029,4 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
 {
     return ok;
 }
+#endif

crypto/err/err_all.c

@@ -142,7 +142,9 @@ void err_load_crypto_strings_intern(void)
     ERR_load_PKCS12_strings();
     ERR_load_RAND_strings();
     ERR_load_DSO_strings();
+# ifndef OPENSSL_NO_TS
     ERR_load_TS_strings();
+# endif
 # ifndef OPENSSL_NO_ENGINE
     ERR_load_ENGINE_strings();
 # endif

include/openssl/ts.h

@@ -60,6 +60,7 @@
 # define HEADER_TS_H
 
 # include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_TS
 # include <openssl/symhacks.h>
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
@@ -700,3 +701,4 @@ void ERR_load_TS_strings(void);
 }
 #endif
 #endif
+#endif

util/mkdef.pl

@@ -117,6 +117,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 		 	 "UNIT_TEST",
 			 # User Interface
 			 "UI",
+			 #
+			 "TS",
 			 # OCB mode
 			 "OCB",
                          # APPLINK (win build feature?)