I have been building latest openssl1.0.1c without AES. This has been fine for libcrypto, and for the application using it. However, if I build libssl the same way I get errors linking it into an application because there are unguarded calls to AES functions that I do not build in libcrypto. These are in a couple of places, e.g dtls1_send_newsession_ticket() in d1_srvr.c.
Since that function is guarded by OPENSSL_NO_TLSEXT, I tried defining that, and encountered libssl build errors that required also setting OPENSSL_NO_HEARTBEATS, OPENSSL_NO_SRP, OPENSSL_NO_SRTP. Based on further build errors I found that in tls_srp.c the "#ifndef OPENSSL_NO_SRTP" was before the "#include ssl_locl.h", which is where it gets set from including opensslconf.h. I could resolve that either by moving the ssl_locl.h include prior to the #indef, or by defining it in the make call. But even with that I get errors. So I'm thinking I'm going down a path with no solution. Scanning the openssl-dev list, I see comments to the effect that no-tlsext option is not really supported anymore, which seems to be the case. Does this mean it is no longer possible (perhaps I should say "straightforward") to build libssl without AES support in libcrypto? Why would I even want to have a libssl/libcrypto not using AES? It seems having strong crypto can cause export restriction issues for products that contain it, so having a standard product without it made sense, along with a special version of the product with strong crypto. Am I making a mountain out of a molehill? Thanks, Kevin
