From 47bbaa5b607f592009ed40f5678fde21c10a873c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 23 Jul 2015 17:30:06 +0100 Subject: [PATCH] Revert "OPENSSL_NO_xxx cleanup: RFC3779" This reverts the non-cleanup parts of commit c73ad69017. We do actually have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI build, since we don't have a strspn() function in our runtime environment and we don't want the RFC3779 functionality anyway. In addition, it changes the default behaviour of the Configure script so that RFC3779 support isn't disabled by default. It was always disabled from when it was first added in 2006, right up until the point where OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the Configure script was left *trying* to disable it, but not actually working. Signed-off-by: Rich Salz Reviewed-by: Tim Hudson --- Configure | 5 +- crypto/asn1/x_x509.c | 4 ++ crypto/x509/x509_vfy.c | 2 + crypto/x509v3/ext_dat.h | 2 + crypto/x509v3/v3_addr.c | 3 + crypto/x509v3/v3_asid.c | 3 + crypto/x509v3/v3_purp.c | 4 ++ include/openssl/x509.h | 2 + include/openssl/x509v3.h | 2 + makevms.com | 1 + util/libeay.num | 134 +++++++++++++++++++-------------------- util/mkdef.pl | 6 +- 12 files changed, 97 insertions(+), 71 deletions(-) diff --git a/Configure b/Configure index fb20e85c57..f6007c1169 100755 --- a/Configure +++ b/Configure @@ -769,7 +769,7 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_rfc3779=0; my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -806,7 +806,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "jpake" => "experimental", "md2" => "default", "rc5" => "default", - "rfc3779" => "default", "sctp" => "default", "shared" => "default", "ssl-trace" => "default", @@ -819,7 +818,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 17bbb913f6..6e7850cc05 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -95,8 +95,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->ex_pathlen = -1; ret->skid = NULL; ret->akid = NULL; +#ifndef OPENSSL_NO_RFC3779 ret->rfc3779_addr = NULL; ret->rfc3779_asid = NULL; +#endif ret->aux = NULL; ret->crldp = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); @@ -116,8 +118,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, policy_cache_free(ret->policy_cache); GENERAL_NAMES_free(ret->altname); NAME_CONSTRAINTS_free(ret->nc); +#ifndef OPENSSL_NO_RFC3779 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); +#endif OPENSSL_free(ret->name); break; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index bc48b8a334..6169db1e1c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; +#ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); if (!ok) @@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = v3_addr_validate_path(ctx); if (!ok) goto end; +#endif /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index d43c86c65f..9c3529b1ce 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -103,8 +103,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_RFC3779 &v3_addr, &v3_asid, +#endif #ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 5c22c6d882..c1c38a0c88 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -69,6 +69,7 @@ #include #include +#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. @@ -1339,3 +1340,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_addr_validate_path_internal(NULL, chain, ext); } + +#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index f390c2d019..d40279a5d0 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -69,6 +69,7 @@ #include #include +#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 3.2.3. @@ -893,3 +894,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_asid_validate_path_internal(NULL, chain, ext); } + +#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b03c323dfc..61d97726dc 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ +#ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ +#endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ @@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; setup_crldp(x); +#ifndef OPENSSL_NO_RFC3779 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, NULL, NULL); +#endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 708a695876..02138cbc47 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -201,8 +201,10 @@ struct x509_st { STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; +#ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; +# endif unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; } /* X509 */ ; diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 19fcb39883..280b9c143e 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -756,6 +756,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) +#ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; @@ -898,6 +899,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); +#endif /* OPENSSL_NO_RFC3779 */ /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/makevms.com b/makevms.com index c1c3060b67..35c44ecb39 100755 --- a/makevms.com +++ b/makevms.com @@ -292,6 +292,7 @@ $ CONFIG_LOGICALS := AES,- RC2,- RC4,- RC5,- + RFC3779,- RMD160,- RSA,- SCTP,- diff --git a/util/libeay.num b/util/libeay.num index fd8375da67..d7d4049fa6 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3412,106 +3412,106 @@ EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA a2i_ipadd 3813 EXIST::FUNCTION: -ASIdentifiers_free 3814 EXIST::FUNCTION: -i2d_ASIdOrRange 3815 EXIST::FUNCTION: +ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779 +i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779 EVP_CIPHER_block_size 3816 EXIST::FUNCTION: -v3_asid_is_canonical 3817 EXIST::FUNCTION: -IPAddressChoice_free 3818 EXIST::FUNCTION: +v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779 +IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779 EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION: BIO_set_callback_arg 3820 EXIST::FUNCTION: -v3_addr_add_prefix 3821 EXIST::FUNCTION: -IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779 +IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 BIO_set_flags 3823 EXIST::FUNCTION: -ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -v3_addr_get_range 3825 EXIST::FUNCTION: +ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779 BIO_method_type 3826 EXIST::FUNCTION: -v3_addr_inherits 3827 EXIST::FUNCTION: -IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779 +IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 AES_ige_encrypt 3829 EXIST::FUNCTION:AES -v3_addr_add_range 3830 EXIST::FUNCTION: +v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779 EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION: -d2i_ASRange 3832 EXIST::FUNCTION: -v3_addr_add_inherit 3833 EXIST::FUNCTION: -v3_asid_add_id_or_range 3834 EXIST::FUNCTION: -v3_addr_validate_resource_set 3835 EXIST::FUNCTION: +d2i_ASRange 3832 EXIST::FUNCTION:RFC3779 +v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779 +v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779 +v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779 EVP_CIPHER_iv_length 3836 EXIST::FUNCTION: EVP_MD_type 3837 EXIST::FUNCTION: -v3_asid_canonize 3838 EXIST::FUNCTION: -IPAddressRange_free 3839 EXIST::FUNCTION: -v3_asid_add_inherit 3840 EXIST::FUNCTION: +v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779 +IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779 +v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779 EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION: -IPAddressRange_new 3842 EXIST::FUNCTION: -ASIdOrRange_new 3843 EXIST::FUNCTION: +IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779 +ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779 EVP_MD_size 3844 EXIST::FUNCTION: EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION: BIO_clear_flags 3846 EXIST::FUNCTION: -i2d_ASRange 3847 EXIST::FUNCTION: -IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -IPAddressChoice_new 3849 EXIST::FUNCTION: -ASIdentifierChoice_new 3850 EXIST::FUNCTION: -ASRange_free 3851 EXIST::FUNCTION: +i2d_ASRange 3847 EXIST::FUNCTION:RFC3779 +IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779 +ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779 +ASRange_free 3851 EXIST::FUNCTION:RFC3779 EVP_MD_pkey_type 3852 EXIST::FUNCTION: EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION: -IPAddressFamily_free 3854 EXIST::FUNCTION: -i2d_IPAddressFamily 3855 EXIST::FUNCTION: -IPAddressOrRange_new 3856 EXIST::FUNCTION: +IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779 +i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779 +IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779 EVP_CIPHER_flags 3857 EXIST::FUNCTION: -v3_asid_validate_resource_set 3858 EXIST::FUNCTION: -d2i_IPAddressRange 3859 EXIST::FUNCTION: +v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779 +d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779 AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES BIO_get_callback 3861 EXIST::FUNCTION: -IPAddressOrRange_free 3862 EXIST::FUNCTION: -v3_addr_subset 3863 EXIST::FUNCTION: -d2i_IPAddressFamily 3864 EXIST::FUNCTION: -v3_asid_subset 3865 EXIST::FUNCTION: +IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779 +v3_addr_subset 3863 EXIST::FUNCTION:RFC3779 +d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779 +v3_asid_subset 3865 EXIST::FUNCTION:RFC3779 BIO_test_flags 3866 EXIST::FUNCTION: -i2d_ASIdentifierChoice 3867 EXIST::FUNCTION: -ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_ASIdentifiers 3869 EXIST::FUNCTION: -ASRange_new 3870 EXIST::FUNCTION: -d2i_IPAddressChoice 3871 EXIST::FUNCTION: -v3_addr_get_afi 3872 EXIST::FUNCTION: +i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779 +ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779 +ASRange_new 3870 EXIST::FUNCTION:RFC3779 +d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779 +v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779 EVP_CIPHER_key_length 3873 EXIST::FUNCTION: EVP_Cipher 3874 EXIST::FUNCTION: -i2d_IPAddressOrRange 3875 EXIST::FUNCTION: -ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779 +ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 EVP_CIPHER_nid 3877 EXIST::FUNCTION: -i2d_IPAddressChoice 3878 EXIST::FUNCTION: +i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779 EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION: -ASIdentifiers_new 3880 EXIST::FUNCTION: -v3_addr_validate_path 3881 EXIST::FUNCTION: -IPAddressFamily_new 3882 EXIST::FUNCTION: +ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779 +v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779 +IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779 EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION: -v3_addr_is_canonical 3884 EXIST::FUNCTION: -i2d_IPAddressRange 3885 EXIST::FUNCTION: -IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -v3_asid_inherits 3887 EXIST::FUNCTION: +v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779 +i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779 +IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779 EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION: EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION: EVP_MD_block_size 3890 EXIST::FUNCTION: EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION: -v3_asid_validate_path 3892 EXIST::FUNCTION: -d2i_IPAddressOrRange 3893 EXIST::FUNCTION: -v3_addr_canonize 3894 EXIST::FUNCTION: -ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779 +d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779 +v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779 +ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 +ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 EVP_MD_CTX_md 3896 EXIST::FUNCTION: -d2i_ASIdentifierChoice 3897 EXIST::FUNCTION: +d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779 BIO_method_name 3898 EXIST::FUNCTION: EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION: -ASIdOrRange_free 3900 EXIST::FUNCTION: -ASIdentifierChoice_free 3901 EXIST::FUNCTION: +ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779 +ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779 BIO_get_callback_arg 3902 EXIST::FUNCTION: BIO_set_callback 3903 EXIST::FUNCTION: -d2i_ASIdOrRange 3904 EXIST::FUNCTION: -i2d_ASIdentifiers 3905 EXIST::FUNCTION: +d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 +i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 CRYPTO_memcmp 3906 EXIST::FUNCTION: BN_consttime_swap 3907 EXIST::FUNCTION: SEED_decrypt 3908 EXIST::FUNCTION:SEED diff --git a/util/mkdef.pl b/util/mkdef.pl index b21d03b36e..26fa20916f 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", + # RFC3779 + "RFC3779", # TLS "PSK", "SRP", "HEARTBEATS", # CMS @@ -124,7 +126,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_psk; my $no_cms; my $no_capieng; +my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; @@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } + elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; } @@ -1197,6 +1200,7 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } + if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) -- 2.34.1