$depflags .= "-DNO_$algo ";
if ($algo eq "DES")
{
+ push @skip, "mdc2";
$options .= " no-mdc2";
$flags .= "-DNO_MDC2 ";
$depflags .= "-DNO_MDC2 ";
else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+#ifndef NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
+#endif
+#ifndef NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
else if (!strcmp (*args, "-rc2-128"))
cipher = EVP_rc2_cbc();
else if (!strcmp (*args, "-rc2-64"))
cipher = EVP_rc2_64_cbc();
+#endif
else if (!strcmp (*args, "-text"))
flags |= PKCS7_TEXT;
else if (!strcmp (*args, "-nointern"))
BIO_printf (bio_err, "-sign sign message\n");
BIO_printf (bio_err, "-verify verify signed message\n");
BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+#ifndef NO_DES
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
}
if(operation == SMIME_ENCRYPT) {
- if (!cipher) cipher = EVP_rc2_40_cbc();
+ if (!cipher) {
+#ifndef NO_RC2
+ cipher = EVP_rc2_40_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
encerts = sk_X509_new_null();
while (*args) {
if(!(cert = load_cert(*args))) {
memset(rsa_c,0,sizeof(rsa_c));
#endif
#ifndef SIGALRM
+#ifndef NO_DES
BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
count=10;
do {
#define COND(d) (count < (d))
#define COUNT(d) (d)
#else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+#endif /* NO_DES */
+#else
#define COND(c) (run)
#define COUNT(d) (count)
signal(SIGALRM,sig_done);
-#endif
+#endif /* SIGALRM */
#ifndef NO_MD2
if (doit[D_MD2])
echo "#endif" ) >buildinf.h
testapps:
- cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des
+ if echo ${SDIRS} | fgrep ' des '; \
+ then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
subdirs:
return(prompt_string);
}
-#ifdef NO_DES
-int des_read_pw_string(char *buf,int len,const char *prompt,int verify);
-#endif
-
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
{
+#ifndef NO_DES
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
return(des_read_pw_string(buf,len,prompt,verify));
+#else
+ return -1;
+#endif
}
int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
#else
PKCS7_set_type(p7,NID_pkcs7_enveloped);
#endif
- if(!cipher) cipher = EVP_des_ede3_cbc();
+ if(!cipher) {
+#ifndef NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ fprintf(stderr, "No cipher selected\n");
+ goto err;
+#endif
+ }
if (!PKCS7_set_cipher(p7,cipher)) goto err;
for(i = 0; i < sk_X509_num(recips); i++) {
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
X509_ALGOR *xalg=NULL;
PKCS7_RECIP_INFO *ri=NULL;
+#ifndef NO_RC2
char is_rc2 = 0;
+#endif
/* EVP_PKEY *pkey; */
#if 0
X509_STORE_CTX s_ctx;
goto err;
}
- if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc) is_rc2 = 1;
+ if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc)
+ {
+#ifndef NO_RC2
+ is_rc2 = 1;
+#else
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+ goto err;
+#endif
+ }
/* We will be checking the signature */
if (md_sk != NULL)
* because we currently can't do this with the EVP
* interface.
*/
+#ifndef NO_RC2
if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp,
EVP_CIPHER_CTX_key_length(evp_ctx)*8);
- else {
-
+ else
+#endif
+ {
PKCS7err(PKCS7_F_PKCS7_DATADECODE,
PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
goto err;
- }
+ }
} else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
memset(tmp,0,jj);
int i;
int nodetach=0;
+#ifndef NO_MD2
EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
EVP_add_digest(EVP_md5());
+#endif
+#ifndef NO_SHA1
EVP_add_digest(EVP_sha1());
+#endif
+#ifndef NO_MDC2
EVP_add_digest(EVP_mdc2());
+#endif
data=BIO_new(BIO_s_file());
again:
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifndef NO_MD2
EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
EVP_add_digest(EVP_md5());
+#endif
+#ifndef NO_SHA1
EVP_add_digest(EVP_sha1());
+#endif
+#ifndef NO_MDC2
EVP_add_digest(EVP_mdc2());
+#endif
data=BIO_new(BIO_s_file());