From 0eb65947ecf5d357f540f9900a1affa3fd9e5ca8 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 24 Dec 2021 13:58:15 +0000 Subject: Undo commenting of OPENSSL_NO_RFC3779 The define implies that we have the RFC 3779 API and corresponding symbols publicly exposed. We don't do that since there are still concerns about its suitability and security. oss-fuzz has code depending on this define and this broke its build as tracked down by jsing. This commit gets us oss-fuzz builds back while keeping job happy since the extension pretty printing will continue to work. ok jsing --- src/lib/libcrypto/opensslfeatures.h | 4 +++- src/lib/libcrypto/x509/x509v3.h | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h index b6b1904003..fa23bcc715 100644 --- a/src/lib/libcrypto/opensslfeatures.h +++ b/src/lib/libcrypto/opensslfeatures.h @@ -86,7 +86,9 @@ /* #define OPENSSL_NO_RC4 */ #define OPENSSL_NO_RC5 /* #define OPENSSL_NO_RDRAND */ -/* #define OPENSSL_NO_RFC3779 */ +#ifndef LIBRESSL_CRYPTO_INTERNAL +#define OPENSSL_NO_RFC3779 /* XXX until we expose it */ +#endif /* #define OPENSSL_NO_RMD160 */ /* #define OPENSSL_NO_RSA */ /* #define OPENSSL_NO_SCRYPT */ diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h index 0a6d439310..cd53debd97 100644 --- a/src/lib/libcrypto/x509/x509v3.h +++ b/src/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.11 2021/12/24 02:41:35 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.12 2021/12/24 13:58:15 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -847,7 +847,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) -#if defined(LIBRESSL_INTERNAL) +#if defined(LIBRESSL_CRYPTO_INTERNAL) #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min; @@ -1036,8 +1036,8 @@ int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); -#endif /* OPENSSL_NO_RFC3779 */ -#endif +#endif /* !OPENSSL_NO_RFC3779 */ +#endif /* LIBRESSL_CRYPTO_INTERNAL */ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes -- cgit v1.2.3-55-g6feb