FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
#endif
-#if 0
- fprintf(stderr, "Called OPENSSL_init\n");
-#endif
}
return 0;
}
-#if 0 && defined(__sun) && defined(__SVR4)
-/*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
- */
-# include <malloc.h>
-# include <dlfcn.h>
-# include <libdevinfo.h>
-# include <sys/systeminfo.h>
-
-typedef di_node_t(*di_init_t) (const char *, uint_t);
-typedef void (*di_fini_t) (di_node_t);
-typedef char *(*di_node_name_t) (di_node_t);
-typedef int (*di_walk_node_t) (di_node_t, uint_t, di_node_name_t,
- int (*)(di_node_t, di_node_name_t));
-
-# define DLLINK(h,name) (name=(name##_t)dlsym((h),#name))
-
-static int walk_nodename(di_node_t node, di_node_name_t di_node_name)
-{
- char *name = (*di_node_name) (node);
-
- /* This is expected to catch all UltraSPARC flavors prior T1 */
- if (!strcmp(name, "SUNW,UltraSPARC") ||
- /* covers II,III,IV */
- !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-
- /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
- if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
- /* This is expected to catch remaining UltraSPARCs, such as T1 */
- else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
-
- return DI_WALK_CONTINUE;
-}
-
-void OPENSSL_cpuid_setup(void)
-{
- void *h;
- char *e, si[256];
- static int trigger = 0;
-
- if (trigger)
- return;
- trigger = 1;
-
- if ((e = getenv("OPENSSL_sparcv9cap"))) {
- OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
- return;
- }
-
- if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
- if (strcmp(si, "sun4v"))
- /* FPU is preferred for all CPUs, but US-T1/2 */
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
- }
-
- if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
- if (strstr(si, "+vis"))
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
- if (strstr(si, "+vis2")) {
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- return;
- }
- }
-# ifdef M_KEEP
- /*
- * Solaris libdevinfo.so.1 is effectively incomatible with
- * libmalloc.so.1. Specifically, if application is linked with
- * -lmalloc, it crashes upon startup with SIGSEGV in
- * free(3LIBMALLOC) called by di_fini. Prior call to
- * mallopt(M_KEEP,0) somehow helps... But not always...
- */
- if ((h = dlopen(NULL, RTLD_LAZY))) {
- union {
- void *p;
- int (*f) (int, int);
- } sym;
- if ((sym.p = dlsym(h, "mallopt")))
- (*sym.f) (M_KEEP, 0);
- dlclose(h);
- }
-# endif
- if ((h = dlopen("libdevinfo.so.1", RTLD_LAZY)))
- do {
- di_init_t di_init;
- di_fini_t di_fini;
- di_walk_node_t di_walk_node;
- di_node_name_t di_node_name;
- di_node_t root_node;
-
- if (!DLLINK(h, di_init))
- break;
- if (!DLLINK(h, di_fini))
- break;
- if (!DLLINK(h, di_walk_node))
- break;
- if (!DLLINK(h, di_node_name))
- break;
-
- if ((root_node = (*di_init) ("/", DINFOSUBTREE)) != DI_NODE_NIL) {
- (*di_walk_node) (root_node, DI_WALK_SIBFIRST,
- di_node_name, walk_nodename);
- (*di_fini) (root_node);
- }
- } while (0);
-
- if (h)
- dlclose(h);
-}
-
-#else
-
static sigjmp_buf common_jmp;
static void common_handler(int sig)
{
_sparcv9_vis3_probe();
OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
}
-# if 0 /* was planned at some point but never
- * implemented in hardware */
- if (sigsetjmp(common_jmp, 1) == 0) {
- (void)_sparcv9_random();
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
- }
-# endif
/*
* In wait for better solution _sparcv9_rdcfr is masked by
}
# endif
}
-
-#endif
return node->data->valid_policy;
}
-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-{
- if (node_critical(node))
- return 1;
- return 0;
-}
-#endif
-
STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
X509_POLICY_NODE
*node)
int explicit_policy;
int any_skip;
int map_skip;
+
*ptree = NULL;
n = sk_X509_num(certs);
-#if 0
- /* Disable policy mapping for now... */
- flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
if (flags & X509_V_FLAG_EXPLICIT_POLICY)
explicit_policy = 0;
else
for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
data = sk_X509_POLICY_DATA_value(cache->data, i);
- /*
- * If a node is mapped any it doesn't have a corresponding
- * CertificatePolicies entry. However such an identical node would
- * be created if anyPolicy matching is enabled because there would be
- * no match with the parent valid_policy_set. So we create link
- * because then it will have the mapping flags right and we can prune
- * it later.
- */
-#if 0
- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
- && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
- continue;
-#endif
/* Look for matching nodes in previous level */
if (!tree_link_matching_nodes(curr, data))
return 0;
X509_POLICY_TREE *tree)
{
int i;
- /*
- * X509_POLICY_DATA *data;
- */
X509_POLICY_NODE *node;
X509_POLICY_LEVEL *last = curr - 1;
if (!tree_link_unmatched(curr, cache, node, tree))
return 0;
-
-#if 0
-
- /*
- * Skip any node with any children: we only want unmathced nodes.
- * Note: need something better for policy mapping because each node
- * may have multiple children
- */
- if (node->nchild)
- continue;
-
- /*
- * Create a new node with qualifiers from anyPolicy and id from
- * unmatched node.
- */
- data = policy_data_new(NULL, node->data->valid_policy,
- node_critical(node));
-
- if (data == NULL)
- return 0;
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (!level_add_node(curr, data, node, tree)) {
- policy_data_free(data);
- return 0;
- }
-#endif
-
}
/* Finally add link to anyPolicy */
if (last->anyPolicy) {
*p = 0;
ntmp = strip_spaces(q);
q = p + 1;
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_NAME);
state = HDR_NAME;
*p = 0;
vtmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_VALUE);
if (state == HDR_VALUE) {
vtmp = strip_spaces(q);
-#if 0
- printf("%s=%s\n", ntmp, vtmp);
-#endif
if (!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_VALUE);
X509V3_add_value(ntmp, vtmp, &values);
} else {
ntmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
goto err;
ERR_print_errors_fp(stderr);
goto err;
}
-#if 0
+#ifdef ITERATE_CERTS
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
static int rsaref_destroy(ENGINE *e);
static int rsaref_init(ENGINE *e);
static int rsaref_finish(ENGINE *e);
-#if 0
-static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
-#endif
/*****************************************************************************
* Engine commands
# define ZEN_LIBRARY "zenbridge"
-# if 0
+# ifdef ZENCOD_TRACING
# define PERROR(s) perror(s)
# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
# else
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
-#if 0
- /*
- * Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
- * required the tag before any AAD or ciphertext
- */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
-#endif
/* Zero or more calls to specify any AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
/* Decrypt plaintext */
/* Output decrypted block */
printf("Plaintext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
- /*
- * Set expected tag value. Works in OpenSSL 1.0.1d and later
- * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG
- */
+ /* Set expected tag value. */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
/* Finalise: note get no output for GCM */
rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
-#if 0
+#ifdef ADD_CA_CONSTRAINT
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
X509_EXTENSION_free(ex);
#endif
-#ifdef CUSTOM_EXT
+#ifdef ADD_A_CUSTOM_EXTENSION
/* Maybe even add our own extension based on existing */
{
int nid;
projects / openssl / commitdiff