make no-des and no-rc2 work.

Configure

@@ -378,6 +378,7 @@ foreach (@ARGV)
 		$depflags .= "-DNO_$algo ";
 		if ($algo eq "DES")
 			{
+			push @skip, "mdc2";
 			$options .= " no-mdc2";
 			$flags .= "-DNO_MDC2 ";
 			$depflags .= "-DNO_MDC2 ";

apps/smime.c

@@ -110,16 +110,20 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+#ifndef NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
+#endif
+#ifndef NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
 		else if (!strcmp (*args, "-rc2-128")) 
 				cipher = EVP_rc2_cbc();
 		else if (!strcmp (*args, "-rc2-64")) 
 				cipher = EVP_rc2_64_cbc();
+#endif
 		else if (!strcmp (*args, "-text")) 
 				flags |= PKCS7_TEXT;
 		else if (!strcmp (*args, "-nointern")) 
@@ -233,10 +237,15 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-sign          sign message\n");
 		BIO_printf (bio_err, "-verify        verify signed message\n");
 		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
+#ifndef NO_DES
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
-		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40\n");
+		BIO_printf (bio_err, "-des           encrypt with DES\n");
+#endif
+#ifndef NO_RC2
+		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
 		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+#endif
 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
 		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
@@ -271,7 +280,14 @@ int MAIN(int argc, char **argv)
 	}
 
 	if(operation == SMIME_ENCRYPT) {
-		if (!cipher) cipher = EVP_rc2_40_cbc();
+		if (!cipher) {
+#ifndef NO_RC2			
+			cipher = EVP_rc2_40_cbc();
+#else
+			BIO_printf(bio_err, "No cipher selected\n");
+			goto end;
+#endif
+		}
 		encerts = sk_X509_new_null();
 		while (*args) {
 			if(!(cert = load_cert(*args))) {

apps/speed.c

@@ -616,6 +616,7 @@ int MAIN(int argc, char **argv)
 	memset(rsa_c,0,sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
+#ifndef NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
@@ -707,10 +708,14 @@ int MAIN(int argc, char **argv)
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+#endif /* NO_DES */
+#else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
-#endif
+#endif /* SIGALRM */
 
 #ifndef NO_MD2
 	if (doit[D_MD2])

crypto/Makefile.ssl

@@ -58,7 +58,8 @@ buildinf.h: ../Makefile.ssl
 	echo "#endif" ) >buildinf.h
 
 testapps:
-	cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des
+	if echo ${SDIRS} | fgrep ' des '; \
+	then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
 	cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
 
 subdirs:

crypto/evp/evp_key.c

@@ -81,15 +81,18 @@ char *EVP_get_pw_prompt(void)
 		return(prompt_string);
 	}
 
-#ifdef NO_DES
-int des_read_pw_string(char *buf,int len,const char *prompt,int verify);
-#endif
-
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 	{
+#ifndef NO_DES
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt=prompt_string;
 	return(des_read_pw_string(buf,len,prompt,verify));
+#else
+	return -1;
+#endif
 	}
 
 int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,

crypto/pkcs7/enc.c

@@ -127,7 +127,14 @@ char *argv[];
 #else
 	PKCS7_set_type(p7,NID_pkcs7_enveloped);
 #endif
-	if(!cipher) cipher = EVP_des_ede3_cbc();
+	if(!cipher)	{
+#ifndef NO_DES
+		cipher = EVP_des_ede3_cbc();
+#else
+		fprintf(stderr, "No cipher selected\n");
+		goto err;
+#endif
+	}
 
 	if (!PKCS7_set_cipher(p7,cipher)) goto err;
 	for(i = 0; i < sk_X509_num(recips); i++) {

crypto/pkcs7/pk7_doit.c

@@ -264,7 +264,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
 	X509_ALGOR *xalg=NULL;
 	PKCS7_RECIP_INFO *ri=NULL;
+#ifndef NO_RC2
 	char is_rc2 = 0;
+#endif
 /*	EVP_PKEY *pkey; */
 #if 0
 	X509_STORE_CTX s_ctx;
@@ -309,7 +311,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 	        goto err;
 		}
 
-	if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc) is_rc2 = 1; 
+	if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc)
+		{
+#ifndef NO_RC2		
+		is_rc2 = 1; 
+#else
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+		goto err;
+#endif
+		}
 
 	/* We will be checking the signature */
 	if (md_sk != NULL)
@@ -409,14 +419,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 			 * because we currently can't do this with the EVP
 			 * interface.
 			 */
+#ifndef NO_RC2		
 			if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp,
 					EVP_CIPHER_CTX_key_length(evp_ctx)*8);
-			else {
-
+			else
+#endif
+				{
 				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
 					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
 				goto err;
-			}
+				}
 		} else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
 
 		memset(tmp,0,jj);

crypto/pkcs7/sign.c

@@ -76,10 +76,18 @@ char *argv[];
 	int i;
 	int nodetach=0;
 
+#ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
+#endif
+#ifndef NO_SHA1
 	EVP_add_digest(EVP_sha1());
+#endif
+#ifndef NO_MDC2
 	EVP_add_digest(EVP_mdc2());
+#endif
 
 	data=BIO_new(BIO_s_file());
 again:

crypto/pkcs7/verify.c

@@ -85,10 +85,18 @@ char *argv[];
 
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
+#endif
+#ifndef NO_SHA1
 	EVP_add_digest(EVP_sha1());
+#endif
+#ifndef NO_MDC2
 	EVP_add_digest(EVP_mdc2());
+#endif
 
 	data=BIO_new(BIO_s_file());