Updated patch. fixing a typo that broke the no-rfc3779 support in util/mkdef.pl
-- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
>From 03ac2e3a1052c73e030884c2df501c0fe6715e8c Mon Sep 17 00:00:00 2001
From: David Woodhouse <david.woodho...@intel.com>
Date: Thu, 6 Aug 2015 13:54:45 +0100
Subject: [PATCH] RT3992: Allow RFC6962 Signed Certificate Timestamps to be
disabled
This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.
In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.
---
crypto/x509v3/ext_dat.h | 2 ++
crypto/x509v3/v3_scts.c | 2 ++
makevms.com | 1 +
util/mkdef.pl | 6 +++++-
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 9c3529b..76be621 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_idp,
&v3_alt[2],
&v3_freshest_crl,
+#ifndef OPENSSL_NO_SCT
&v3_ct_scts[0],
&v3_ct_scts[1],
+#endif
};
/* Number of standard extensions */
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 61e5a83..0ffdfb8 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -61,6 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_SCT
/* Signature and hash algorithms from RFC 5246 */
#define TLSEXT_hash_sha256 4
@@ -321,3 +322,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
return 1;
}
+#endif
diff --git a/makevms.com b/makevms.com
index 35c44ec..500b191 100755
--- a/makevms.com
+++ b/makevms.com
@@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,-
RFC3779,-
RMD160,-
RSA,-
+ SCT,-
SCTP,-
SEED,-
SOCK,-
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 26fa209..3147856 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
+ # X.509v3 Signed Certificate Timestamps
+ "SCT",
# RFC3779
"RFC3779",
# TLS
@@ -126,7 +128,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
+my $no_sct; my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -215,6 +217,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
+ elsif (/^no-sct$/) { $no_sct=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
@@ -1200,6 +1203,7 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
+ if ($keyword eq "SCT" && $no_sct) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
--
2.4.3
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
