On Wed, 30 Jun 1999, Ulf [iso-8859-1] Möller wrote:
> > - US Export control issues. We only need DSA, SHA1, MD5, and randomness
> > (and possibly RSA when the patent expires). Since BIND must be
> > exportable, it would be nice to be able to strip out the code for unneeded
> > algorithms before running config, so that we can distribute a subset in the
> > BIND distribution.
>
> As mentioned in INSTALL, this requires that you run "make depend".
> The makedepend binary comes with Linux, for example. (In the current
> development version, config checks for missing ciphers. In 0.9.3a you
> still need to give the corresponding no-xxx options manually.)
In the current snapshot (openssl-SNAP-19990629), I did:
rm -rf bf cast des dh idea md2 mdc2 rc2 rc4 rc5 ripemd rsa
from the crypto directory. config enters an infinite loop:
make[3]: Leaving directory `/usr/home/bwelling/openssl-SNAP-19990629/crypto/hmac'
/bin/sh: ripemd: No such file or directory
making links in crypto/ripemd...
make[3]: Entering directory `/usr/home/bwelling/openssl-SNAP-19990629/crypto'
> > - Cipher disables. Many of the ciphers can be disabled by config
> > options. Some of these don't work (no-hmac dies with an #error,
> > no-ripemd has no effect).
>
> Fixed. Thanks for pointing it out.
>
> I have verified that you can now build libcrypto (except for the PRNG)
> with no ciphers at all :-) and ssl/ and apps/ with just rsa, des, md5,
> sha and hmac.
Thanks. The compile's dying in crypto/evp for me, though.
gcc -I.. -I../../include -DTHREADS -D_REENTRANT -DNO_BF -DNO_CAST -DNO_DES
-DNO_DH -DNO_IDEA -DNO_MD2 -DNO_MDC2 -DNO_RC2 -DNO_RC4 -DNO_RC5
-DNO_RIPEMD -DNO_RSA -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486
-Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c m_ripemd.c -o m_ripemd.o
m_ripemd.c:69: `RIPEMD160_DIGEST_LENGTH' undeclared here (not in a function)
m_ripemd.c:69: initializer element for `ripemd160_md.md_size' is not constant
m_ripemd.c:70: `RIPEMD160_Init' undeclared here (not in a function)
m_ripemd.c:70: initializer element for `ripemd160_md.init' is not constant
m_ripemd.c:71: `RIPEMD160_Update' undeclared here (not in a function)
m_ripemd.c:71: initializer element for `ripemd160_md.update' is not constant
m_ripemd.c:72: `RIPEMD160_Final' undeclared here (not in a function)
m_ripemd.c:72: initializer element for `ripemd160_md.final' is not constant
m_ripemd.c:74: `RIPEMD160_CBLOCK' undeclared here (not in a function)
m_ripemd.c:74: initializer element for `ripemd160_md.block_size' is not constant
m_ripemd.c:75: `RIPEMD160_CTX' undeclared here (not in a function)
> > - Other disables. Options such as no-asn1, no-pkcs7, no-pkcs12, no-x509
> > would be useful, as these would significantly shrink the size of libcrypto.a
> > as well as the source.
>
> That is a very useful suggestion. I'll look into it in a week or so.
Thanks again.
> > Disabling SSL would be nice also, but isn't as
> > important, since it's not linked into libcrypto.
>
> You can just ignore the ssl directory completely. If you run make in
> the crypto directory, SSL/TLS doesn't get compiled.
OK, that's good to know.
Brian
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
