The branch master has been updated
via 47bbaa5b607f592009ed40f5678fde21c10a873c (commit)
from 64b25758edca688a30f02c260262150f7ad0bc7d (commit)
- Log -----------------------------------------------------------------
commit 47bbaa5b607f592009ed40f5678fde21c10a873c
Author: David Woodhouse <[email protected]>
Date: Thu Jul 23 17:30:06 2015 +0100
Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.
In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.
Signed-off-by: Rich Salz <[email protected]>
Reviewed-by: Tim Hudson <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
Configure | 5 +-
crypto/asn1/x_x509.c | 4 ++
crypto/x509/x509_vfy.c | 2 +
crypto/x509v3/ext_dat.h | 2 +
crypto/x509v3/v3_addr.c | 3 ++
crypto/x509v3/v3_asid.c | 3 ++
crypto/x509v3/v3_purp.c | 4 ++
include/openssl/x509.h | 2 +
include/openssl/x509v3.h | 2 +
makevms.com | 1 +
util/libeay.num | 134 +++++++++++++++++++++++------------------------
util/mkdef.pl | 6 ++-
12 files changed, 97 insertions(+), 71 deletions(-)
diff --git a/Configure b/Configure
index fb20e85..f6007c1 100755
--- a/Configure
+++ b/Configure
@@ -769,7 +769,7 @@ my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
-my $no_rfc3779=1; # but "no-rfc3779" is default
+my $no_rfc3779=0;
my $no_asm=0;
my $no_dso=0;
my $no_gmp=0;
@@ -806,7 +806,6 @@ my %disabled = ( # "what" => "comment" [or special
keyword "experimental
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
- "rfc3779" => "default",
"sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
@@ -819,7 +818,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED
-DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE
-DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP
-DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED
-DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE
-DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE
-DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the
defaults.
# To remove something from %disabled, use "enable-foo" (unless it's
experimental).
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 17bbb91..6e7850c 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -95,8 +95,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
+#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -116,8 +118,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
+#endif
OPENSSL_free(ret->name);
break;
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index bc48b8a..6169db1 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok)
goto end;
+#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
@@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
+#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index d43c86c..9c3529b 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -103,8 +103,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
+#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
+#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 5c22c6d..c1c38a0 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -69,6 +69,7 @@
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -1339,3 +1340,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
+
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index f390c2d..d40279a 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -69,6 +69,7 @@
#include <openssl/x509.h>
#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -893,3 +894,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
+
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index b03c323..61d9772 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
+#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
+#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
+#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
+#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 708a695..02138cb 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -201,8 +201,10 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
+# endif
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
X509_CERT_AUX *aux;
} /* X509 */ ;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 19fcb39..280b9c1 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -756,6 +756,7 @@ int X509V3_NAME_from_section(X509_NAME *nm,
STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
+#ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
@@ -898,6 +899,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
+#endif /* OPENSSL_NO_RFC3779 */
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/makevms.com b/makevms.com
index c1c3060..35c44ec 100755
--- a/makevms.com
+++ b/makevms.com
@@ -292,6 +292,7 @@ $ CONFIG_LOGICALS := AES,-
RC2,-
RC4,-
RC5,-
+ RFC3779,-
RMD160,-
RSA,-
SCTP,-
diff --git a/util/libeay.num b/util/libeay.num
index fd8375d..d7d4049 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -3412,106 +3412,106 @@ EVP_camellia_256_cfb8 3810
EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
a2i_ipadd 3813 EXIST::FUNCTION:
-ASIdentifiers_free 3814 EXIST::FUNCTION:
-i2d_ASIdOrRange 3815 EXIST::FUNCTION:
+ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
-v3_asid_is_canonical 3817 EXIST::FUNCTION:
-IPAddressChoice_free 3818 EXIST::FUNCTION:
+v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
+IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
BIO_set_callback_arg 3820 EXIST::FUNCTION:
-v3_addr_add_prefix 3821 EXIST::FUNCTION:
-IPAddressOrRange_it 3822
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressOrRange_it 3822
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it 3822
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it 3822
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
BIO_set_flags 3823 EXIST::FUNCTION:
-ASIdentifiers_it 3824
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifiers_it 3824
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_addr_get_range 3825 EXIST::FUNCTION:
+ASIdentifiers_it 3824
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it 3824
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
BIO_method_type 3826 EXIST::FUNCTION:
-v3_addr_inherits 3827 EXIST::FUNCTION:
-IPAddressChoice_it 3828
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressChoice_it 3828
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
+IPAddressChoice_it 3828
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it 3828
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
AES_ige_encrypt 3829 EXIST::FUNCTION:AES
-v3_addr_add_range 3830 EXIST::FUNCTION:
+v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
-d2i_ASRange 3832 EXIST::FUNCTION:
-v3_addr_add_inherit 3833 EXIST::FUNCTION:
-v3_asid_add_id_or_range 3834 EXIST::FUNCTION:
-v3_addr_validate_resource_set 3835 EXIST::FUNCTION:
+d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
EVP_MD_type 3837 EXIST::FUNCTION:
-v3_asid_canonize 3838 EXIST::FUNCTION:
-IPAddressRange_free 3839 EXIST::FUNCTION:
-v3_asid_add_inherit 3840 EXIST::FUNCTION:
+v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
+IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
-IPAddressRange_new 3842 EXIST::FUNCTION:
-ASIdOrRange_new 3843 EXIST::FUNCTION:
+IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
+ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
EVP_MD_size 3844 EXIST::FUNCTION:
EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
BIO_clear_flags 3846 EXIST::FUNCTION:
-i2d_ASRange 3847 EXIST::FUNCTION:
-IPAddressRange_it 3848
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressRange_it 3848
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-IPAddressChoice_new 3849 EXIST::FUNCTION:
-ASIdentifierChoice_new 3850 EXIST::FUNCTION:
-ASRange_free 3851 EXIST::FUNCTION:
+i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
+IPAddressRange_it 3848
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it 3848
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
+ASRange_free 3851 EXIST::FUNCTION:RFC3779
EVP_MD_pkey_type 3852 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
-IPAddressFamily_free 3854 EXIST::FUNCTION:
-i2d_IPAddressFamily 3855 EXIST::FUNCTION:
-IPAddressOrRange_new 3856 EXIST::FUNCTION:
+IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
EVP_CIPHER_flags 3857 EXIST::FUNCTION:
-v3_asid_validate_resource_set 3858 EXIST::FUNCTION:
-d2i_IPAddressRange 3859 EXIST::FUNCTION:
+v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
BIO_get_callback 3861 EXIST::FUNCTION:
-IPAddressOrRange_free 3862 EXIST::FUNCTION:
-v3_addr_subset 3863 EXIST::FUNCTION:
-d2i_IPAddressFamily 3864 EXIST::FUNCTION:
-v3_asid_subset 3865 EXIST::FUNCTION:
+IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
+v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
+v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
BIO_test_flags 3866 EXIST::FUNCTION:
-i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:
-ASRange_it 3868
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASRange_it 3868
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASIdentifiers 3869 EXIST::FUNCTION:
-ASRange_new 3870 EXIST::FUNCTION:
-d2i_IPAddressChoice 3871 EXIST::FUNCTION:
-v3_addr_get_afi 3872 EXIST::FUNCTION:
+i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
+ASRange_it 3868
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it 3868
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
+ASRange_new 3870 EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
+v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
EVP_Cipher 3874 EXIST::FUNCTION:
-i2d_IPAddressOrRange 3875 EXIST::FUNCTION:
-ASIdOrRange_it 3876
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdOrRange_it 3876
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
+ASIdOrRange_it 3876
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it 3876
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
EVP_CIPHER_nid 3877 EXIST::FUNCTION:
-i2d_IPAddressChoice 3878 EXIST::FUNCTION:
+i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
-ASIdentifiers_new 3880 EXIST::FUNCTION:
-v3_addr_validate_path 3881 EXIST::FUNCTION:
-IPAddressFamily_new 3882 EXIST::FUNCTION:
+ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
+v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
+IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
-v3_addr_is_canonical 3884 EXIST::FUNCTION:
-i2d_IPAddressRange 3885 EXIST::FUNCTION:
-IPAddressFamily_it 3886
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressFamily_it 3886
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_asid_inherits 3887 EXIST::FUNCTION:
+v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
+IPAddressFamily_it 3886
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it 3886
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
EVP_MD_block_size 3890 EXIST::FUNCTION:
EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
-v3_asid_validate_path 3892 EXIST::FUNCTION:
-d2i_IPAddressOrRange 3893 EXIST::FUNCTION:
-v3_addr_canonize 3894 EXIST::FUNCTION:
-ASIdentifierChoice_it 3895
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifierChoice_it 3895
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
+v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it 3895
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it 3895
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
EVP_MD_CTX_md 3896 EXIST::FUNCTION:
-d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:
+d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
BIO_method_name 3898 EXIST::FUNCTION:
EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
-ASIdOrRange_free 3900 EXIST::FUNCTION:
-ASIdentifierChoice_free 3901 EXIST::FUNCTION:
+ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
BIO_get_callback_arg 3902 EXIST::FUNCTION:
BIO_set_callback 3903 EXIST::FUNCTION:
-d2i_ASIdOrRange 3904 EXIST::FUNCTION:
-i2d_ASIdentifiers 3905 EXIST::FUNCTION:
+d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
CRYPTO_memcmp 3906 EXIST::FUNCTION:
BN_consttime_swap 3907 EXIST::FUNCTION:
SEED_decrypt 3908 EXIST::FUNCTION:SEED
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b21d03b..26fa209 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES",
"BF",
"FP_API", "STDIO", "SOCK", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
+ # RFC3779
+ "RFC3779",
# TLS
"PSK", "SRP", "HEARTBEATS",
# CMS
@@ -124,7 +126,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my
$no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_psk; my $no_cms; my $no_capieng;
+my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
+ elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; }
@@ -1197,6 +1200,7 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) {
return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
+ if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
