diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2015-09-09 15:29:44 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-09-09 18:28:13 -0400 |
| commit | 05d7bf6c5b729b88992b5474c21a24aa542f6e75 (patch) | |
| tree | 72ea65c85ab1fedadc2474905175e8da9b559eef | |
| parent | 84d90cf335209e6c1dcb5124d2ddf14ea617212f (diff) | |
RT3992: Make SCT #ifdeffable.
This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.
In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
| -rw-r--r-- | crypto/x509v3/ext_dat.h | 2 | ||||
| -rw-r--r-- | crypto/x509v3/v3_scts.c | 2 | ||||
| -rwxr-xr-x | makevms.com | 1 | ||||
| -rwxr-xr-x | util/mkdef.pl | 8 |
4 files changed, 11 insertions, 2 deletions
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 9c3529b1ce..76be62103d 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_SCT &v3_ct_scts[0], &v3_ct_scts[1], +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 61e5a83b68..0ffdfb84b5 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -61,6 +61,7 @@ #include <openssl/asn1.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_SCT /* Signature and hash algorithms from RFC 5246 */ #define TLSEXT_hash_sha256 4 @@ -321,3 +322,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, return 1; } +#endif diff --git a/makevms.com b/makevms.com index 4b9a3d7b51..2888ee2cd9 100755 --- a/makevms.com +++ b/makevms.com @@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,- RFC3779,- RMD160,- RSA,- + SCT,- SCRYPT,- SCTP,- SEED,- diff --git a/util/mkdef.pl b/util/mkdef.pl index c07a3c6ba0..d20bac6e84 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -80,7 +80,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "DGRAM", # Engines - "STATIC_ENGINE", "ENGINE", "HW", "GMP", + "STATIC_ENGINE", "ENGINE", "HW", "GMP", + # X.509v3 Signed Certificate Timestamps + "SCT", # RFC3779 "RFC3779", # TLS @@ -127,7 +129,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_scrypt; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng; +my $no_sct; my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; @@ -217,6 +219,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } + elsif (/^no-sct$/) { $no_sct=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } @@ -1203,6 +1206,7 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } + if ($keyword eq "SCT" && $no_sct) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } |