[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue Jan 27 15:20:39 UTC 2015


The branch master has been updated
       via  c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit)
      from  a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit)


- Log -----------------------------------------------------------------
commit c73ad690174171b63a53dabdb2f2d9ebfd30053a
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Jan 27 10:19:14 2015 -0500

    OPENSSL_NO_xxx cleanup: RFC3779
    
    Remove OPENSSL_NO_RFCF3779.
    
    Also, makevms.com was ignored by some of the other cleanups, so
    I caught it up.  Sorry I ignored you, poor little VMS...
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/x_x509.c    |    4 ----
 crypto/x509/x509.h      |    2 --
 crypto/x509/x509_vfy.c  |    2 --
 crypto/x509v3/ext_dat.h |    2 --
 crypto/x509v3/v3_addr.c |   11 ++++-------
 crypto/x509v3/v3_asid.c |    7 ++-----
 crypto/x509v3/v3_purp.c |    4 ----
 crypto/x509v3/x509v3.h  |   28 ++++++++++++----------------
 makevms.com             |    7 +------
 util/mkdef.pl           |    6 +-----
 10 files changed, 20 insertions(+), 53 deletions(-)

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index cd838e0..f487dbb 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ret->ex_pathlen = -1;
         ret->skid = NULL;
         ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
         ret->rfc3779_addr = NULL;
         ret->rfc3779_asid = NULL;
-#endif
         ret->aux = NULL;
         ret->crldp = NULL;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         policy_cache_free(ret->policy_cache);
         GENERAL_NAMES_free(ret->altname);
         NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
         sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
         ASIdentifiers_free(ret->rfc3779_asid);
-#endif
 
         if (ret->name != NULL)
             OPENSSL_free(ret->name);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 5b25de0..13f7531 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -278,10 +278,8 @@ struct x509_st {
     STACK_OF(DIST_POINT) *crldp;
     STACK_OF(GENERAL_NAME) *altname;
     NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
     STACK_OF(IPAddressFamily) *rfc3779_addr;
     struct ASIdentifiers_st *rfc3779_asid;
-# endif
 # ifndef OPENSSL_NO_SHA
     unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 # endif
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8e639c8..31bb95b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (!ok)
         goto end;
 
-#ifndef OPENSSL_NO_RFC3779
     /* RFC 3779 path validation, now that CRL check has been done */
     ok = v3_asid_validate_path(ctx);
     if (!ok)
@@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     ok = v3_addr_validate_path(ctx);
     if (!ok)
         goto end;
-#endif
 
     /* If we get this far evaluate policies */
     if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c3a6fce..4e0fe92 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &v3_sxnet,
     &v3_info,
-#ifndef OPENSSL_NO_RFC3779
     &v3_addr,
     &v3_asid,
-#endif
 #ifndef OPENSSL_NO_OCSP
     &v3_ocsp_nonce,
     &v3_ocsp_crlid,
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 94cfed0..1635421 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -69,7 +69,6 @@
 #include <openssl/buffer.h>
 #include <openssl/x509v3.h>
 
-#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
 /*
  * How much buffer space do we need for a raw address?
  */
-# define ADDR_RAW_BUF_LEN        16
+#define ADDR_RAW_BUF_LEN        16
 
 /*
  * What's the address length associated with this AFI?
@@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr,
 /*
  * Extract the prefix length from a bitstring.
  */
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
 
 /*
  * i2r handler for one address bitstring.
@@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
 /*
  * Validation error handling via callback.
  */
-# define validation_err(_err_)           \
+#define validation_err(_err_)           \
   do {                                  \
     if (ctx != NULL) {                  \
       ctx->error = _err_;               \
@@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
     return ret;
 }
 
-# undef validation_err
+#undef validation_err
 
 /*
  * RFC 3779 2.3 path validation -- called from X509_verify_cert().
@@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_addr_validate_path_internal(NULL, chain, ext);
 }
-
-#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 68a5f68..34469eb 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -69,7 +69,6 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 
-#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 /*
  * Validation error handling via callback.
  */
-# define validation_err(_err_)           \
+#define validation_err(_err_)           \
   do {                                  \
     if (ctx != NULL) {                  \
       ctx->error = _err_;               \
@@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
     return ret;
 }
 
-# undef validation_err
+#undef validation_err
 
 /*
  * RFC 3779 3.3 path validation -- called from X509_verify_cert().
@@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_asid_validate_path_internal(NULL, chain, ext);
 }
-
-#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 36b0d87..dfc8c5b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex)
         NID_basic_constraints,  /* 87 */
         NID_certificate_policies, /* 89 */
         NID_ext_key_usage,      /* 126 */
-#ifndef OPENSSL_NO_RFC3779
         NID_sbgp_ipAddrBlock,   /* 290 */
         NID_sbgp_autonomousSysNum, /* 291 */
-#endif
         NID_policy_constraints, /* 401 */
         NID_proxyCertInfo,      /* 663 */
         NID_name_constraints,   /* 666 */
@@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x)
         x->ex_flags |= EXFLAG_INVALID;
     setup_crldp(x);
 
-#ifndef OPENSSL_NO_RFC3779
     x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
     x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
                                        NULL, NULL);
-#endif
     for (i = 0; i < X509_get_ext_count(x); i++) {
         ex = X509_get_ext(x, i);
         if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index a0c7e1a..a99d71b 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
 
-# ifndef OPENSSL_NO_RFC3779
-
 typedef struct ASRange_st {
     ASN1_INTEGER *min, *max;
 } ASRange;
 
-#  define ASIdOrRange_id          0
-#  define ASIdOrRange_range       1
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
 
 typedef struct ASIdOrRange_st {
     int type;
@@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st {
 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
 DECLARE_STACK_OF(ASIdOrRange)
 
-#  define ASIdentifierChoice_inherit              0
-#  define ASIdentifierChoice_asIdsOrRanges        1
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
 
 typedef struct ASIdentifierChoice_st {
     int type;
@@ -802,8 +800,8 @@ typedef struct IPAddressRange_st {
     ASN1_BIT_STRING *min, *max;
 } IPAddressRange;
 
-#  define IPAddressOrRange_addressPrefix  0
-#  define IPAddressOrRange_addressRange   1
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
 
 typedef struct IPAddressOrRange_st {
     int type;
@@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st {
 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
 DECLARE_STACK_OF(IPAddressOrRange)
 
-#  define IPAddressChoice_inherit                 0
-#  define IPAddressChoice_addressesOrRanges       1
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
 
 typedef struct IPAddressChoice_st {
     int type;
@@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
 /*
  * API tag for elements of the ASIdentifer SEQUENCE.
  */
-#  define V3_ASID_ASNUM   0
-#  define V3_ASID_RDI     1
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
 
 /*
  * AFI values, assigned by IANA.  It'd be nice to make the AFI
@@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
  * that would need to be defined for other address families for it to
  * be worth the trouble.
  */
-#  define IANA_AFI_IPV4   1
-#  define IANA_AFI_IPV6   2
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
 
 /*
  * Utilities to construct and extract values from RFC3779 extensions,
@@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
                                   IPAddrBlocks *ext, int allow_inheritance);
 
-# endif                         /* OPENSSL_NO_RFC3779 */
-
 /* BEGIN ERROR CODES */
 /*
  * The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/makevms.com b/makevms.com
index 82aa4ce..4705346 100755
--- a/makevms.com
+++ b/makevms.com
@@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order
 $ CONFIG_LOGICALS := AES,-
 		     ASM,INLINE_ASM,-
 		     BF,-
-		     BIO,-
-		     BUFFER,-
-		     BUF_FREELISTS,-
 		     CAMELLIA,-
 		     CAST,-
 		     CMS,-
@@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,-
 		     RC2,-
 		     RC4,-
 		     RC5,-
-		     RFC3779,-
 		     RIPEMD,-
 		     RSA,-
 		     SEED,-
@@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,-
 		     STDIO,-
 		     STORE,-
 		     TLSEXT,-
-		     WHIRLPOOL,-
-		     X509
+		     WHIRLPOOL
 $! Add a few that we know about
 $ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
 		     THREADS
diff --git a/util/mkdef.pl b/util/mkdef.pl
index e5063b0..a6f64e3 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
 			 # Engines
 			 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-			 # RFC3779
-			 "RFC3779",
 			 # TLS
 			 "TLSEXT", "PSK", "SRP", "HEARTBEATS",
 			 # CMS
@@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method;
@@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-engine$/)	{ $no_engine=1; }
 	elsif (/^no-hw$/)	{ $no_hw=1; }
 	elsif (/^no-gmp$/)	{ $no_gmp=1; }
-	elsif (/^no-rfc3779$/)	{ $no_rfc3779=1; }
 	elsif (/^no-tlsext$/)	{ $no_tlsext=1; }
 	elsif (/^no-cms$/)	{ $no_cms=1; }
 	elsif (/^no-ec2m$/)	{ $no_ec2m=1; }
@@ -1209,7 +1206,6 @@ sub is_valid
 			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
 			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
 			if ($keyword eq "GMP" && $no_gmp) { return 0; }
-			if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
 			if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
 			if ($keyword eq "PSK" && $no_psk) { return 0; }
 			if ($keyword eq "CMS" && $no_cms) { return 0; }


More information about the openssl-commits mailing list