generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OPENSSL_NO_xxx cleanup: RFC3779

Browse Source 
Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up.  Sorry I ignored you, poor little VMS...

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2015-01-27 10:19:14 -05:00
parent a00ae6c46e
commit c73ad69017
10 changed files with 20 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/asn1/x_x509.c
View File

@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ret->ex_pathlen = -1; ret->ex_pathlen = -1;
ret->skid = NULL; ret->skid = NULL;
ret->akid = NULL; ret->akid = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL; ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL; ret->rfc3779_asid = NULL;
#endif
ret->aux = NULL; ret->aux = NULL;
ret->crldp = NULL; ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
policy_cache_free(ret->policy_cache); policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname); GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc); NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid); ASIdentifiers_free(ret->rfc3779_asid);
#endif
if (ret->name != NULL) if (ret->name != NULL)
OPENSSL_free(ret->name); OPENSSL_free(ret->name);

2
crypto/x509/x509.h
View File

@ -278,10 +278,8 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp; STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname; STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc; NAME_CONSTRAINTS *nc;
# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr; STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid; struct ASIdentifiers_st *rfc3779_asid;
# endif
# ifndef OPENSSL_NO_SHA # ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH]; unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif # endif

2
crypto/x509/x509_vfy.c
View File

@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok) if (!ok)
goto end; goto end;
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */ /* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx); ok = v3_asid_validate_path(ctx);
if (!ok) if (!ok)
@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx); ok = v3_addr_validate_path(ctx);
if (!ok) if (!ok)
goto end; goto end;
#endif
/* If we get this far evaluate policies */ /* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))

2
crypto/x509v3/ext_dat.h
View File

@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif #endif
&v3_sxnet, &v3_sxnet,
&v3_info, &v3_info,
#ifndef OPENSSL_NO_RFC3779
&v3_addr, &v3_addr,
&v3_asid, &v3_asid,
#endif
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce, &v3_ocsp_nonce,
&v3_ocsp_crlid, &v3_ocsp_crlid,

11
crypto/x509v3/v3_addr.c
View File

@ -69,7 +69,6 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#ifndef OPENSSL_NO_RFC3779
/* /*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3. * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
/* /*
* How much buffer space do we need for a raw address? * How much buffer space do we need for a raw address?
*/ */
# define ADDR_RAW_BUF_LEN 16 #define ADDR_RAW_BUF_LEN 16
/* /*
* What's the address length associated with this AFI? * What's the address length associated with this AFI?
@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr,
/* /*
* Extract the prefix length from a bitstring. * Extract the prefix length from a bitstring.
*/ */
# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) #define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
/* /*
* i2r handler for one address bitstring. * i2r handler for one address bitstring.
@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/* /*
* Validation error handling via callback. * Validation error handling via callback.
*/ */
# define validation_err(_err_) \ #define validation_err(_err_) \
do { \ do { \
if (ctx != NULL) { \ if (ctx != NULL) { \
ctx->error = _err_; \ ctx->error = _err_; \
@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
return ret; return ret;
} }
# undef validation_err #undef validation_err
/* /*
* RFC 3779 2.3 path validation -- called from X509_verify_cert(). * RFC 3779 2.3 path validation -- called from X509_verify_cert().
@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0; return 0;
return v3_addr_validate_path_internal(NULL, chain, ext); return v3_addr_validate_path_internal(NULL, chain, ext);
} }
#endif /* OPENSSL_NO_RFC3779 */

7
crypto/x509v3/v3_asid.c
View File

@ -69,7 +69,6 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#ifndef OPENSSL_NO_RFC3779
/* /*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3. * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
/* /*
* Validation error handling via callback. * Validation error handling via callback.
*/ */
# define validation_err(_err_) \ #define validation_err(_err_) \
do { \ do { \
if (ctx != NULL) { \ if (ctx != NULL) { \
ctx->error = _err_; \ ctx->error = _err_; \
@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
return ret; return ret;
} }
# undef validation_err #undef validation_err
/* /*
* RFC 3779 3.3 path validation -- called from X509_verify_cert(). * RFC 3779 3.3 path validation -- called from X509_verify_cert().
@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0; return 0;
return v3_asid_validate_path_internal(NULL, chain, ext); return v3_asid_validate_path_internal(NULL, chain, ext);
} }
#endif /* OPENSSL_NO_RFC3779 */

4
crypto/x509v3/v3_purp.c
View File

@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */ NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */ NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */ NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */ NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */ NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */ NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */ NID_name_constraints, /* 666 */
@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x); setup_crldp(x);
#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL); NULL, NULL);
#endif
for (i = 0; i < X509_get_ext_count(x); i++) { for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i); ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))

28
crypto/x509v3/x509v3.h
View File

@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE) DECLARE_STACK_OF(X509_POLICY_NODE)
# ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st { typedef struct ASRange_st {
ASN1_INTEGER *min, *max; ASN1_INTEGER *min, *max;
} ASRange; } ASRange;
# define ASIdOrRange_id 0 # define ASIdOrRange_id 0
# define ASIdOrRange_range 1 # define ASIdOrRange_range 1
typedef struct ASIdOrRange_st { typedef struct ASIdOrRange_st {
int type; int type;
@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st {
typedef STACK_OF(ASIdOrRange) ASIdOrRanges; typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange) DECLARE_STACK_OF(ASIdOrRange)
# define ASIdentifierChoice_inherit 0 # define ASIdentifierChoice_inherit 0
# define ASIdentifierChoice_asIdsOrRanges 1 # define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st { typedef struct ASIdentifierChoice_st {
int type; int type;
@ -802,8 +800,8 @@ typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min, *max; ASN1_BIT_STRING *min, *max;
} IPAddressRange; } IPAddressRange;
# define IPAddressOrRange_addressPrefix 0 # define IPAddressOrRange_addressPrefix 0
# define IPAddressOrRange_addressRange 1 # define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st { typedef struct IPAddressOrRange_st {
int type; int type;
@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st {
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange) DECLARE_STACK_OF(IPAddressOrRange)
# define IPAddressChoice_inherit 0 # define IPAddressChoice_inherit 0
# define IPAddressChoice_addressesOrRanges 1 # define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st { typedef struct IPAddressChoice_st {
int type; int type;
@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
/* /*
* API tag for elements of the ASIdentifer SEQUENCE. * API tag for elements of the ASIdentifer SEQUENCE.
*/ */
# define V3_ASID_ASNUM 0 # define V3_ASID_ASNUM 0
# define V3_ASID_RDI 1 # define V3_ASID_RDI 1
/* /*
* AFI values, assigned by IANA. It'd be nice to make the AFI * AFI values, assigned by IANA. It'd be nice to make the AFI
@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
* that would need to be defined for other address families for it to * that would need to be defined for other address families for it to
* be worth the trouble. * be worth the trouble.
*/ */
# define IANA_AFI_IPV4 1 # define IANA_AFI_IPV4 1
# define IANA_AFI_IPV6 2 # define IANA_AFI_IPV6 2
/* /*
* Utilities to construct and extract values from RFC3779 extensions, * Utilities to construct and extract values from RFC3779 extensions,
@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain, int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance); IPAddrBlocks *ext, int allow_inheritance);
# endif /* OPENSSL_NO_RFC3779 */
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* /*
* The following lines are auto generated by the script mkerr.pl. Any changes * The following lines are auto generated by the script mkerr.pl. Any changes

7
makevms.com
View File

@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order
$ CONFIG_LOGICALS := AES,- $ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,- ASM,INLINE_ASM,-
BF,- BF,-
BIO,-
BUFFER,-
BUF_FREELISTS,-
CAMELLIA,- CAMELLIA,-
CAST,- CAST,-
CMS,- CMS,-
@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,-
RC2,- RC2,-
RC4,- RC4,-
RC5,- RC5,-
RFC3779,-
RIPEMD,- RIPEMD,-
RSA,- RSA,-
SEED,- SEED,-
@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,-
STDIO,- STDIO,-
STORE,- STORE,-
TLSEXT,- TLSEXT,-
WHIRLPOOL,- WHIRLPOOL
X509
$! Add a few that we know about $! Add a few that we know about
$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- $ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
THREADS THREADS

6
util/mkdef.pl
View File

@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
# Engines # Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP", "STATIC_ENGINE", "ENGINE", "HW", "GMP",
# RFC3779
"RFC3779",
# TLS # TLS
"TLSEXT", "PSK", "SRP", "HEARTBEATS", "TLSEXT", "PSK", "SRP", "HEARTBEATS",
# CMS # CMS
@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method; my $no_unit_test; my $no_ssl3_method;
@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; } elsif (/^no-gmp$/) { $no_gmp=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; }
@ -1209,7 +1206,6 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; }