On Mon, Jul 26, 2010, Markus Hofer wrote: > Hi guys > > Sorry for the double posts earlier on. I am still trying to build openssl as > small as possible. Therefore I want to build openssl without RSA,DSA and DH > support.( I am working on that for some days now....). U > However I have some troubles. I didn't find any related posts to that problem. > > Building the file from linux command with: > > ./config --prefix=/home_vie/mhofer/tmp_opensslscratch > --openssldir=/home_vie/mhofer/tmp_opensslscratch/openssl no-threads no-zlib > no-shared no-bf no-cast no-des no-md2 no-mdc2 no-rc2 no-rc4 no-rc5 no-rsa > no-dsa no-dh; make depend; make > > the build crashes with: > > gcc -I.. -I../.. -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -march=pentium > -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM > -DRMD160_ASM -DAES_ASM -c -o eng_cnf.o eng_cnf.c > gcc -I.. -I../.. -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -march=pentium > -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM > -DRMD160_ASM -DAES_ASM -c -o eng_dyn.o eng_dyn.c > gcc -I.. -I../.. -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -march=pentium > -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM > -DRMD160_ASM -DAES_ASM -c -o eng_cryptodev.o eng_cryptodev.c > In file included from eng_cryptodev.c:33: > ../../include/openssl/dsa.h:71:2: error: #error DSA is disabled. > In file included from eng_cryptodev.c:34: > ../../include/openssl/rsa.h:74:2: error: #error RSA is disabled. > In file included from eng_cryptodev.c:35: > ../../include/openssl/dh.h:65:3: error: #error DH is disabled. > make[2]: *** [eng_cryptodev.o] Error 1 > make[2]: Leaving directory > `/home_vie/mhofer/data/openssl-0.9.8o/crypto/engine' > make[1]: *** [subdirs] Error 1 > make[1]: Leaving directory `/home_vie/mhofer/data/openssl-0.9.8o/crypto' > make: *** [build_crypto] Error 1 > > I have looked into the correspondig .h files and found the following: > > e.g for rsa.h > > #ifdef OPENSSL_NO_RSA > #error RSA is disabled. > #endif > > Therefore cleary the compiler terminates with an error. > > So my questions are: Has anybody encountered a similar problem? If so, is > there a already fix for it? If not, is it a bug? > > I think one solution would be to introduce #ifndef OPENSSL_NO_RSA at the > beginning of the files? >
I don't think anyone has tried cutting down OpenSSL to that extent. If you disable everything apart from SHA1, MD5 and HMAC almost nothing else will work including SSL/TLS. You could try no-engine as well to get past that point. It would be far easier just ripping out the bits of code you do need, MD5, SHA1 and HMAC. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
