[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Thu Feb 8 11:46:51 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  65de3f1657d8a3bdb7c48063931a3c619817c921 (commit)
       via  d8ba72c9f7e397942aabe1a0a3ad7019e774884a (commit)
      from  db5ec96acd4e65bca886f2ef09316a7fb0aa8cac (commit)


- Log -----------------------------------------------------------------
commit 65de3f1657d8a3bdb7c48063931a3c619817c921
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Feb 8 12:31:05 2018 +0100

    util/mkdef.pl: use better array in search of 'DEPRECATEDIN_'
    
    %disabled_algorithms isn't necessarily initialised with the "algos"
    'DEPRECATEDIN_1_1_0' etc.  However, we know that @known_algorithms has
    them all, so use that to find them instead.
    
    Fixes #5157
    (where this was reported)
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5282)
    
    (cherry picked from commit b53fdad0e4350ba49812c50305686ee5a6239111)

commit d8ba72c9f7e397942aabe1a0a3ad7019e774884a
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Jan 24 14:17:39 2018 +0100

    util/mkdef.pl: Trust configdata.pm
    
    This script kept its own database of disablable algorithms, which is a
    maintenance problem, as it's not always perfectly in sync with what
    Configure does.  However, we do have all the data in configdata.pm,
    produced by Configure, so let's use that instead.
    
    Also, make sure to parse the *err.h header files, as they contain
    function declarations that might not be present elsewhere.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5157)
    
    (cherry picked from commit 54f3b7d2f5a313e5c702f75ee030f8a08e6bf6aa)

-----------------------------------------------------------------------

Summary of changes:
 util/mkdef.pl | 73 ++++++++++-------------------------------------------------
 1 file changed, 12 insertions(+), 61 deletions(-)

diff --git a/util/mkdef.pl b/util/mkdef.pl
index 3067fbe..3775b70 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -133,71 +133,22 @@ my @known_platforms = ( "__FreeBSD__", "PERL5",
 			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
 			);
 my @known_ossl_platforms = ( "UNIX", "VMS", "WIN32", "WINNT", "OS2" );
-my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
-			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
-			 "SHA256", "SHA512", "RMD160",
-			 "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "EC2M",
-			 "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
-                         "SCRYPT", "CHACHA", "POLY1305", "BLAKE2",
-			 # EC_NISTP_64_GCC_128
-			 "EC_NISTP_64_GCC_128",
-			 # Envelope "algorithms"
-			 "EVP", "X509", "ASN1_TYPEDEFS",
-			 # Helper "algorithms"
-			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
-			 "LOCKING",
-			 # External "algorithms"
-			 "FP_API", "STDIO", "SOCK", "DGRAM",
-                         "CRYPTO_MDEBUG",
-			 # Engines
-                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-			 # Entropy Gathering
-			 "EGD",
-			 # Certificate Transparency
-			 "CT",
-			 # RFC3779
-			 "RFC3779",
-			 # TLS
-			 "PSK", "SRP", "HEARTBEATS",
-			 # CMS
-			 "CMS",
-                         "OCSP",
-			 # CryptoAPI Engine
-			 "CAPIENG",
-			 # SSL methods
-			 "SSL3_METHOD", "TLS1_METHOD", "TLS1_1_METHOD", "TLS1_2_METHOD", "DTLS1_METHOD", "DTLS1_2_METHOD",
-			 # NEXTPROTONEG
-			 "NEXTPROTONEG",
-			 # Deprecated functions
+my @known_algorithms = ( # These are algorithms we know are guarded in relevant
+			 # header files, but aren't actually disablable.
+			 # Without these, this script will warn a lot.
+			 "RSA", "MD5",
+			 # @disablables comes from configdata.pm
+			 map { (my $x = uc $_) =~ s|-|_|g; $x; } @disablables,
+			 # Deprecated functions.  Not really algorithmss, but
+			 # treated as such here for the sake of simplicity
 			 "DEPRECATEDIN_0_9_8",
 			 "DEPRECATEDIN_1_0_0",
 			 "DEPRECATEDIN_1_1_0",
-			 # SCTP
-		 	 "SCTP",
-			 # SRTP
-			 "SRTP",
-			 # SSL TRACE
-		 	 "SSL_TRACE",
-			 # Unit testing
-		 	 "UNIT_TEST",
-			 # User Interface
-			 "UI",
-			 #
-			 "TS",
-			 # OCB mode
-			 "OCB",
-			 "CMAC",
-                         # APPLINK (win build feature?)
-                         "APPLINK"
                      );
 
-my %disabled_algorithms;
-
-foreach (@known_algorithms) {
-    $disabled_algorithms{$_} = 0;
-}
-# disabled by default
-$disabled_algorithms{"STATIC_ENGINE"} = 1;
+# %disabled comes from configdata.pm
+my %disabled_algorithms =
+    map { (my $x = uc $_) =~ s|-|_|g; $x => 1; } keys %disabled;
 
 my $zlib;
 
@@ -239,7 +190,7 @@ foreach (@ARGV, split(/ /, $config{options}))
 	$do_checkexist=1 if $_ eq "exist";
 	if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
 		my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
-		foreach (keys %disabled_algorithms) {
+		foreach (@known_algorithms) {
 			if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
 				my $depv = sprintf "%x%02x%02x", $1, $2, $3;
 				$disabled_algorithms{$_} = 1 if $apiv ge $depv;

More information about the openssl-commits mailing list