make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
diff --git a/apps/apps.c b/apps/apps.c
index 248c65a..613c3ba 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -125,7 +125,9 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
#include <openssl/bn.h>
#define NON_MAIN
diff --git a/apps/dh.c b/apps/dh.c
index cd01fed..c4d891e 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -57,6 +57,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
diff --git a/apps/dhparam.c b/apps/dhparam.c
index e3cabcf..04bd57c 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -109,6 +109,7 @@
*
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
diff --git a/apps/dsa.c b/apps/dsa.c
index b6f0ed3..a5ec5d7 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <stdlib.h>
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 14e79f9..c301e81 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
diff --git a/apps/gendh.c b/apps/gendh.c
index 69baa50..4749786 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,6 +57,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 6d2ed06..828e27f 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <string.h>
diff --git a/apps/genrsa.c b/apps/genrsa.c
index f0bb30c..4f62cfd 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
diff --git a/apps/prime.c b/apps/prime.c
index 36bbe08..af2fed1 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -115,7 +115,7 @@
BN_print(bio_out,bn);
BIO_printf(bio_out," is %sprime\n",
- BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
+ BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
BN_free(bn);
BIO_free_all(bio_out);
diff --git a/apps/req.c b/apps/req.c
index 511be7d..f58e65e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -79,6 +79,13 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
#define SECTION "req"
@@ -724,7 +731,9 @@
if (newreq && (pkey == NULL))
{
+#ifndef OPENSSL_NO_RSA
BN_GENCB cb;
+#endif
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
diff --git a/apps/rsa.c b/apps/rsa.c
index ee65720..d5cb7b7 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <stdlib.h>
diff --git a/apps/rsautl.c b/apps/rsautl.c
index a629ff5..4638909 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -56,6 +56,7 @@
*
*/
+#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include "apps.h"
diff --git a/apps/s_server.c b/apps/s_server.c
index afc27e1..f83dd82 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -153,6 +153,12 @@
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
#include "s_apps.h"
#include "timeouts.h"
@@ -530,7 +536,9 @@
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
char *named_curve = NULL;
+#endif
int badop=0,bugs=0;
int ret=1;
int off=0;
diff --git a/apps/speed.c b/apps/speed.c
index 8f2aac5..474f20c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -286,9 +286,17 @@
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
static double rsa_results[RSA_NUM][2];
static double dsa_results[DSA_NUM][2];
+#ifndef OPENSSL_NO_ECDSA
static double ecdsa_results[EC_NUM][2];
+#endif
+#ifndef OPENSSL_NO_ECDH
static double ecdh_results[EC_NUM][1];
+#endif
+#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+#endif
#ifdef SIGALRM
#if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -448,6 +456,7 @@
#endif /* if defined(OPENSSL_SYS_NETWARE) */
+#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
{
@@ -459,8 +468,9 @@
return SHA1(in, inlen, out);
#else
return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
}
+#endif /* OPENSSL_NO_ECDH */
int MAIN(int, char **);
@@ -695,8 +705,12 @@
int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
+#ifndef OPENSSL_NO_ECDSA
int ecdsa_doit[EC_NUM];
+#endif
+#ifndef OPENSSL_NO_ECDH
int ecdh_doit[EC_NUM];
+#endif
int doit[ALGOR_NUM];
int pr_header=0;
const EVP_CIPHER *evp_cipher=NULL;
diff --git a/apps/x509.c b/apps/x509.c
index 393d0d1..5f61eb5 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,8 +73,12 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#undef PROG
#define PROG x509_main
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index 7dd4ae3..939979f 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -81,8 +81,10 @@
static int print(BIO *fp,const char *str, const BIGNUM *num,
unsigned char *buf,int off);
+#ifndef OPENSSL_NO_EC
static int print_bin(BIO *fp, const char *str, const unsigned char *num,
size_t len, int off);
+#endif
#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_FP_API
int RSA_print_fp(FILE *fp, const RSA *x, int off)
@@ -601,6 +603,7 @@
return(1);
}
+#ifndef OPENSSL_NO_EC
static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
size_t len, int off)
{
@@ -638,6 +641,7 @@
return 1;
}
+#endif
#ifndef OPENSSL_NO_DH
#ifndef OPENSSL_NO_FP_API
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 204ca10..c779a9b 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -63,8 +63,12 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#ifndef OPENSSL_NO_FP_API
int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index 23ab3b9..c2a5797 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -60,8 +60,12 @@
#include "cryptlib.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/bn.h>
/* Print out an SPKI */
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 50faa4a..91c2756 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -60,8 +60,12 @@
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
/* Minor tweak to operation: free up EVP_PKEY */
static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 3a78082..b982579 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -66,7 +66,9 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 66ff417..912317b 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -74,6 +74,7 @@
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#include <openssl/bn.h>
#ifdef OPENSSL_NO_DSA
int main(int argc, char *argv[])
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index c0414b9..01baa5f 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -73,10 +73,10 @@
#include "../e_os.h"
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
-#include <openssl/ec.h>
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -89,6 +89,7 @@
return(0);
}
#else
+#include <openssl/ec.h>
#include <openssl/ecdh.h>
#ifdef OPENSSL_SYS_WIN16
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index a481575..f7fba3b 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -69,12 +69,6 @@
*
*/
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -92,6 +86,7 @@
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
+#include <openssl/bn.h>
#include <openssl/ecdsa.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
index 7684406..13f211a 100644
--- a/crypto/engine/Makefile
+++ b/crypto/engine/Makefile
@@ -185,7 +185,8 @@
eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
eng_padlock.o: ../../include/openssl/opensslconf.h
eng_padlock.o: ../../include/openssl/opensslv.h
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index dd16d3b..5341daa 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -70,9 +70,15 @@
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
/* This testing gunk is implemented (and explained) lower down. It also assumes
* the application explicitly calls "ENGINE_load_openssl()" because this is no
diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c
index cc9f9dc..4e1eae3 100644
--- a/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c
@@ -75,6 +75,7 @@
#include <openssl/aes.h>
#endif
#include <openssl/rand.h>
+#include <openssl/err.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_PADLOCK
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 4ce8f4c..c94fb28 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -100,23 +100,6 @@
extern "C" {
#endif
-/* Fixups for missing algorithms */
-#ifdef OPENSSL_NO_RSA
-typedef void RSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DSA
-typedef void DSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DH
-typedef void DH_METHOD;
-#endif
-#ifdef OPENSSL_NO_ECDH
-typedef void ECDH_METHOD;
-#endif
-#ifdef OPENSSL_NO_ECDSA
-typedef void ECDSA_METHOD;
-#endif
-
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index b71555e..0147f3e 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -61,8 +61,12 @@
#include "cryptlib.h"
#include <openssl/x509.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_DSA
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 020f19c..a948c77 100644
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -61,9 +61,12 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#ifndef OPENSSL_NO_SHA
+
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index a20056f..c12e139 100644
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -64,7 +64,9 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
index 1eae4ed..5ce849f 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -65,7 +65,9 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/md2.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return MD2_Init(ctx->md_data); }
diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
index 0fb84b6..1e0b7c5 100644
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -65,7 +65,9 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/md4.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return MD4_Init(ctx->md_data); }
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index 21288ee..63c1421 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -65,7 +65,9 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return MD5_Init(ctx->md_data); }
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index 087ad2d..a1d60ee 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -65,7 +65,9 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return RIPEMD160_Init(ctx->md_data); }
diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
index e995c12..acccc8f 100644
--- a/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
@@ -64,7 +64,9 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return SHA_Init(ctx->md_data); }
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index daf6db6..4679b1c 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -64,7 +64,9 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 04b57e8..22155ec 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -64,9 +64,15 @@
#include <openssl/evp.h>
#include <openssl/asn1_mac.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
static void EVP_PKEY_free_it(EVP_PKEY *x);
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index a9ac52d..66cbc7e 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -117,9 +117,15 @@
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#ifndef OPENSSL_NO_RSA
static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 489e71a..1644dfc 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -63,8 +63,12 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#ifndef OPENSSL_NO_FP_API
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index 0458093..4e554e5 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include "cryptlib.h"
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 84ec5d5..9039caa 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -64,8 +64,12 @@
#include <openssl/asn1.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
int X509_verify(X509 *a, EVP_PKEY *r)
{
diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c
index 7d850a8..0f1dae7 100644
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@@ -61,7 +61,9 @@
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -109,8 +111,10 @@
static int cca_get_random_bytes(unsigned char*, int );
static int cca_random_status(void);
+#ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int idx,long argl, void *argp);
+#endif
/* Function pointers for CCA verbs */
/*---------------------------------*/
@@ -154,7 +158,9 @@
#endif
static const char* n_randomNumberGenerate = CSNBRNG;
+#ifndef OPENSSL_NO_RSA
static int hndidx = -1;
+#endif
static DSO *dso = NULL;
/* openssl engine initialization structures */
@@ -221,8 +227,10 @@
!ENGINE_set_init_function(e, ibm_4758_cca_init) ||
!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+#endif
!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
return 0;
/* Ensure the error handling is set up */
@@ -304,8 +312,10 @@
}
#endif
+#ifndef OPENSSL_NO_RSA
hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
NULL, NULL, cca_ex_free);
+#endif
return 1;
err:
@@ -313,13 +323,15 @@
DSO_free(dso);
dso = NULL;
+#ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD)0;
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT)0;
pkaDecrypt = (F_PKADECRYPT)0;
+#endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
return 0;
}
@@ -339,6 +351,7 @@
return 0;
}
dso = NULL;
+#ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD)0;
randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
@@ -346,6 +359,8 @@
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT)0;
pkaDecrypt = (F_PKADECRYPT)0;
+#endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
return 1;
}
@@ -951,12 +966,14 @@
return 1;
}
+#ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
long argl, void *argp)
{
if (item)
OPENSSL_free(item);
}
+#endif
/* Goo to handle building as a dynamic engine */
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
diff --git a/engines/e_aep.c b/engines/e_aep.c
index c175a18..7307ddf 100644
--- a/engines/e_aep.c
+++ b/engines/e_aep.c
@@ -69,9 +69,15 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/buffer.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -98,12 +104,14 @@
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
/* BIGNUM stuff */
+#ifndef OPENSSL_NO_RSA
static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
+#endif
/* RSA stuff */
#ifndef OPENSSL_NO_RSA
@@ -111,8 +119,10 @@
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
+#ifndef OPENSSL_NO_RSA
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
/* DSA stuff */
#ifndef OPENSSL_NO_DSA
@@ -630,6 +640,7 @@
return to_return;
}
+#ifndef OPENSSL_NO_RSA
static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
@@ -666,6 +677,7 @@
err:
return rv;
}
+#endif
#ifdef AEPRAND
@@ -821,12 +833,14 @@
}
#endif
+#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return aep_mod_exp(r, a, p, m, ctx);
}
+#endif
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
diff --git a/engines/e_atalla.c b/engines/e_atalla.c
index 8e11048..fabaa86 100644
--- a/engines/e_atalla.c
+++ b/engines/e_atalla.c
@@ -62,9 +62,15 @@
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -91,10 +97,10 @@
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
#ifndef OPENSSL_NO_DSA
/* DSA stuff */
@@ -563,12 +569,14 @@
}
#endif
+#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
+#endif
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 4c22bc9..3d75681 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -65,8 +65,12 @@
#include <openssl/engine.h>
#include <openssl/ui.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -108,9 +112,11 @@
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
#endif
+#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
#ifndef OPENSSL_NO_DH
/* DH stuff */
@@ -129,8 +135,10 @@
UI_METHOD *ui_method, void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
+#ifndef OPENSSL_NO_RSA
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int ind,long argl, void *argp);
+#endif
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
@@ -762,8 +770,8 @@
#if !defined(OPENSSL_NO_RSA)
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
-#endif
HWCryptoHook_PassphraseContext ppctx;
+#endif
#if !defined(OPENSSL_NO_RSA)
rmsg.buf = tempbuf;
@@ -1071,12 +1079,14 @@
}
#endif
+#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return hwcrhk_mod_exp(r, a, p, m, ctx);
}
+#endif
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
@@ -1135,7 +1145,7 @@
}
/* This cleans up an RSA KM key, called when ex_data is freed */
-
+#ifndef OPENSSL_NO_RSA
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int ind,long argl, void *argp)
{
@@ -1160,6 +1170,7 @@
}
#endif
}
+#endif
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
diff --git a/engines/e_cswift.c b/engines/e_cswift.c
index 56a1967..2017e48 100644
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@@ -62,9 +62,15 @@
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/rand.h>
#include <openssl/bn.h>
@@ -98,22 +104,26 @@
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+#ifndef OPENSSL_NO_RSA
static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
+#endif
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
+#endif
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
#ifndef OPENSSL_NO_DSA
/* DSA stuff */
@@ -570,6 +580,7 @@
}
+#ifndef OPENSSL_NO_RSA
int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
{
int mod;
@@ -591,7 +602,9 @@
return 1;
}
+#endif
+#ifndef OPENSSL_NO_RSA
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
@@ -723,6 +736,7 @@
release_context(hac);
return to_return;
}
+#endif
#ifndef OPENSSL_NO_RSA
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
@@ -760,7 +774,6 @@
err:
return to_return;
}
-#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -788,6 +801,7 @@
return cswift_mod_exp(r, a, p, m, ctx);
}
+#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
diff --git a/engines/e_nuron.c b/engines/e_nuron.c
index f6875d1..4c2537c 100644
--- a/engines/e_nuron.c
+++ b/engines/e_nuron.c
@@ -62,9 +62,15 @@
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -242,11 +248,13 @@
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
+#ifndef OPENSSL_NO_RSA
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
+#endif
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 66ffaf2..424b82f 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -57,9 +57,15 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
@@ -82,10 +88,12 @@
const BIGNUM *m, BN_CTX *ctx);
/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
RSA *rsa,int padding);
static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
RSA *rsa,int padding);
+#endif
/* RAND stuff */
static int surewarehk_rand_bytes(unsigned char *buf, int num);
diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c
index f0e4f73..8b6c98b 100644
--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@@ -64,9 +64,15 @@
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
diff --git a/ssl/Makefile b/ssl/Makefile
index 49b7ca4..f4a34a5 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -142,8 +142,9 @@
d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
@@ -239,8 +240,9 @@
d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c
d1_pkt.o: ssl_locl.h
d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index bcf5ebb..c0247fa 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -120,6 +120,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
static SSL_METHOD *dtls1_get_client_method(int ver);
static int dtls1_get_hello_verify(SSL *s);
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 6d07dd4..2d41b38 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,6 +121,10 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
static SSL_METHOD *dtls1_get_server_method(int ver);
static int dtls1_send_hello_verify_request(SSL *s);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d4f7cec..4f67cda 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -130,7 +130,9 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
static SSL_METHOD *ssl3_get_client_method(int ver);
@@ -1608,6 +1610,7 @@
}
+#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
{
@@ -1619,8 +1622,9 @@
return SHA1(in, inlen, out);
#else
return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
}
+#endif /* OPENSSL_NO_ECDH */
int ssl3_send_client_key_exchange(SSL *s)
{
@@ -2132,7 +2136,7 @@
unsigned u=0;
#endif
unsigned long n;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
int j;
#endif
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3f2c004..d9d6ddb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -127,7 +127,9 @@
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4b1931a..cd10334 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -133,7 +133,9 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_KRB5
#include <openssl/krb5_asn.h>
@@ -1642,6 +1644,7 @@
}
+#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
{
@@ -1653,8 +1656,9 @@
return SHA1(in, inlen, out);
#else
return NULL;
-#endif
+#endif /* OPENSSL_NO_SHA */
}
+#endif /* OPENSSL_NO_ECDH */
int ssl3_get_client_key_exchange(SSL *s)
{
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0c9bd07..997528e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -121,7 +121,9 @@
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#include "ssl_locl.h"
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 383ba33..f8c8e1d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -125,7 +125,9 @@
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
@@ -1551,7 +1553,10 @@
int rsa_enc_export,dh_rsa_export,dh_dsa_export;
int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask,emask;
- int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+ int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+ int have_ecdh_tmp;
+#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8cbe26c..f61b1cd 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -127,8 +127,12 @@
#include <openssl/comp.h>
#include <openssl/bio.h>
#include <openssl/stack.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/symhacks.h>
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index ef09a69..6949f96 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -143,9 +143,15 @@
#endif
#include <openssl/err.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
@@ -390,7 +396,9 @@
char *server_key=NULL;
char *client_cert=TEST_CLIENT_CERT;
char *client_key=NULL;
+#ifndef OPENSSL_NO_ECDH
char *named_curve = NULL;
+#endif
SSL_CTX *s_ctx=NULL;
SSL_CTX *c_ctx=NULL;
SSL_METHOD *meth=NULL;
diff --git a/test/Makefile b/test/Makefile
index 09f3787..756f59d 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -471,21 +471,16 @@
ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c
ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h
-ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c
+ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecdsatest.o: ecdsatest.c
ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
diff --git a/test/treq b/test/treq
index 2f20e64..77f37dc 100644
--- a/test/treq
+++ b/test/treq
@@ -8,7 +8,7 @@
t=testreq.pem
fi
-if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
echo "skipping req conversion test for $t"
exit 0
fi
