[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Sep 9 22:28:31 UTC 2015
The branch master has been updated
via 05d7bf6c5b729b88992b5474c21a24aa542f6e75 (commit)
from 84d90cf335209e6c1dcb5124d2ddf14ea617212f (commit)
- Log -----------------------------------------------------------------
commit 05d7bf6c5b729b88992b5474c21a24aa542f6e75
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Wed Sep 9 15:29:44 2015 -0400
RT3992: Make SCT #ifdeffable.
This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.
In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.
Signed-off-by: Rich Salz <rsalz at akamai.com>
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509v3/ext_dat.h | 2 ++
crypto/x509v3/v3_scts.c | 2 ++
makevms.com | 1 +
util/mkdef.pl | 8 ++++++--
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 9c3529b..76be621 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_idp,
&v3_alt[2],
&v3_freshest_crl,
+#ifndef OPENSSL_NO_SCT
&v3_ct_scts[0],
&v3_ct_scts[1],
+#endif
};
/* Number of standard extensions */
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 61e5a83..0ffdfb8 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -61,6 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_SCT
/* Signature and hash algorithms from RFC 5246 */
#define TLSEXT_hash_sha256 4
@@ -321,3 +322,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
return 1;
}
+#endif
diff --git a/makevms.com b/makevms.com
index 4b9a3d7..2888ee2 100755
--- a/makevms.com
+++ b/makevms.com
@@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,-
RFC3779,-
RMD160,-
RSA,-
+ SCT,-
SCRYPT,-
SCTP,-
SEED,-
diff --git a/util/mkdef.pl b/util/mkdef.pl
index c07a3c6..d20bac6 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -80,7 +80,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
# External "algorithms"
"FP_API", "STDIO", "SOCK", "DGRAM",
# Engines
- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+ "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+ # X.509v3 Signed Certificate Timestamps
+ "SCT",
# RFC3779
"RFC3779",
# TLS
@@ -127,7 +129,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_scrypt;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
+my $no_sct; my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -217,6 +219,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
+ elsif (/^no-sct$/) { $no_sct=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
@@ -1203,6 +1206,7 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
+ if ($keyword eq "SCT" && $no_sct) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
More information about the openssl-commits
mailing list