From ad5e494de953eda46a08c68ac6c8b14e710d2ec3 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 24 Dec 2021 13:58:15 +0000 Subject: [PATCH] Undo commenting of OPENSSL_NO_RFC3779 The define implies that we have the RFC 3779 API and corresponding symbols publicly exposed. We don't do that since there are still concerns about its suitability and security. oss-fuzz has code depending on this define and this broke its build as tracked down by jsing. This commit gets us oss-fuzz builds back while keeping job happy since the extension pretty printing will continue to work. ok jsing --- lib/libcrypto/opensslfeatures.h | 4 +++- lib/libcrypto/x509/x509v3.h | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/libcrypto/opensslfeatures.h b/lib/libcrypto/opensslfeatures.h index b6b19040034..fa23bcc715a 100644 --- a/lib/libcrypto/opensslfeatures.h +++ b/lib/libcrypto/opensslfeatures.h @@ -86,7 +86,9 @@ /* #define OPENSSL_NO_RC4 */ #define OPENSSL_NO_RC5 /* #define OPENSSL_NO_RDRAND */ -/* #define OPENSSL_NO_RFC3779 */ +#ifndef LIBRESSL_CRYPTO_INTERNAL +#define OPENSSL_NO_RFC3779 /* XXX until we expose it */ +#endif /* #define OPENSSL_NO_RMD160 */ /* #define OPENSSL_NO_RSA */ /* #define OPENSSL_NO_SCRYPT */ diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index 0a6d4393108..cd53debd97b 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.11 2021/12/24 02:41:35 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.12 2021/12/24 13:58:15 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -847,7 +847,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) -#if defined(LIBRESSL_INTERNAL) +#if defined(LIBRESSL_CRYPTO_INTERNAL) #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min; @@ -1036,8 +1036,8 @@ int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); -#endif /* OPENSSL_NO_RFC3779 */ -#endif +#endif /* !OPENSSL_NO_RFC3779 */ +#endif /* LIBRESSL_CRYPTO_INTERNAL */ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes -- 2.20.1