[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Jan 27 15:20:39 UTC 2015
The branch master has been updated
via c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit)
from a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit)
- Log -----------------------------------------------------------------
commit c73ad690174171b63a53dabdb2f2d9ebfd30053a
Author: Rich Salz <rsalz at openssl.org>
Date: Tue Jan 27 10:19:14 2015 -0500
OPENSSL_NO_xxx cleanup: RFC3779
Remove OPENSSL_NO_RFCF3779.
Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_x509.c | 4 ----
crypto/x509/x509.h | 2 --
crypto/x509/x509_vfy.c | 2 --
crypto/x509v3/ext_dat.h | 2 --
crypto/x509v3/v3_addr.c | 11 ++++-------
crypto/x509v3/v3_asid.c | 7 ++-----
crypto/x509v3/v3_purp.c | 4 ----
crypto/x509v3/x509v3.h | 28 ++++++++++++----------------
makevms.com | 7 +------
util/mkdef.pl | 6 +-----
10 files changed, 20 insertions(+), 53 deletions(-)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index cd838e0..f487dbb 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
-#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
-#endif
if (ret->name != NULL)
OPENSSL_free(ret->name);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 5b25de0..13f7531 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -278,10 +278,8 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
-# endif
# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8e639c8..31bb95b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok)
goto end;
-#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
@@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
-#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c3a6fce..4e0fe92 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
-#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
-#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 94cfed0..1635421 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -69,7 +69,6 @@
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
/*
* How much buffer space do we need for a raw address?
*/
-# define ADDR_RAW_BUF_LEN 16
+#define ADDR_RAW_BUF_LEN 16
/*
* What's the address length associated with this AFI?
@@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr,
/*
* Extract the prefix length from a bitstring.
*/
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
/*
* i2r handler for one address bitstring.
@@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}
-# undef validation_err
+#undef validation_err
/*
* RFC 3779 2.3 path validation -- called from X509_verify_cert().
@@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 68a5f68..34469eb 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -69,7 +69,6 @@
#include <openssl/x509.h>
#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}
-# undef validation_err
+#undef validation_err
/*
* RFC 3779 3.3 path validation -- called from X509_verify_cert().
@@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 36b0d87..dfc8c5b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
-#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
-#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
-#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
-#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index a0c7e1a..a99d71b 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
-# ifndef OPENSSL_NO_RFC3779
-
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
-# define ASIdOrRange_id 0
-# define ASIdOrRange_range 1
+# define ASIdOrRange_id 0
+# define ASIdOrRange_range 1
typedef struct ASIdOrRange_st {
int type;
@@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st {
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)
-# define ASIdentifierChoice_inherit 0
-# define ASIdentifierChoice_asIdsOrRanges 1
+# define ASIdentifierChoice_inherit 0
+# define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st {
int type;
@@ -802,8 +800,8 @@ typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min, *max;
} IPAddressRange;
-# define IPAddressOrRange_addressPrefix 0
-# define IPAddressOrRange_addressRange 1
+# define IPAddressOrRange_addressPrefix 0
+# define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st {
int type;
@@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st {
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)
-# define IPAddressChoice_inherit 0
-# define IPAddressChoice_addressesOrRanges 1
+# define IPAddressChoice_inherit 0
+# define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st {
int type;
@@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
-# define V3_ASID_ASNUM 0
-# define V3_ASID_RDI 1
+# define V3_ASID_ASNUM 0
+# define V3_ASID_RDI 1
/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
@@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
-# define IANA_AFI_IPV4 1
-# define IANA_AFI_IPV6 2
+# define IANA_AFI_IPV4 1
+# define IANA_AFI_IPV6 2
/*
* Utilities to construct and extract values from RFC3779 extensions,
@@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
-# endif /* OPENSSL_NO_RFC3779 */
-
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/makevms.com b/makevms.com
index 82aa4ce..4705346 100755
--- a/makevms.com
+++ b/makevms.com
@@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order
$ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,-
BF,-
- BIO,-
- BUFFER,-
- BUF_FREELISTS,-
CAMELLIA,-
CAST,-
CMS,-
@@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,-
RC2,-
RC4,-
RC5,-
- RFC3779,-
RIPEMD,-
RSA,-
SEED,-
@@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,-
STDIO,-
STORE,-
TLSEXT,-
- WHIRLPOOL,-
- X509
+ WHIRLPOOL
$! Add a few that we know about
$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
THREADS
diff --git a/util/mkdef.pl b/util/mkdef.pl
index e5063b0..a6f64e3 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
- # RFC3779
- "RFC3779",
# TLS
"TLSEXT", "PSK", "SRP", "HEARTBEATS",
# CMS
@@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
@@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
@@ -1209,7 +1206,6 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
More information about the openssl-commits
mailing list