[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Feb 18 02:13:12 UTC 2016
The branch master has been updated
via e4ef2e25f11de9c3d729be15bef693a815c3dfe4 (commit)
from 4418e0302f471750e643079a753ab43a2eb164b8 (commit)
- Log -----------------------------------------------------------------
commit e4ef2e25f11de9c3d729be15bef693a815c3dfe4
Author: Rich Salz <rsalz at akamai.com>
Date: Wed Feb 10 11:10:39 2016 -0500
Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configurations/90-team.conf | 2 +-
Configure | 104 ++++++++++++++++----------------------------
crypto/des/str2key.c | 18 --------
doc/apps/cms.pod | 2 +-
doc/apps/smime.pod | 2 +-
doc/apps/x509.pod | 2 -
ssl/ssl_locl.h | 1 -
util/mk1mf.pl | 12 -----
8 files changed, 41 insertions(+), 102 deletions(-)
diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf
index 7dc5fda..2530945 100644
--- a/Configurations/90-team.conf
+++ b/Configurations/90-team.conf
@@ -65,7 +65,7 @@
},
"debug-linux-ia32-aes" => {
cc => "gcc",
- cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+ cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
thread_cflag => "-D_REENTRANT",
ex_libs => "-ldl",
bn_ops => "BN_LLONG",
diff --git a/Configure b/Configure
index 688735b..7e0882a 100755
--- a/Configure
+++ b/Configure
@@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
@@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
-my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
+my %disabled = ( # "what" => "comment"
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"md2" => "default",
@@ -340,7 +340,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"crypto-mdebug" => "default",
"heartbeats" => "default",
);
-my @experimental = ();
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
@@ -410,13 +409,9 @@ my @default_depdefines =
sort keys %disabled;
# Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
my @generated_headers = (
"include/openssl/opensslconf.h",
"crypto/include/internal/bn_conf.h"
@@ -435,7 +430,6 @@ my $user_cflags="";
my @user_defines=();
my $unified = 0;
$config{depdefines}=[];
-$config{openssl_experimental_defines}=[];
$config{openssl_api_defines}=[];
$config{openssl_algorithm_defines}=[];
$config{openssl_thread_defines}=[];
@@ -518,7 +512,7 @@ foreach (@argvcopy)
s /^zlib$/enable-zlib/;
s /^zlib-dynamic$/enable-zlib-dynamic/;
- if (/^(no|disable|enable|experimental)-(.+)$/)
+ if (/^(no|disable|enable)-(.+)$/)
{
my $word = $2;
if (!grep { $word =~ /^${_}$/ } @disablables)
@@ -529,52 +523,43 @@ foreach (@argvcopy)
}
if (/^no-(.+)$/ || /^disable-(.+)$/)
{
- if (!($disabled{$1} eq "experimental"))
- {
- foreach my $proto ((@tls, @dtls))
- {
- if ($1 eq "$proto-method")
- {
- $disabled{"$proto"} = "option($proto-method)";
- last;
- }
- }
- if ($1 eq "dtls")
- {
- foreach my $proto (@dtls)
- {
- $disabled{$proto} = "option(dtls)";
- }
- }
- elsif ($1 eq "ssl")
- {
- # Last one of its kind
- $disabled{"ssl3"} = "option(ssl)";
- }
- elsif ($1 eq "tls")
- {
- # XXX: Tests will fail if all SSL/TLS
- # protocols are disabled.
- foreach my $proto (@tls)
- {
- $disabled{$proto} = "option(tls)";
- }
- }
- else
- {
- $disabled{$1} = "option";
- }
- }
+ foreach my $proto ((@tls, @dtls))
+ {
+ if ($1 eq "$proto-method")
+ {
+ $disabled{"$proto"} = "option($proto-method)";
+ last;
+ }
+ }
+ if ($1 eq "dtls")
+ {
+ foreach my $proto (@dtls)
+ {
+ $disabled{$proto} = "option(dtls)";
+ }
+ }
+ elsif ($1 eq "ssl")
+ {
+ # Last one of its kind
+ $disabled{"ssl3"} = "option(ssl)";
+ }
+ elsif ($1 eq "tls")
+ {
+ # XXX: Tests will fail if all SSL/TLS
+ # protocols are disabled.
+ foreach my $proto (@tls)
+ {
+ $disabled{$proto} = "option(tls)";
+ }
+ }
+ else
+ {
+ $disabled{$1} = "option";
+ }
}
- elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+ elsif (/^enable-(.+)$/)
{
my $algo = $1;
- if ($disabled{$algo} eq "experimental")
- {
- die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
- unless (/^experimental-/);
- push @experimental, $algo;
- }
delete $disabled{$algo};
$threads = 1 if ($algo eq "threads");
@@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
print "\n";
}
-foreach (sort @experimental)
- {
- my $ALGO;
- ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
- # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
- push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
- }
-
print "Configuring for $target\n";
# Support for legacy targets having a name starting with 'debug-'
@@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-push @{$config{defines}},
- map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
- @{$config{openssl_experimental_defines}};
-
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index cd426c6..e671d14 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
}
#endif
DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if (DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
- DES_set_key(key, &ks);
-#else
DES_set_key_unchecked(key, &ks);
-#endif
DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
OPENSSL_cleanse(&ks, sizeof(ks));
DES_set_odd_parity(key);
@@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
#endif
DES_set_odd_parity(key1);
DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if (DES_is_weak_key(key1))
- (*key1)[7] ^= 0xF0;
- DES_set_key(key1, &ks);
-#else
DES_set_key_unchecked(key1, &ks);
-#endif
DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if (DES_is_weak_key(key2))
- (*key2)[7] ^= 0xF0;
- DES_set_key(key2, &ks);
-#else
DES_set_key_unchecked(key2, &ks);
-#endif
DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
OPENSSL_cleanse(&ks, sizeof(ks));
DES_set_odd_parity(key1);
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 7470fae..7a3505c 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
signer. This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
B<-sign> operation if the content is not detached.
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 62f1417..82f3ecc 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
signer. This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
B<-sign> operation if the content is not detached.
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a742fec..7efa4c1 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
=head2 TRUST SETTINGS
-Please note these options are currently experimental and may well change.
-
A B<trusted certificate> is an ordinary certificate which has several
additional pieces of information attached to it such as the permitted
and prohibited uses of the certificate and an "alias".
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 00136b3..4946cfa 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -863,7 +863,6 @@ struct ssl_ctx_st {
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
- /* (for experimental NPN extension). */
/*
* For a server, this contains a callback function by which the set of
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 085db5f..41aa0ec 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1481,18 +1481,6 @@ sub read_options
{return 1;}
return 0;
}
- # experimental-xxx is mostly like enable-xxx, but opensslconf.v
- # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
- # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
- elsif (/^experimental-/)
- {
- my $algo, $ALGO;
- ($algo = $_) =~ s/^experimental-//;
- ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
- $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-
- }
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
More information about the openssl-commits
mailing list