[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Sep 3 21:46:29 UTC 2015


The branch master has been updated
       via  47bbaa5b607f592009ed40f5678fde21c10a873c (commit)
      from  64b25758edca688a30f02c260262150f7ad0bc7d (commit)


- Log -----------------------------------------------------------------
commit 47bbaa5b607f592009ed40f5678fde21c10a873c
Author: David Woodhouse <David.Woodhouse at intel.com>
Date:   Thu Jul 23 17:30:06 2015 +0100

    Revert "OPENSSL_NO_xxx cleanup: RFC3779"
    
    This reverts the non-cleanup parts of commit c73ad69017. We do actually
    have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
    build, since we don't have a strspn() function in our runtime environment
    and we don't want the RFC3779 functionality anyway.
    
    In addition, it changes the default behaviour of the Configure script so
    that RFC3779 support isn't disabled by default. It was always disabled
    from when it was first added in 2006, right up until the point where
    OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
    Configure script was left *trying* to disable it, but not actually
    working.
    
    Signed-off-by: Rich Salz <rsalz at akamai.com>
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configure                |   5 +-
 crypto/asn1/x_x509.c     |   4 ++
 crypto/x509/x509_vfy.c   |   2 +
 crypto/x509v3/ext_dat.h  |   2 +
 crypto/x509v3/v3_addr.c  |   3 ++
 crypto/x509v3/v3_asid.c  |   3 ++
 crypto/x509v3/v3_purp.c  |   4 ++
 include/openssl/x509.h   |   2 +
 include/openssl/x509v3.h |   2 +
 makevms.com              |   1 +
 util/libeay.num          | 134 +++++++++++++++++++++++------------------------
 util/mkdef.pl            |   6 ++-
 12 files changed, 97 insertions(+), 71 deletions(-)

diff --git a/Configure b/Configure
index fb20e85..f6007c1 100755
--- a/Configure
+++ b/Configure
@@ -769,7 +769,7 @@ my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
-my $no_rfc3779=1; # but "no-rfc3779" is default
+my $no_rfc3779=0;
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@@ -806,7 +806,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "jpake"          => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
-		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
 		 "ssl-trace"	  => "default",
@@ -819,7 +818,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 17bbb91..6e7850c 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -95,8 +95,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ret->ex_pathlen = -1;
         ret->skid = NULL;
         ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
         ret->rfc3779_addr = NULL;
         ret->rfc3779_asid = NULL;
+#endif
         ret->aux = NULL;
         ret->crldp = NULL;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -116,8 +118,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         policy_cache_free(ret->policy_cache);
         GENERAL_NAMES_free(ret->altname);
         NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
         sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
         ASIdentifiers_free(ret->rfc3779_asid);
+#endif
         OPENSSL_free(ret->name);
         break;
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index bc48b8a..6169db1 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (!ok)
         goto end;
 
+#ifndef OPENSSL_NO_RFC3779
     /* RFC 3779 path validation, now that CRL check has been done */
     ok = v3_asid_validate_path(ctx);
     if (!ok)
@@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     ok = v3_addr_validate_path(ctx);
     if (!ok)
         goto end;
+#endif
 
     /* If we get this far evaluate policies */
     if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index d43c86c..9c3529b 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -103,8 +103,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &v3_sxnet,
     &v3_info,
+#ifndef OPENSSL_NO_RFC3779
     &v3_addr,
     &v3_asid,
+#endif
 #ifndef OPENSSL_NO_OCSP
     &v3_ocsp_nonce,
     &v3_ocsp_crlid,
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 5c22c6d..c1c38a0 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -69,6 +69,7 @@
 #include <openssl/buffer.h>
 #include <openssl/x509v3.h>
 
+#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -1339,3 +1340,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_addr_validate_path_internal(NULL, chain, ext);
 }
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index f390c2d..d40279a 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -69,6 +69,7 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 
+#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -893,3 +894,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_asid_validate_path_internal(NULL, chain, ext);
 }
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index b03c323..61d9772 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex)
         NID_basic_constraints,  /* 87 */
         NID_certificate_policies, /* 89 */
         NID_ext_key_usage,      /* 126 */
+#ifndef OPENSSL_NO_RFC3779
         NID_sbgp_ipAddrBlock,   /* 290 */
         NID_sbgp_autonomousSysNum, /* 291 */
+#endif
         NID_policy_constraints, /* 401 */
         NID_proxyCertInfo,      /* 663 */
         NID_name_constraints,   /* 666 */
@@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x)
         x->ex_flags |= EXFLAG_INVALID;
     setup_crldp(x);
 
+#ifndef OPENSSL_NO_RFC3779
     x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
     x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
                                        NULL, NULL);
+#endif
     for (i = 0; i < X509_get_ext_count(x); i++) {
         ex = X509_get_ext(x, i);
         if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 708a695..02138cb 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -201,8 +201,10 @@ struct x509_st {
     STACK_OF(DIST_POINT) *crldp;
     STACK_OF(GENERAL_NAME) *altname;
     NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
     STACK_OF(IPAddressFamily) *rfc3779_addr;
     struct ASIdentifiers_st *rfc3779_asid;
+# endif
     unsigned char sha1_hash[SHA_DIGEST_LENGTH];
     X509_CERT_AUX *aux;
 } /* X509 */ ;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 19fcb39..280b9c1 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -756,6 +756,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
 
+#ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
     ASN1_INTEGER *min, *max;
 } ASRange;
@@ -898,6 +899,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
                                   IPAddrBlocks *ext, int allow_inheritance);
 
+#endif                         /* OPENSSL_NO_RFC3779 */
 /* BEGIN ERROR CODES */
 /*
  * The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/makevms.com b/makevms.com
index c1c3060..35c44ec 100755
--- a/makevms.com
+++ b/makevms.com
@@ -292,6 +292,7 @@ $ CONFIG_LOGICALS := AES,-
 		     RC2,-
 		     RC4,-
 		     RC5,-
+		     RFC3779,-
 		     RMD160,-
 		     RSA,-
 		     SCTP,-
diff --git a/util/libeay.num b/util/libeay.num
index fd8375d..d7d4049 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -3412,106 +3412,106 @@ EVP_camellia_256_cfb8                   3810	EXIST::FUNCTION:CAMELLIA
 EVP_camellia_256_ecb                    3811	EXIST::FUNCTION:CAMELLIA
 EVP_camellia_256_ofb                    3812	EXIST::FUNCTION:CAMELLIA
 a2i_ipadd                               3813	EXIST::FUNCTION:
-ASIdentifiers_free                      3814	EXIST::FUNCTION:
-i2d_ASIdOrRange                         3815	EXIST::FUNCTION:
+ASIdentifiers_free                      3814	EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3815	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_block_size                   3816	EXIST::FUNCTION:
-v3_asid_is_canonical                    3817	EXIST::FUNCTION:
-IPAddressChoice_free                    3818	EXIST::FUNCTION:
+v3_asid_is_canonical                    3817	EXIST::FUNCTION:RFC3779
+IPAddressChoice_free                    3818	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_set_app_data             3819	EXIST::FUNCTION:
 BIO_set_callback_arg                    3820	EXIST::FUNCTION:
-v3_addr_add_prefix                      3821	EXIST::FUNCTION:
-IPAddressOrRange_it                     3822	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressOrRange_it                     3822	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_add_prefix                      3821	EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it                     3822	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     3822	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 BIO_set_flags                           3823	EXIST::FUNCTION:
-ASIdentifiers_it                        3824	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifiers_it                        3824	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_addr_get_range                       3825	EXIST::FUNCTION:
+ASIdentifiers_it                        3824	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        3824	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range                       3825	EXIST::FUNCTION:RFC3779
 BIO_method_type                         3826	EXIST::FUNCTION:
-v3_addr_inherits                        3827	EXIST::FUNCTION:
-IPAddressChoice_it                      3828	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressChoice_it                      3828	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_inherits                        3827	EXIST::FUNCTION:RFC3779
+IPAddressChoice_it                      3828	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      3828	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 AES_ige_encrypt                         3829	EXIST::FUNCTION:AES
-v3_addr_add_range                       3830	EXIST::FUNCTION:
+v3_addr_add_range                       3830	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_nid                      3831	EXIST::FUNCTION:
-d2i_ASRange                             3832	EXIST::FUNCTION:
-v3_addr_add_inherit                     3833	EXIST::FUNCTION:
-v3_asid_add_id_or_range                 3834	EXIST::FUNCTION:
-v3_addr_validate_resource_set           3835	EXIST::FUNCTION:
+d2i_ASRange                             3832	EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit                     3833	EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range                 3834	EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set           3835	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_iv_length                    3836	EXIST::FUNCTION:
 EVP_MD_type                             3837	EXIST::FUNCTION:
-v3_asid_canonize                        3838	EXIST::FUNCTION:
-IPAddressRange_free                     3839	EXIST::FUNCTION:
-v3_asid_add_inherit                     3840	EXIST::FUNCTION:
+v3_asid_canonize                        3838	EXIST::FUNCTION:RFC3779
+IPAddressRange_free                     3839	EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit                     3840	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_key_length               3841	EXIST::FUNCTION:
-IPAddressRange_new                      3842	EXIST::FUNCTION:
-ASIdOrRange_new                         3843	EXIST::FUNCTION:
+IPAddressRange_new                      3842	EXIST::FUNCTION:RFC3779
+ASIdOrRange_new                         3843	EXIST::FUNCTION:RFC3779
 EVP_MD_size                             3844	EXIST::FUNCTION:
 EVP_MD_CTX_test_flags                   3845	EXIST::FUNCTION:
 BIO_clear_flags                         3846	EXIST::FUNCTION:
-i2d_ASRange                             3847	EXIST::FUNCTION:
-IPAddressRange_it                       3848	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressRange_it                       3848	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-IPAddressChoice_new                     3849	EXIST::FUNCTION:
-ASIdentifierChoice_new                  3850	EXIST::FUNCTION:
-ASRange_free                            3851	EXIST::FUNCTION:
+i2d_ASRange                             3847	EXIST::FUNCTION:RFC3779
+IPAddressRange_it                       3848	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       3848	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new                     3849	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new                  3850	EXIST::FUNCTION:RFC3779
+ASRange_free                            3851	EXIST::FUNCTION:RFC3779
 EVP_MD_pkey_type                        3852	EXIST::FUNCTION:
 EVP_MD_CTX_clear_flags                  3853	EXIST::FUNCTION:
-IPAddressFamily_free                    3854	EXIST::FUNCTION:
-i2d_IPAddressFamily                     3855	EXIST::FUNCTION:
-IPAddressOrRange_new                    3856	EXIST::FUNCTION:
+IPAddressFamily_free                    3854	EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily                     3855	EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new                    3856	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_flags                        3857	EXIST::FUNCTION:
-v3_asid_validate_resource_set           3858	EXIST::FUNCTION:
-d2i_IPAddressRange                      3859	EXIST::FUNCTION:
+v3_asid_validate_resource_set           3858	EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange                      3859	EXIST::FUNCTION:RFC3779
 AES_bi_ige_encrypt                      3860	EXIST::FUNCTION:AES
 BIO_get_callback                        3861	EXIST::FUNCTION:
-IPAddressOrRange_free                   3862	EXIST::FUNCTION:
-v3_addr_subset                          3863	EXIST::FUNCTION:
-d2i_IPAddressFamily                     3864	EXIST::FUNCTION:
-v3_asid_subset                          3865	EXIST::FUNCTION:
+IPAddressOrRange_free                   3862	EXIST::FUNCTION:RFC3779
+v3_addr_subset                          3863	EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily                     3864	EXIST::FUNCTION:RFC3779
+v3_asid_subset                          3865	EXIST::FUNCTION:RFC3779
 BIO_test_flags                          3866	EXIST::FUNCTION:
-i2d_ASIdentifierChoice                  3867	EXIST::FUNCTION:
-ASRange_it                              3868	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASRange_it                              3868	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASIdentifiers                       3869	EXIST::FUNCTION:
-ASRange_new                             3870	EXIST::FUNCTION:
-d2i_IPAddressChoice                     3871	EXIST::FUNCTION:
-v3_addr_get_afi                         3872	EXIST::FUNCTION:
+i2d_ASIdentifierChoice                  3867	EXIST::FUNCTION:RFC3779
+ASRange_it                              3868	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3868	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers                       3869	EXIST::FUNCTION:RFC3779
+ASRange_new                             3870	EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice                     3871	EXIST::FUNCTION:RFC3779
+v3_addr_get_afi                         3872	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_key_length                   3873	EXIST::FUNCTION:
 EVP_Cipher                              3874	EXIST::FUNCTION:
-i2d_IPAddressOrRange                    3875	EXIST::FUNCTION:
-ASIdOrRange_it                          3876	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdOrRange_it                          3876	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_IPAddressOrRange                    3875	EXIST::FUNCTION:RFC3779
+ASIdOrRange_it                          3876	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          3876	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 EVP_CIPHER_nid                          3877	EXIST::FUNCTION:
-i2d_IPAddressChoice                     3878	EXIST::FUNCTION:
+i2d_IPAddressChoice                     3878	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_block_size               3879	EXIST::FUNCTION:
-ASIdentifiers_new                       3880	EXIST::FUNCTION:
-v3_addr_validate_path                   3881	EXIST::FUNCTION:
-IPAddressFamily_new                     3882	EXIST::FUNCTION:
+ASIdentifiers_new                       3880	EXIST::FUNCTION:RFC3779
+v3_addr_validate_path                   3881	EXIST::FUNCTION:RFC3779
+IPAddressFamily_new                     3882	EXIST::FUNCTION:RFC3779
 EVP_MD_CTX_set_flags                    3883	EXIST::FUNCTION:
-v3_addr_is_canonical                    3884	EXIST::FUNCTION:
-i2d_IPAddressRange                      3885	EXIST::FUNCTION:
-IPAddressFamily_it                      3886	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressFamily_it                      3886	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_asid_inherits                        3887	EXIST::FUNCTION:
+v3_addr_is_canonical                    3884	EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange                      3885	EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      3886	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      3886	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits                        3887	EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_cipher                   3888	EXIST::FUNCTION:
 EVP_CIPHER_CTX_get_app_data             3889	EXIST::FUNCTION:
 EVP_MD_block_size                       3890	EXIST::FUNCTION:
 EVP_CIPHER_CTX_flags                    3891	EXIST::FUNCTION:
-v3_asid_validate_path                   3892	EXIST::FUNCTION:
-d2i_IPAddressOrRange                    3893	EXIST::FUNCTION:
-v3_addr_canonize                        3894	EXIST::FUNCTION:
-ASIdentifierChoice_it                   3895	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifierChoice_it                   3895	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_asid_validate_path                   3892	EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange                    3893	EXIST::FUNCTION:RFC3779
+v3_addr_canonize                        3894	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it                   3895	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   3895	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 EVP_MD_CTX_md                           3896	EXIST::FUNCTION:
-d2i_ASIdentifierChoice                  3897	EXIST::FUNCTION:
+d2i_ASIdentifierChoice                  3897	EXIST::FUNCTION:RFC3779
 BIO_method_name                         3898	EXIST::FUNCTION:
 EVP_CIPHER_CTX_iv_length                3899	EXIST::FUNCTION:
-ASIdOrRange_free                        3900	EXIST::FUNCTION:
-ASIdentifierChoice_free                 3901	EXIST::FUNCTION:
+ASIdOrRange_free                        3900	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free                 3901	EXIST::FUNCTION:RFC3779
 BIO_get_callback_arg                    3902	EXIST::FUNCTION:
 BIO_set_callback                        3903	EXIST::FUNCTION:
-d2i_ASIdOrRange                         3904	EXIST::FUNCTION:
-i2d_ASIdentifiers                       3905	EXIST::FUNCTION:
+d2i_ASIdOrRange                         3904	EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers                       3905	EXIST::FUNCTION:RFC3779
 CRYPTO_memcmp                           3906	EXIST::FUNCTION:
 BN_consttime_swap                       3907	EXIST::FUNCTION:
 SEED_decrypt                            3908	EXIST::FUNCTION:SEED
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b21d03b..26fa209 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "FP_API", "STDIO", "SOCK", "DGRAM",
 			 # Engines
 			 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+			 # RFC3779
+			 "RFC3779",
 			 # TLS
 			 "PSK", "SRP", "HEARTBEATS",
 			 # CMS
@@ -124,7 +126,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_psk; my $no_cms; my $no_capieng;
+my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-engine$/)	{ $no_engine=1; }
 	elsif (/^no-hw$/)	{ $no_hw=1; }
 	elsif (/^no-gmp$/)	{ $no_gmp=1; }
+	elsif (/^no-rfc3779$/)	{ $no_rfc3779=1; }
 	elsif (/^no-cms$/)	{ $no_cms=1; }
 	elsif (/^no-ec2m$/)	{ $no_ec2m=1; }
  	elsif (/^no-ec-nistp224-64-gcc-128$/)	{ $no_nistp_gcc=1; }
@@ -1197,6 +1200,7 @@ sub is_valid
 			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
 			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
 			if ($keyword eq "GMP" && $no_gmp) { return 0; }
+			if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
 			if ($keyword eq "PSK" && $no_psk) { return 0; }
 			if ($keyword eq "CMS" && $no_cms) { return 0; }
 			if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)


More information about the openssl-commits mailing list