generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revert "OPENSSL_NO_xxx cleanup: RFC3779"

Browse Source 
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
David Woodhouse 2015-07-23 17:30:06 +01:00 committed by Rich Salz
parent 64b25758ed
commit 47bbaa5b60
12 changed files with 97 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Configure
View File

@ -769,7 +769,7 @@ my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
my $no_rfc3779=1; # but "no-rfc3779" is default
my $no_rfc3779=0;
my $no_asm=0;
my $no_dso=0;
my $no_gmp=0;
@ -806,7 +806,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
"sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
@ -819,7 +818,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).

4
crypto/asn1/x_x509.c
View File

@ -95,8 +95,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@ -116,8 +118,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
OPENSSL_free(ret->name);
break;

2
crypto/x509/x509_vfy.c
View File

@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok)
goto end;
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))

2
crypto/x509v3/ext_dat.h
View File

@ -103,8 +103,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,

3
crypto/x509v3/v3_addr.c
View File

@ -69,6 +69,7 @@
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@ -1339,3 +1340,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
#endif /* OPENSSL_NO_RFC3779 */

3
crypto/x509v3/v3_asid.c
View File

@ -69,6 +69,7 @@
#include <openssl/x509.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@ -893,3 +894,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
#endif /* OPENSSL_NO_RFC3779 */

4
crypto/x509v3/v3_purp.c
View File

@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))

2
include/openssl/x509.h
View File

@ -201,8 +201,10 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
# endif
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
X509_CERT_AUX *aux;
} /* X509 */ ;

2
include/openssl/x509v3.h
View File

@ -756,6 +756,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
#ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
@ -898,6 +899,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
#endif /* OPENSSL_NO_RFC3779 */
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

1
makevms.com
View File

@ -292,6 +292,7 @@ $ CONFIG_LOGICALS := AES,-
RC2,-
RC4,-
RC5,-
RFC3779,-
RMD160,-
RSA,-
SCTP,-

134
util/libeay.num
View File

@ -3412,106 +3412,106 @@ EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
a2i_ipadd 3813 EXIST::FUNCTION:
ASIdentifiers_free 3814 EXIST::FUNCTION:
i2d_ASIdOrRange 3815 EXIST::FUNCTION:
ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
v3_asid_is_canonical 3817 EXIST::FUNCTION:
IPAddressChoice_free 3818 EXIST::FUNCTION:
v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
BIO_set_callback_arg 3820 EXIST::FUNCTION:
v3_addr_add_prefix 3821 EXIST::FUNCTION:
IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
BIO_set_flags 3823 EXIST::FUNCTION:
ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
v3_addr_get_range 3825 EXIST::FUNCTION:
ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
BIO_method_type 3826 EXIST::FUNCTION:
v3_addr_inherits 3827 EXIST::FUNCTION:
IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
AES_ige_encrypt 3829 EXIST::FUNCTION:AES
v3_addr_add_range 3830 EXIST::FUNCTION:
v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
d2i_ASRange 3832 EXIST::FUNCTION:
v3_addr_add_inherit 3833 EXIST::FUNCTION:
v3_asid_add_id_or_range 3834 EXIST::FUNCTION:
v3_addr_validate_resource_set 3835 EXIST::FUNCTION:
d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
EVP_MD_type 3837 EXIST::FUNCTION:
v3_asid_canonize 3838 EXIST::FUNCTION:
IPAddressRange_free 3839 EXIST::FUNCTION:
v3_asid_add_inherit 3840 EXIST::FUNCTION:
v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
IPAddressRange_new 3842 EXIST::FUNCTION:
ASIdOrRange_new 3843 EXIST::FUNCTION:
IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
EVP_MD_size 3844 EXIST::FUNCTION:
EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
BIO_clear_flags 3846 EXIST::FUNCTION:
i2d_ASRange 3847 EXIST::FUNCTION:
IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
IPAddressChoice_new 3849 EXIST::FUNCTION:
ASIdentifierChoice_new 3850 EXIST::FUNCTION:
ASRange_free 3851 EXIST::FUNCTION:
i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
ASRange_free 3851 EXIST::FUNCTION:RFC3779
EVP_MD_pkey_type 3852 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
IPAddressFamily_free 3854 EXIST::FUNCTION:
i2d_IPAddressFamily 3855 EXIST::FUNCTION:
IPAddressOrRange_new 3856 EXIST::FUNCTION:
IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
EVP_CIPHER_flags 3857 EXIST::FUNCTION:
v3_asid_validate_resource_set 3858 EXIST::FUNCTION:
d2i_IPAddressRange 3859 EXIST::FUNCTION:
v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
BIO_get_callback 3861 EXIST::FUNCTION:
IPAddressOrRange_free 3862 EXIST::FUNCTION:
v3_addr_subset 3863 EXIST::FUNCTION:
d2i_IPAddressFamily 3864 EXIST::FUNCTION:
v3_asid_subset 3865 EXIST::FUNCTION:
IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
BIO_test_flags 3866 EXIST::FUNCTION:
i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:
ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_ASIdentifiers 3869 EXIST::FUNCTION:
ASRange_new 3870 EXIST::FUNCTION:
d2i_IPAddressChoice 3871 EXIST::FUNCTION:
v3_addr_get_afi 3872 EXIST::FUNCTION:
i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
ASRange_new 3870 EXIST::FUNCTION:RFC3779
d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
EVP_Cipher 3874 EXIST::FUNCTION:
i2d_IPAddressOrRange 3875 EXIST::FUNCTION:
ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
EVP_CIPHER_nid 3877 EXIST::FUNCTION:
i2d_IPAddressChoice 3878 EXIST::FUNCTION:
i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
ASIdentifiers_new 3880 EXIST::FUNCTION:
v3_addr_validate_path 3881 EXIST::FUNCTION:
IPAddressFamily_new 3882 EXIST::FUNCTION:
ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
v3_addr_is_canonical 3884 EXIST::FUNCTION:
i2d_IPAddressRange 3885 EXIST::FUNCTION:
IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
v3_asid_inherits 3887 EXIST::FUNCTION:
v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
EVP_MD_block_size 3890 EXIST::FUNCTION:
EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
v3_asid_validate_path 3892 EXIST::FUNCTION:
d2i_IPAddressOrRange 3893 EXIST::FUNCTION:
v3_addr_canonize 3894 EXIST::FUNCTION:
ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
EVP_MD_CTX_md 3896 EXIST::FUNCTION:
d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:
d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
BIO_method_name 3898 EXIST::FUNCTION:
EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
ASIdOrRange_free 3900 EXIST::FUNCTION:
ASIdentifierChoice_free 3901 EXIST::FUNCTION:
ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
BIO_get_callback_arg 3902 EXIST::FUNCTION:
BIO_set_callback 3903 EXIST::FUNCTION:
d2i_ASIdOrRange 3904 EXIST::FUNCTION:
i2d_ASIdentifiers 3905 EXIST::FUNCTION:
d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
CRYPTO_memcmp 3906 EXIST::FUNCTION:
BN_consttime_swap 3907 EXIST::FUNCTION:
SEED_decrypt 3908 EXIST::FUNCTION:SEED

6
util/mkdef.pl
View File

@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
# RFC3779
"RFC3779",
# TLS
"PSK", "SRP", "HEARTBEATS",
# CMS
@ -124,7 +126,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_psk; my $no_cms; my $no_capieng;
my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; }
@ -1197,6 +1200,7 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)