From: Bodo Möller Date: Fri, 7 Jan 2000 12:15:54 +0000 (+0000) Subject: make no-des and no-rc2 work. X-Git-Tag: OpenSSL_0_9_5beta1~319 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=63da21c01ba1b4fa4bd5adb8b3b36567025b8e15 make no-des and no-rc2 work. --- diff --git a/Configure b/Configure index af14a59778..0c3b1dd3b6 100755 --- a/Configure +++ b/Configure @@ -378,6 +378,7 @@ foreach (@ARGV) $depflags .= "-DNO_$algo "; if ($algo eq "DES") { + push @skip, "mdc2"; $options .= " no-mdc2"; $flags .= "-DNO_MDC2 "; $depflags .= "-DNO_MDC2 "; diff --git a/apps/smime.c b/apps/smime.c index 6c15dcfb6e..d5461f1a48 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -110,16 +110,20 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; +#ifndef NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); else if (!strcmp (*args, "-des")) cipher = EVP_des_cbc(); +#endif +#ifndef NO_RC2 else if (!strcmp (*args, "-rc2-40")) cipher = EVP_rc2_40_cbc(); else if (!strcmp (*args, "-rc2-128")) cipher = EVP_rc2_cbc(); else if (!strcmp (*args, "-rc2-64")) cipher = EVP_rc2_64_cbc(); +#endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; else if (!strcmp (*args, "-nointern")) @@ -233,10 +237,15 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-sign sign message\n"); BIO_printf (bio_err, "-verify verify signed message\n"); BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); +#ifndef NO_DES BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); - BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40\n"); + BIO_printf (bio_err, "-des encrypt with DES\n"); +#endif +#ifndef NO_RC2 + BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); +#endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); @@ -271,7 +280,14 @@ int MAIN(int argc, char **argv) } if(operation == SMIME_ENCRYPT) { - if (!cipher) cipher = EVP_rc2_40_cbc(); + if (!cipher) { +#ifndef NO_RC2 + cipher = EVP_rc2_40_cbc(); +#else + BIO_printf(bio_err, "No cipher selected\n"); + goto end; +#endif + } encerts = sk_X509_new_null(); while (*args) { if(!(cert = load_cert(*args))) { diff --git a/apps/speed.c b/apps/speed.c index caf47e2277..b96733346b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -616,6 +616,7 @@ int MAIN(int argc, char **argv) memset(rsa_c,0,sizeof(rsa_c)); #endif #ifndef SIGALRM +#ifndef NO_DES BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); count=10; do { @@ -707,10 +708,14 @@ int MAIN(int argc, char **argv) #define COND(d) (count < (d)) #define COUNT(d) (d) #else +/* not worth fixing */ +# error "You cannot disable DES on systems without SIGALRM." +#endif /* NO_DES */ +#else #define COND(c) (run) #define COUNT(d) (count) signal(SIGALRM,sig_done); -#endif +#endif /* SIGALRM */ #ifndef NO_MD2 if (doit[D_MD2]) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index d450ab77c3..ae4c45ee0c 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -58,7 +58,8 @@ buildinf.h: ../Makefile.ssl echo "#endif" ) >buildinf.h testapps: - cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des + if echo ${SDIRS} | fgrep ' des '; \ + then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps subdirs: diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 21eda418bc..667c21cca8 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -81,15 +81,18 @@ char *EVP_get_pw_prompt(void) return(prompt_string); } -#ifdef NO_DES -int des_read_pw_string(char *buf,int len,const char *prompt,int verify); -#endif - +/* For historical reasons, the standard function for reading passwords is + * in the DES library -- if someone ever wants to disable DES, + * this function will fail */ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) { +#ifndef NO_DES if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; return(des_read_pw_string(buf,len,prompt,verify)); +#else + return -1; +#endif } int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, diff --git a/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c index 66a300aee7..31845fc5e4 100644 --- a/crypto/pkcs7/enc.c +++ b/crypto/pkcs7/enc.c @@ -127,7 +127,14 @@ char *argv[]; #else PKCS7_set_type(p7,NID_pkcs7_enveloped); #endif - if(!cipher) cipher = EVP_des_ede3_cbc(); + if(!cipher) { +#ifndef NO_DES + cipher = EVP_des_ede3_cbc(); +#else + fprintf(stderr, "No cipher selected\n"); + goto err; +#endif + } if (!PKCS7_set_cipher(p7,cipher)) goto err; for(i = 0; i < sk_X509_num(recips); i++) { diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index acc9cc4a47..fa0159ee1d 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -264,7 +264,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; +#ifndef NO_RC2 char is_rc2 = 0; +#endif /* EVP_PKEY *pkey; */ #if 0 X509_STORE_CTX s_ctx; @@ -309,7 +311,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } - if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc) is_rc2 = 1; + if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc) + { +#ifndef NO_RC2 + is_rc2 = 1; +#else + PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + goto err; +#endif + } /* We will be checking the signature */ if (md_sk != NULL) @@ -409,14 +419,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * because we currently can't do this with the EVP * interface. */ +#ifndef NO_RC2 if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp, EVP_CIPHER_CTX_key_length(evp_ctx)*8); - else { - + else +#endif + { PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); goto err; - } + } } else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); memset(tmp,0,jj); diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c index 367c00e0fa..22290e192c 100644 --- a/crypto/pkcs7/sign.c +++ b/crypto/pkcs7/sign.c @@ -76,10 +76,18 @@ char *argv[]; int i; int nodetach=0; +#ifndef NO_MD2 EVP_add_digest(EVP_md2()); +#endif +#ifndef NO_MD5 EVP_add_digest(EVP_md5()); +#endif +#ifndef NO_SHA1 EVP_add_digest(EVP_sha1()); +#endif +#ifndef NO_MDC2 EVP_add_digest(EVP_mdc2()); +#endif data=BIO_new(BIO_s_file()); again: diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c index 8ae903cc8a..49fc8d8bed 100644 --- a/crypto/pkcs7/verify.c +++ b/crypto/pkcs7/verify.c @@ -85,10 +85,18 @@ char *argv[]; bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); +#ifndef NO_MD2 EVP_add_digest(EVP_md2()); +#endif +#ifndef NO_MD5 EVP_add_digest(EVP_md5()); +#endif +#ifndef NO_SHA1 EVP_add_digest(EVP_sha1()); +#endif +#ifndef NO_MDC2 EVP_add_digest(EVP_mdc2()); +#endif data=BIO_new(BIO_s_file());