Change to mitigate branch prediction attacks

[openssl.git] / util / mkdef.pl

diff --git a/util/mkdef.pl b/util/mkdef.pl
index e3cb0169bf2e926d71630fab8f3f76a15b71d920..8bb9c497948e227c9d30648a0915ca836abcd43f 100755 (executable)
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -85,7 +85,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
                         "SHA256", "SHA512", "RIPEMD",
                         "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA",
-                        "HMAC", "AES", "WHIRLPOOL",
+                        "HMAC", "AES", "WHIRLPOOL", "CAMELLIA", "GOST",
                         # Envelope "algorithms"
                         "EVP", "X509", "ASN1_TYPEDEFS",
                         # Helper "algorithms"
@@ -95,6 +95,10 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
                         # Engines
                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+                        # RFC3779
+                        "RFC3779",
+                        # TLS
+                        "TLSEXT", "PSK",
                         # Deprecated functions
                         "DEPRECATED" );
 
@@ -109,11 +113,12 @@ close(IN);
 # defined with ifndef(NO_XXX) are not included in the .def file, and everything
 # in directory xxx is ignored.
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast; my $no_whirlpool;
+my $no_cast; my $no_whirlpool; my $no_camellia;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
+my $no_rfc3779; my $no_psk; my $no_tlsext;
 
 
 foreach (@ARGV, split(/ /, $options))
@@ -177,6 +182,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-ecdh$/)     { $no_ecdh=1; }
        elsif (/^no-hmac$/)     { $no_hmac=1; }
        elsif (/^no-aes$/)      { $no_aes=1; }
+       elsif (/^no-camellia$/) { $no_camellia=1; }
        elsif (/^no-evp$/)      { $no_evp=1; }
        elsif (/^no-lhash$/)    { $no_lhash=1; }
        elsif (/^no-stack$/)    { $no_stack=1; }
@@ -190,6 +196,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-engine$/)   { $no_engine=1; }
        elsif (/^no-hw$/)       { $no_hw=1; }
        elsif (/^no-gmp$/)      { $no_gmp=1; }
+       elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        }
 
 
@@ -225,6 +232,7 @@ $max_crypto = $max_num;
 
 my $ssl="ssl/ssl.h";
 $ssl.=" ssl/kssl.h";
+$ssl.=" ssl/tls1.h";
 
 my $crypto ="crypto/crypto.h";
 $crypto.=" crypto/o_dir.h";
@@ -243,6 +251,7 @@ $crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
 $crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
 $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
 $crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
+$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
 
 $crypto.=" crypto/bn/bn.h";
 $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
@@ -1093,6 +1102,7 @@ sub is_valid
                        if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
                        if ($keyword eq "HMAC" && $no_hmac) { return 0; }
                        if ($keyword eq "AES" && $no_aes) { return 0; }
+                       if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
                        if ($keyword eq "EVP" && $no_evp) { return 0; }
                        if ($keyword eq "LHASH" && $no_lhash) { return 0; }
                        if ($keyword eq "STACK" && $no_stack) { return 0; }
@@ -1107,6 +1117,9 @@ sub is_valid
                        if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
                        if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
+                       if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
+                       if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+                       if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
 
                        # Nothing recognise as true