From c73ad690174171b63a53dabdb2f2d9ebfd30053a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 27 Jan 2015 10:19:14 -0500 Subject: [PATCH] OPENSSL_NO_xxx cleanup: RFC3779 Remove OPENSSL_NO_RFCF3779. Also, makevms.com was ignored by some of the other cleanups, so I caught it up. Sorry I ignored you, poor little VMS... Reviewed-by: Richard Levitte --- crypto/asn1/x_x509.c | 4 ---- crypto/x509/x509.h | 2 -- crypto/x509/x509_vfy.c | 2 -- crypto/x509v3/ext_dat.h | 2 -- crypto/x509v3/v3_addr.c | 11 ++++------- crypto/x509v3/v3_asid.c | 7 ++----- crypto/x509v3/v3_purp.c | 4 ---- crypto/x509v3/x509v3.h | 28 ++++++++++++---------------- makevms.com | 7 +------ util/mkdef.pl | 6 +----- 10 files changed, 20 insertions(+), 53 deletions(-) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index cd838e01c..f487dbbc3 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->ex_pathlen = -1; ret->skid = NULL; ret->akid = NULL; -#ifndef OPENSSL_NO_RFC3779 ret->rfc3779_addr = NULL; ret->rfc3779_asid = NULL; -#endif ret->aux = NULL; ret->crldp = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); @@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, policy_cache_free(ret->policy_cache); GENERAL_NAMES_free(ret->altname); NAME_CONSTRAINTS_free(ret->nc); -#ifndef OPENSSL_NO_RFC3779 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); -#endif if (ret->name != NULL) OPENSSL_free(ret->name); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 5b25de036..13f7531c2 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -278,10 +278,8 @@ struct x509_st { STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -# ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; -# endif # ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; # endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8e639c829..31bb95b68 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; -#ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); if (!ok) @@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = v3_addr_validate_path(ctx); if (!ok) goto end; -#endif /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index c3a6fce75..4e0fe92ff 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sxnet, &v3_info, -#ifndef OPENSSL_NO_RFC3779 &v3_addr, &v3_asid, -#endif #ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 94cfed050..1635421c5 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -69,7 +69,6 @@ #include #include -#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. @@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) /* * How much buffer space do we need for a raw address? */ -# define ADDR_RAW_BUF_LEN 16 +#define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr, /* * Extract the prefix length from a bitstring. */ -# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). @@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_addr_validate_path_internal(NULL, chain, ext); } - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 68a5f6836..34469eb7b 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -69,7 +69,6 @@ #include #include -#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 3.2.3. @@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). @@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_asid_validate_path_internal(NULL, chain, ext); } - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 36b0d87a0..dfc8c5b8e 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ -#ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ -#endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ @@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; setup_crldp(x); -#ifndef OPENSSL_NO_RFC3779 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, NULL, NULL); -#endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index a0c7e1a90..a99d71bdc 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) -# ifndef OPENSSL_NO_RFC3779 - typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { int type; @@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st { typedef STACK_OF(ASIdOrRange) ASIdOrRanges; DECLARE_STACK_OF(ASIdOrRange) -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { int type; @@ -802,8 +800,8 @@ typedef struct IPAddressRange_st { ASN1_BIT_STRING *min, *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { int type; @@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st { typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; DECLARE_STACK_OF(IPAddressOrRange) -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { int type; @@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 /* * Utilities to construct and extract values from RFC3779 extensions, @@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); -# endif /* OPENSSL_NO_RFC3779 */ - /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/makevms.com b/makevms.com index 82aa4ceea..47053462f 100755 --- a/makevms.com +++ b/makevms.com @@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order $ CONFIG_LOGICALS := AES,- ASM,INLINE_ASM,- BF,- - BIO,- - BUFFER,- - BUF_FREELISTS,- CAMELLIA,- CAST,- CMS,- @@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,- RC2,- RC4,- RC5,- - RFC3779,- RIPEMD,- RSA,- SEED,- @@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,- STDIO,- STORE,- TLSEXT,- - WHIRLPOOL,- - X509 + WHIRLPOOL $! Add a few that we know about $ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- THREADS diff --git a/util/mkdef.pl b/util/mkdef.pl index e5063b028..a6f64e3fc 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", - # RFC3779 - "RFC3779", # TLS "TLSEXT", "PSK", "SRP", "HEARTBEATS", # CMS @@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; @@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } - elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } @@ -1209,7 +1206,6 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } - if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; }