RT3992: Make SCT #ifdeffable.

This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.

In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 9c3529b1ce6309c615105a150c5b72b060b7b339..76be62103d693af1df48d06c7c496d26e208a0a6 100644 (file)
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &v3_idp,
     &v3_alt[2],
     &v3_freshest_crl,
+#ifndef OPENSSL_NO_SCT
     &v3_ct_scts[0],
     &v3_ct_scts[1],
+#endif
 };
 
 /* Number of standard extensions */

diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 61e5a83b68f0c1ec923f2288b041967b33554a4f..0ffdfb84b52addf7e45383df8c7d224eff83c7b8 100644 (file)
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 
+#ifndef OPENSSL_NO_SCT
 /* Signature and hash algorithms from RFC 5246 */
 #define TLSEXT_hash_sha256                              4
 
@@ -321,3 +322,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
 
     return 1;
 }
+#endif

diff --git a/makevms.com b/makevms.com
index 4b9a3d7b51cde8003a12cf42082f074949e398ab..2888ee2cd9bb70058342342b6a5f34a6c51c7098 100755 (executable)
--- a/makevms.com
+++ b/makevms.com
@@ -295,6 +295,7 @@ $ CONFIG_LOGICALS := AES,-
                     RFC3779,-
                     RMD160,-
                     RSA,-
+                    SCT,-
                      SCRYPT,-
                     SCTP,-
                     SEED,-

diff --git a/util/mkdef.pl b/util/mkdef.pl
index c07a3c6ba0910f5f0681ab21b1095c1007982244..d20bac6e840e266e77d26d8d108651e9231d3391 100755 (executable)
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -80,7 +80,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         # External "algorithms"
                         "FP_API", "STDIO", "SOCK", "DGRAM",
                         # Engines
-                        "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+                         # X.509v3 Signed Certificate Timestamps
+                         "SCT",
                         # RFC3779
                         "RFC3779",
                         # TLS
@@ -127,7 +129,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_scrypt;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
+my $no_sct; my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -217,6 +219,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-engine$/)   { $no_engine=1; }
        elsif (/^no-hw$/)       { $no_hw=1; }
        elsif (/^no-gmp$/)      { $no_gmp=1; }
+       elsif (/^no-sct$/)      { $no_sct=1; }
        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
        elsif (/^no-ec2m$/)     { $no_ec2m=1; }
@@ -1203,6 +1206,7 @@ sub is_valid
                        if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
                        if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
+                       if ($keyword eq "SCT" && $no_sct) { return 0; }
                        if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }